Condividi:        

aiutoooo... pc probabilmente infetto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 10:03

Ciao a tutti,

premetto che utilizzo come sistema operativo windows 8. Navigando su chrome, ad ogni click, mi si aprono un sacco di schede fra cui http://it.reimageplus.com/lp/sqh/index. ... 9823191251 , e mille altre, e voci femminili che mi suggeriscono "fare clic su aggiungere estensione per chiudere questa pagina" :lol: :lol: :aaah :aaah. Apprezzo molto che una donna mi parli con voce suadente, ma tutto ha un limite!
Inoltre spesso all'avvio di chrome mi si apre una finestra "logonui.exe"

Insomma mi sa che sono zeppo di virus, qualcuno mi dà una mano?? Grazieee
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Sponsor
 

Re: aiutoooo... pc probabilmente infetto

Postdi shel » 18/09/16 10:31

ciao fai subito questa scansione

scarica >>> http://general-changelog-team.fr/fr/dow ... adwcleaner

usa prima l'opzione ''scansione e dopo ''pulizia'' allega il report generato dopo il riavvio


ora fai questa scansione

scarica frst

mettilo sul desktop

n.b. Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

•Doppio click per avviarlo.
•Quando ti chiede di accettare le condizioni clicca su yes.
•Clicca sul pulsante SCAN
•Quando finito il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
•La prima volta che FRST sarà avviato verrà creato un altro log chiamato Addition.txt
•Allega entrambi i log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 15:54

Grazie mille!

Qui sotto ti allego il report di adwcleaner. E ora scarico frst

# AdwCleaner v6.020 - Creato file registro eventi 18/09/2016 in 15:36:57
# Aggiornato su 14/09/2016 da ToolsLib
# Database : 2016-09-17.1 [Server]
# Sistema operativo : Windows 8.1 (X64)
# Utente : Matteo - MATTEO
# In esecuzione da : C:\Users\Matteo\Downloads\adwcleaner_6.020.exe
# Modo: pulizia
# Supporto : https://toolslib.net/forum



***** [ Servizi ] *****



***** [ Cartelle ] *****

[-] Cartella eliminata: C:\ProgramData\452cc40200007f50
[-] Cartella eliminata: C:\ProgramData\{0b776eb4-5937-948e-0b77-76eb4593bad1}
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\EC6313F7-1424541209-E411-BAC3-F8A963DECF9D
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\globalUpdate
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\speed browser
[#] Cartella eliminata al riavvio: C:\Users\Matteo\AppData\Local\SweetLabs App Platform
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\Taplika
[-] Cartella eliminata: C:\Users\Matteo\AppData\Roaming\AnyProtectEx
[-] Cartella eliminata: C:\Users\Matteo\AppData\Roaming\OpenCandy
[-] Cartella eliminata: C:\Users\Matteo\AppData\Roaming\Solvusoft
[#] Cartella eliminata al riavvio: C:\Users\Matteo\AppData\Roaming\Taplika
[-] Cartella eliminata: C:\Users\Matteo\Documents\PC Speed Maximizer
[-] Cartella eliminata: C:\Program Files\Booking.com
[-] Cartella eliminata: C:\ZombieNews
[-] Cartella eliminata: C:\ProgramData\IHProtectUpDate
[-] Cartella eliminata: C:\ProgramData\NetEngine
[-] Cartella eliminata: C:\ProgramData\pokki
[#] Cartella eliminata al riavvio: C:\ProgramData\Pokki
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\IHProtectUpDate
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\NetEngine
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\pokki
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\Pokki
[-] Cartella eliminata: C:\Program Files (x86)\globalUpdate
[-] Cartella eliminata: C:\Program Files (x86)\PC Speed Maximizer
[-] Cartella eliminata: C:\Program Files (x86)\Stpro
[-] Cartella eliminata: C:\Program Files (x86)\Super Optimizer
[-] Cartella eliminata: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyProtectEx
[-] Cartella eliminata: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
[-] Cartella eliminata: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
[-] Cartella eliminata: C:\Users\Default User\AppData\Local\Pokki
[#] Cartella eliminata al riavvio: C:\Users\Default\AppData\Local\Pokki
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
[-] Cartella eliminata: C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdidplnlbafiijjfbomlfokdppebnhpc


***** [ File ] *****

[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File eliminato: C:\Windows\SysNative\roboot64.exe
[-] File eliminato: C:\END
[-] File eliminato: C:\Users\Public\Desktop\eBay.lnk
[-] File eliminato: C:\Users\Public\Desktop\Booking.com.lnk
[#] File eliminato: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[#] File eliminato: C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File eliminato: C:\Windows\patsearch.bin
[-] File eliminato: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\InternetEnhancer.exe.log
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\searchplugins\Taplika.xml
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\searchplugins\trovi.xml
[-] File eliminato: C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\searchplugins\Web Search.xml
[-] File eliminato: C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pdidplnlbafiijjfbomlfokdppebnhpc_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Collegamenti ] *****



***** [ Attività pianificate ] *****



***** [ Registro ] *****

[-] Chiave eliminata: HKLM\SOFTWARE\93271f4c-c1a1-4c60-aba1-0ba9c423e1cf
[-] Chiave eliminata: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
[#] Chiave eliminata al riavvio: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Classes\pokki
[#] Chiave eliminata al riavvio: HKCU\Software\Classes\pokki
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Classes\pokki
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Chiave eliminata: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Chiave eliminata: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Chiave eliminata: HKU\.DEFAULT\Software\AnyProtect
[-] Chiave eliminata: HKU\.DEFAULT\Software\Browser
[-] Chiave eliminata: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Chiave eliminata: HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Chiave eliminata: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Chiave eliminata: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Chiave eliminata: HKU\S-1-5-19\Software\Browser
[-] Chiave eliminata: HKU\S-1-5-20\Software\Browser
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\AnyProtect
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Browser
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\ClientConnect
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\GAMESDESKTOP
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\GlobalUpdate
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\InstallCore
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\InstalledBrowserExtensions
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Mozilla\Extends
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Softonic
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\SweetLabs App Platform
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Taplika Browser
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\TutoTag
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\AppDataLow\Software\Crossrider
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\AppDataLow\Software\DynConIE
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\AnyProtect
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\Browser
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Chiave eliminata al riavvio: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Chiave eliminata al riavvio: HKCU\Software\AnyProtect
[#] Chiave eliminata al riavvio: HKCU\Software\Browser
[#] Chiave eliminata al riavvio: HKCU\Software\ClientConnect
[#] Chiave eliminata al riavvio: HKCU\Software\GAMESDESKTOP
[#] Chiave eliminata al riavvio: HKCU\Software\GlobalUpdate
[#] Chiave eliminata al riavvio: HKCU\Software\InstallCore
[#] Chiave eliminata al riavvio: HKCU\Software\InstalledBrowserExtensions
[#] Chiave eliminata al riavvio: HKCU\Software\Mozilla\Extends
[#] Chiave eliminata al riavvio: HKCU\Software\Softonic
[-] Chiave eliminata: HKCU\Software\SweetLabs App Platform
[#] Chiave eliminata al riavvio: HKCU\Software\Taplika Browser
[#] Chiave eliminata al riavvio: HKCU\Software\TutoTag
[#] Chiave eliminata al riavvio: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Chiave eliminata al riavvio: HKCU\Software\AppDataLow\Software\Crossrider
[#] Chiave eliminata al riavvio: HKCU\Software\AppDataLow\Software\DynConIE
[-] Chiave eliminata: HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Chiave eliminata: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Chiave eliminata: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Chiave eliminata: HKLM\SOFTWARE\GlobalUpdate
[-] Chiave eliminata: HKLM\SOFTWARE\IHProtect
[-] Chiave eliminata: HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Chiave eliminata: HKLM\SOFTWARE\istartsurfSoftware
[-] Chiave eliminata: HKLM\SOFTWARE\SpeedBrowser
[-] Chiave eliminata: HKLM\SOFTWARE\SPPDCOM
[-] Chiave eliminata: HKLM\SOFTWARE\StrongSignal
[-] Chiave eliminata: HKLM\SOFTWARE\Tutorials
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\AnyProtect
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Browser
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\ClientConnect
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\GAMESDESKTOP
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\GlobalUpdate
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\InstallCore
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\InstalledBrowserExtensions
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Mozilla\Extends
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Softonic
[-] Chiave eliminata: [x64] HKCU\Software\SweetLabs App Platform
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Taplika Browser
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\TutoTag
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\AppDataLow\Software\DynConIE
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Dato ripristinato: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dato ripristinato: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Dato ripristinato: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dato ripristinato: HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Dato ripristinato: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dato ripristinato: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3F39A3E4-2E52-11E5-827F-F8A963DECF9D}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{94F3B6B7-02C4-11E5-8275-F8A963DECF9D}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BA06757-D11B-4E9C-BB86-499A414021B2}
[-] Chiave eliminata: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3F39A3E4-2E52-11E5-827F-F8A963DECF9D}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{94F3B6B7-02C4-11E5-8275-F8A963DECF9D}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BA06757-D11B-4E9C-BB86-499A414021B2}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3F39A3E4-2E52-11E5-827F-F8A963DECF9D}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{94F3B6B7-02C4-11E5-8275-F8A963DECF9D}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BA06757-D11B-4E9C-BB86-499A414021B2}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Chiave eliminata: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
[-] Chiave eliminata: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Chiave eliminata: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Chiave eliminata: HKCU\Software\Classes\Directory\shell\pokki
[-] Chiave eliminata: HKCU\Software\Classes\Drive\shell\pokki
[-] Chiave eliminata: HKCU\Software\Classes\lnkfile\shell\pokki
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Valore eliminato: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[-] Valore eliminato: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
[-] Valore eliminato: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
[-] Chiave eliminata: HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
[-] Chiave eliminata: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
[-] Chiave eliminata: HKCU\Software\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk
[-] Chiave eliminata: HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk
[-] Chiave eliminata: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk


***** [ Browser ] *****

[-] Preferenze Firefiox azzerate: "browser.search.hiddenOneOffs" - "Taplika,Amazon.it,Hoepli,Trovi"
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate:
[-] Preferenze Firefiox azzerate: "extensions.crossrider.bic" - "14c292cabd61d40bb8ecd4ae79ae068a"
[-] Preferenze Firefiox azzerate: "extensions.quick_start.enable_search1" - false
[-] Preferenze Firefiox azzerate: "extensions.quick_start.sd.closeWindowWithLastTab_prev_state" - false
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Eliminato: hxxp://homepage-web.com/?s=acer&m=start
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: elggllhppljlljkgfeokjpehmdamkejk
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: iblenkmcolcdonmlfknbpbgjebabcoae
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: lfkjojacgdjkninepeghaamnapdjmlfn
[-] [C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default] [homepage] Eliminato: hxxp://homepage-web.com/?s=acer&m=home


*************************

:: " tracciamento " chiavi eliminate
:: Impostazioni Winsock ripristinate

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [20464 Byte] - [18/09/2016 15:36:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [21440 Byte] - [18/09/2016 13:05:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20610 Byte] ##########
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 16:42

FRST.TXT PRIMA PARTE (l'ho dovuto dividere in due parti perché non mi ci sta il numero dei caratteri)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Matteo (administrator) on MATTEO (18-09-2016 17:18:15)
Running from C:\Users\Matteo\Desktop
Loaded Profiles: Matteo (Available Profiles: Matteo)
Platform: Windows 8.1 (Update) (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [gmsd_it_182] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25347616 2016-09-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Atheros Communications)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [BitTorrent] => C:\Users\Matteo\AppData\Roaming\BitTorrent\BitTorrent.exe [2142920 2016-09-11] (BitTorrent Inc.)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [Spotify Web Helper] => C:\Users\Matteo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-04] (Spotify Ltd)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-09-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [Spotify] => C:\Users\Matteo\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-09-04] (Spotify Ltd)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\MountPoints2: {471cba84-2e51-11e5-827f-f8a963decf9d} - "E:\setup.exe"
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-06-27] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65265;https=127.0.0.1:65265
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3432E17A-7A6A-45D3-923C-F73A70546AA0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60CF1041-178A-437A-9167-DDA493675405}: [DhcpNameServer] 192.168.1.1 85.18.200.200 89.97.140.140

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> No File
Toolbar: HKLM - No Name - {9eb324ca-1466-4907-8392-92c9f653a229} - No File
Toolbar: HKLM-x32 - No Name - {9eb324ca-1466-4907-8392-92c9f653a229} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-1583953125-3082570099-1052405021-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2016-02-15] (Torrents Time)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2012-03-06] (mozilla.org)
FF SearchPlugin: C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\searchplugins\google-avast.xml [2016-01-07]
FF Extension: (autoplugincheckerjetpack) - C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\Extensions\auto-plugin-checker@jetpack [2015-03-14] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF Extension: (firefoxbookmarkcheckereverhelperme) - C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\Extensions\firefoxbookmarkchecker@everhelper.me [2015-03-22] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: (e55904c8769b4ffe8d4748f411f37d22) - C:\Users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\34vhvyqp.default\Extensions\{e55904c8-769b-4ffe-8d47-48f411f37d22} [2015-03-04] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2012-03-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2012-03-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2012-03-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2012-03-06]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=om ... er=acer&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.homepage-web.com
CHR Profile: C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (Presentazioni Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Documenti Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Fogli Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Documenti offline) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Note) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpgpniofkehhmojbapakclijnfahpfgo [2016-09-02]
CHR Extension: (imamemhokkdleoelohnmkimbmpfglcil) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imamemhokkdleoelohnmkimbmpfglcil [2015-03-05]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-04-06] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-01] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-12] (Windows (R) Win 7 DDK provider)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-07-26] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-19] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 17:14 - 2016-09-18 17:18 - 00054483 _____ C:\Users\Matteo\Desktop\Addition.txt
2016-09-18 17:11 - 2016-09-18 17:18 - 00026540 _____ C:\Users\Matteo\Desktop\FRST.txt
2016-09-18 17:10 - 2016-09-18 17:18 - 00000000 ____D C:\FRST
2016-09-18 17:09 - 2016-09-18 17:09 - 02399232 _____ (Farbar) C:\Users\Matteo\Downloads\FRST64 (1).exe
2016-09-18 17:08 - 2016-09-18 17:08 - 02399232 _____ (Farbar) C:\Users\Matteo\Desktop\FRST64.exe
2016-09-18 12:58 - 2016-09-18 16:35 - 00000000 ____D C:\AdwCleaner
2016-09-18 12:58 - 2016-09-18 12:58 - 03861056 _____ C:\Users\Matteo\Downloads\adwcleaner_6.020.exe
2016-09-18 11:51 - 2016-09-18 11:52 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-09-17 11:04 - 2016-09-07 03:11 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-17 11:04 - 2016-09-07 03:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-15 21:28 - 2016-09-15 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-14 09:19 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 09:19 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 09:19 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 09:19 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 09:19 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 09:19 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 09:19 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 09:19 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 09:19 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 09:19 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 09:19 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 09:18 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 09:18 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 09:18 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 09:18 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 09:18 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 09:18 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 09:18 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 09:18 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 09:18 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 09:18 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 09:18 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 09:18 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 09:18 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 09:18 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 09:18 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 09:18 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 09:18 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 09:18 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 09:18 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 09:18 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 09:18 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 09:18 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 09:18 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 09:18 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 09:18 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 09:18 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 09:18 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 09:18 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 09:18 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 09:18 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 09:18 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 09:18 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-09-14 09:17 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 09:17 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 09:17 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 09:17 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 09:17 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 09:17 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 09:17 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 09:17 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 09:17 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 09:17 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 09:17 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 09:17 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 09:17 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 09:17 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 09:17 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 09:17 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 09:17 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 09:17 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 09:17 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 09:17 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 09:17 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 09:17 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 09:17 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 09:17 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 09:15 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 09:15 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 09:15 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 09:15 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 09:15 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 09:15 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 09:15 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 09:15 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 09:15 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 09:15 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 09:15 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 09:15 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 09:15 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 09:15 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 09:15 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 09:15 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 09:15 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 09:15 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 09:15 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 09:15 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 09:15 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 09:15 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 09:15 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 09:15 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-12 15:11 - 2016-09-12 15:11 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-12 15:05 - 2016-09-12 15:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-12 15:05 - 2016-09-12 15:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-12 15:05 - 2016-09-12 15:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-11 17:31 - 2016-09-11 17:32 - 00000022 _____ C:\Users\Matteo\Downloads\Narcos.s02e01.italiansubs.zip
2016-09-11 17:30 - 2016-09-11 17:30 - 00036005 _____ C:\Users\Matteo\Downloads\Narcos.s02e03.italiansubs.zip
2016-09-11 13:03 - 2016-09-11 13:03 - 00007334 _____ C:\Users\Matteo\Desktop\messaggio.odt
2016-09-07 22:38 - 2016-09-07 22:38 - 00000022 _____ C:\Users\Matteo\Downloads\Braindead.s01e09.italiansubs.zip
2016-09-06 21:44 - 2016-09-06 21:44 - 00023983 _____ C:\Users\Matteo\Downloads\Braindead.s01e08.italiansubs.zip
2016-09-05 05:47 - 2016-09-05 05:47 - 00165504 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-09-05 05:47 - 2016-09-05 05:47 - 00131712 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2016-09-04 19:20 - 2016-09-04 19:21 - 00001241 _____ C:\Users\Matteo\Downloads\escape.from.new.york.(1981).ita.1cd.(3167078).zip
2016-09-04 14:41 - 2016-09-03 20:50 - 953412431 ____R C:\Users\Matteo\Desktop\The.Purge.Election.Year.2016.HC.720p.HDRiP.900MB.ShAaNiG.mkv
2016-09-03 17:21 - 2016-09-03 17:21 - 00032099 _____ C:\Users\Matteo\Downloads\the.purge.anarchy.(2014).ita.1cd.(5875455) (1).zip
2016-09-03 17:20 - 2016-09-03 17:21 - 00001282 _____ C:\Users\Matteo\Downloads\the.purge.anarchy.(2014).ita.1cd.(5875455).zip
2016-09-03 14:45 - 2016-09-03 14:46 - 00001300 _____ C:\Users\Matteo\Downloads\the.purge.(2013).ita.1cd.(5103119).zip
2016-09-03 13:38 - 2016-09-03 16:56 - 01158656 _____ C:\Users\Matteo\Downloads\matteo amighetti luglio 2016.ppt
2016-09-02 21:45 - 2016-09-02 21:45 - 00000022 _____ C:\Users\Matteo\Downloads\Braindead.s01e07.italiansubs.zip
2016-09-02 19:44 - 2016-09-02 19:59 - 00000022 _____ C:\Users\Matteo\Downloads\the.shallows.(2016).ita.1cd.(6676978).zip
2016-09-02 18:53 - 2016-09-02 18:54 - 00000022 _____ C:\Users\Matteo\Downloads\kingdom.2014.s01e01.normale.e.720p.sub_.ita_.subsfactory.zip
2016-09-02 16:24 - 2016-09-02 16:25 - 00002900 _____ C:\Windows\system32\lic2.xml5141
2016-09-02 13:59 - 2016-09-02 13:59 - 00001275 _____ C:\Users\Matteo\Downloads\the.night.of.s01.e08.the.call.of.the.wild.(2016).eng.1cd.(6720975).zip
2016-09-02 12:14 - 2016-09-02 12:15 - 00000022 _____ C:\Users\Matteo\Downloads\The.Night.Of.s01e07.italiansubs.zip
2016-09-02 12:14 - 2016-09-02 12:14 - 00019345 _____ C:\Users\Matteo\Downloads\The.Night.Of.s01e06.italiansubs (1).zip
2016-09-01 23:49 - 2016-09-01 23:50 - 00019345 _____ C:\Users\Matteo\Downloads\The.Night.Of.s01e06.italiansubs.zip
2016-09-01 17:08 - 2016-09-01 17:08 - 00021916 _____ C:\Users\Matteo\Downloads\The.Night.Of.s01e05.italiansubs.zip
2016-09-01 15:16 - 2016-09-01 15:17 - 00000022 _____ C:\Users\Matteo\Downloads\The.Night.Of.s01e04.italiansubs.zip
2016-08-31 15:59 - 2016-08-31 15:59 - 00000022 _____ C:\Users\Matteo\Downloads\Braindead.s01e06.italiansubs.zip
2016-08-30 19:38 - 2016-06-10 20:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-08-30 19:38 - 2016-05-29 09:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-30 19:38 - 2016-05-28 20:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-30 19:38 - 2016-04-06 20:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-30 19:38 - 2016-04-06 18:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-30 19:37 - 2016-06-18 22:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-08-30 19:37 - 2016-06-18 22:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2016-08-30 19:37 - 2016-06-11 21:52 - 00379232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-30 19:37 - 2016-06-11 21:52 - 00057184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-08-30 19:37 - 2016-06-11 20:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2016-08-30 19:37 - 2016-06-11 18:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-30 19:37 - 2016-06-11 18:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-08-30 19:37 - 2016-06-11 18:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-08-30 19:37 - 2016-06-11 18:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-08-30 19:37 - 2016-06-11 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-30 19:37 - 2016-06-11 18:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-08-30 19:37 - 2016-06-11 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-08-30 19:37 - 2016-06-11 05:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-08-30 19:37 - 2016-06-11 05:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-08-30 19:37 - 2016-06-10 22:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-08-30 19:37 - 2016-06-10 20:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-30 19:37 - 2016-06-10 20:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-30 19:37 - 2016-06-10 20:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2016-08-30 19:37 - 2016-06-10 20:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2016-08-30 19:37 - 2016-06-10 20:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-08-30 19:37 - 2016-06-09 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-08-30 19:37 - 2016-06-04 02:38 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-30 19:37 - 2016-06-04 02:37 - 01970968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-30 19:37 - 2016-05-18 22:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-08-30 19:37 - 2016-05-18 22:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-08-30 19:37 - 2016-05-18 22:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-08-30 19:37 - 2016-05-14 22:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-30 19:37 - 2016-05-14 07:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-30 19:37 - 2016-05-14 01:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-08-30 19:37 - 2016-05-14 01:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-08-30 19:37 - 2016-05-14 00:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-30 19:37 - 2016-05-13 23:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-30 19:37 - 2016-05-13 23:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-30 19:37 - 2016-05-13 23:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-30 19:37 - 2016-05-13 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-30 19:37 - 2016-05-12 20:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-08-30 19:37 - 2016-05-12 19:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-08-30 19:37 - 2016-05-06 23:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-08-30 19:37 - 2016-05-06 19:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-08-30 19:37 - 2016-05-05 19:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-30 19:37 - 2016-05-05 19:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-30 19:37 - 2016-05-05 18:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-30 19:37 - 2016-05-05 18:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-30 19:37 - 2016-04-10 07:35 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-08-30 19:37 - 2016-04-10 00:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-08-30 19:37 - 2016-04-10 00:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-08-30 19:37 - 2016-04-10 00:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-08-30 19:37 - 2016-04-10 00:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-08-30 19:37 - 2016-04-09 23:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-08-30 19:37 - 2016-04-09 23:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-08-30 19:37 - 2016-04-09 23:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-08-30 19:37 - 2016-04-09 23:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2016-08-30 19:37 - 2016-04-07 18:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-08-30 19:37 - 2016-04-06 23:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-08-30 19:37 - 2016-04-06 20:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-30 19:37 - 2016-04-06 00:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-08-30 19:36 - 2016-06-11 19:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2016-08-30 19:36 - 2016-06-09 20:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-08-30 19:36 - 2016-06-07 20:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2016-08-30 19:36 - 2016-06-07 19:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2016-08-30 19:36 - 2016-05-18 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-08-30 19:36 - 2016-05-18 23:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-08-30 19:36 - 2016-05-18 22:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-08-30 19:36 - 2016-05-14 01:08 - 00032512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-08-30 19:36 - 2016-05-13 23:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-30 19:36 - 2016-05-13 23:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-30 19:36 - 2016-05-13 23:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-08-30 19:36 - 2016-05-13 23:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-30 19:36 - 2016-05-13 23:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-30 19:36 - 2016-05-13 23:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-30 19:36 - 2016-05-13 23:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-30 19:36 - 2016-05-05 18:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-30 19:36 - 2016-05-05 17:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-30 19:36 - 2016-05-05 17:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-30 19:36 - 2016-04-10 00:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-08-30 19:36 - 2016-04-09 23:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-08-30 19:36 - 2016-04-02 15:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-08-30 19:36 - 2016-04-01 19:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-08-30 19:36 - 2016-04-01 18:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-08-30 19:36 - 2016-04-01 18:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-08-30 19:36 - 2016-02-04 18:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-08-30 19:36 - 2016-02-04 18:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-08-30 19:36 - 2016-02-04 18:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-08-30 19:31 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-30 19:31 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-30 19:31 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-30 19:31 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-30 19:31 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-30 19:31 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-30 19:31 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-30 19:31 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-30 19:27 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-08-30 19:27 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-08-30 19:25 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-30 19:25 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-30 19:25 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-30 19:25 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-08-30 19:14 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-30 19:14 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-30 19:06 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-30 15:03 - 2016-08-30 15:03 - 00003338 _____ C:\Windows\System32\Tasks\abDocsDllLoader
2016-08-30 15:03 - 2016-08-30 15:03 - 00001929 _____ C:\Users\Public\Desktop\abDocs.lnk
2016-08-23 08:40 - 2016-07-29 15:52 - 00032474 _____ C:\Users\Matteo\Documents\appunti%20case%20report.odt_0.odt
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 16:44

FRST.TXT PARTE SECONDA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 17:09 - 2015-02-20 16:44 - 00000000 __RDO C:\Users\Matteo\OneDrive
2016-09-18 17:01 - 2016-02-01 00:55 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-18 16:42 - 2015-02-20 17:45 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 16:35 - 2016-02-01 01:04 - 00000000 ___RD C:\Users\Matteo\Dropbox
2016-09-18 16:35 - 2015-02-22 21:12 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-18 16:33 - 2016-02-01 00:55 - 00001118 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-18 16:33 - 2015-03-16 21:36 - 00004516 _____ C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.job
2016-09-18 16:33 - 2015-02-20 17:44 - 00001168 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 16:33 - 2014-09-02 10:34 - 03326943 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-09-18 16:33 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 15:40 - 2015-02-20 16:41 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1583953125-3082570099-1052405021-1001
2016-09-18 15:22 - 2015-02-21 18:49 - 00000000 ____D C:\Users\Matteo\AppData\Roaming\vlc
2016-09-18 14:05 - 2015-04-14 10:05 - 00000000 ____D C:\Users\Matteo\Desktop\TV SERIES
2016-09-18 11:52 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-09-18 08:26 - 2015-02-20 16:33 - 00000000 ____D C:\Users\Matteo\AppData\Local\SweetLabs App Platform
2016-09-17 16:46 - 2015-04-05 20:56 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 16:46 - 2015-04-05 20:56 - 00002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 11:03 - 2013-08-22 16:44 - 00372304 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-17 10:59 - 2016-02-03 21:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-17 10:59 - 2016-02-03 21:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-17 10:58 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-17 10:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-17 10:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-17 10:40 - 2015-03-04 20:29 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-17 10:40 - 2015-03-04 20:29 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 10:40 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-17 10:30 - 2016-07-10 12:45 - 00000000 ____D C:\Users\Matteo\AppData\LocalLow\BitTorrent
2016-09-17 10:30 - 2015-02-20 17:02 - 00000000 ____D C:\Users\Matteo\AppData\Roaming\BitTorrent
2016-09-16 21:39 - 2015-04-26 13:14 - 00000000 ____D C:\Users\Matteo\Desktop\MOVIES
2016-09-16 10:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-16 10:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-16 09:41 - 2016-02-03 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-16 00:29 - 2015-02-20 16:33 - 00000000 ____D C:\Users\Matteo
2016-09-16 00:16 - 2015-04-06 10:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-16 00:16 - 2015-02-20 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-15 21:30 - 2016-02-01 00:55 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-15 11:09 - 2015-06-16 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-14 08:37 - 2015-02-22 21:12 - 00003866 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 08:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-14 08:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 20:55 - 2014-09-02 10:28 - 00803564 _____ C:\Windows\system32\perfh010.dat
2016-09-13 20:55 - 2014-09-02 10:28 - 00156688 _____ C:\Windows\system32\perfc010.dat
2016-09-13 20:55 - 2014-03-18 12:03 - 01813012 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-13 18:42 - 2016-02-20 20:16 - 00000000 ____D C:\Users\Matteo\Downloads\FOTO
2016-09-11 13:03 - 2015-03-29 16:15 - 01643008 ___SH C:\Users\Matteo\Desktop\Thumbs.db
2016-09-04 14:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-09-04 14:38 - 2015-03-08 14:17 - 00000000 ____D C:\Users\Matteo\AppData\Roaming\Spotify
2016-09-04 14:38 - 2015-03-08 14:17 - 00000000 ____D C:\Users\Matteo\AppData\Local\Spotify
2016-09-04 13:00 - 2015-04-14 09:53 - 00000000 ____D C:\Users\Matteo\Desktop\Bad Shit
2016-09-03 14:03 - 2015-09-02 19:05 - 00000000 ____D C:\Users\Matteo\Desktop\CASE REPORT
2016-09-03 14:00 - 2016-02-03 22:23 - 00010151 _____ C:\Users\Matteo\Desktop\SKY GO.odt
2016-09-01 02:03 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-08-30 19:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-30 15:24 - 2014-07-25 23:21 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-08-30 15:19 - 2015-02-20 16:38 - 00000000 ____D C:\Users\Matteo\AppData\Local\clear.fi
2016-08-30 15:03 - 2014-07-25 23:20 - 00000000 ____D C:\Program Files (x86)\Acer
2016-08-23 08:53 - 2015-07-21 21:59 - 00003444 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2016-08-23 08:50 - 2014-07-25 23:57 - 00000000 ___HD C:\OEM

==================== Files in the root of some directories =======

2015-02-21 22:00 - 2015-03-08 12:48 - 0000126 _____ () C:\Users\Matteo\AppData\Roaming\WB.CFG
2016-02-15 20:56 - 2016-02-15 20:56 - 0008192 _____ () C:\Users\Matteo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-01 11:15 - 2015-03-01 11:15 - 0000010 _____ () C:\Users\Matteo\AppData\Local\DSI.DAT
2015-03-02 13:43 - 2015-03-02 13:43 - 0000000 _____ () C:\Users\Matteo\AppData\Local\{50C21EC2-E07C-4AA3-A7C2-4475625F2798}
2016-07-26 09:41 - 2016-07-26 09:41 - 0045335 _____ () C:\ProgramData\1469518871.bdinstall.bin
2016-07-26 10:04 - 2016-07-26 10:04 - 0209866 _____ () C:\ProgramData\1469519511.bdinstall.bin
2014-09-02 10:31 - 2014-09-02 10:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Matteo\AppData\Local\Temp\libeay32.dll
C:\Users\Matteo\AppData\Local\Temp\msvcr120.dll
C:\Users\Matteo\AppData\Local\Temp\oct9594.tmp.exe
C:\Users\Matteo\AppData\Local\Temp\oct9EDE.tmp.exe
C:\Users\Matteo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-09 22:02

==================== End of FRST.txt ============================
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 16:45

ADDITION.TXT


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by Matteo (18-09-2016 17:20:02)
Running from C:\Users\Matteo\Desktop
Windows 8.1 (Update) (X64) (2015-02-20 14:35:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1583953125-3082570099-1052405021-500 - Administrator - Disabled)
Guest (S-1-5-21-1583953125-3082570099-1052405021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1583953125-3082570099-1052405021-1003 - Limited - Enabled)
Matteo (S-1-5-21-1583953125-3082570099-1052405021-1001 - Administrator - Enabled) => C:\Users\Matteo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.11.2000 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E043161E-A691-B3C2-E60C-2FBBD8CFF720}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2000.2 - Acer Incorporated)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
BitTorrent (HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
Boardmaker version 5 (HKLM-x32\...\Boardmaker version 5) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 10.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Erickson - Giocare con le parole (HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Giocare con le parole) (Version: 1.0 - Edizioni Centro Studi Erickson)
Erickson - Memoria visiva (HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\Memoria visiva) (Version: 1.0 - Edizioni Centro Studi Erickson)
Football Manager 2016 (HKLM-x32\...\Steam App 378120) (Version: - SEGA)
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 it) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 it)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OEM Application Profile (HKLM-x32\...\{C01EB132-6707-740E-6ED9-EAC3943918DB}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9E41A772-875C-4468-B1BD-54B1B1125C8B}) (Version: 4.11.9775 - Apache Software Foundation)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21250 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Edit v3.0 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.0 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1014 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.9.1 - Torrents Time)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Widgit Communicate: SymWriter (x32 Version: 2.0.32.0 - Widgit Software) Hidden
Widgit English UK Speech Pack (x32 Version: 2.0.30.0 - Widgit Software) Hidden
Widgit Symboliser (x32 Version: 2.0.32.0 - Widgit Software) Hidden
Widgit SymWriter (UK) (HKLM-x32\...\{f2578085-b1d5-446d-a55a-4a1bf16519a3}) (Version: 2.0.32.0 - Widgit Software)
Widgit SymWriter Resources UK (x32 Version: 2.0.32.0 - Widgit Software) Hidden
Widgit Wordlist Manager (x32 Version: 5.0.32.0 - Widgit Software) Hidden
Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {18D6C818-EF11-4082-8C60-69AD8A4A9ED8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {1AE96BF8-69A9-4551-95B0-34A7B53C4724} - System32\Tasks\{17890950-220E-4E5B-BC49-A6CEB8AAEE19} => pcalua.exe -a "D:\Installer Files\BM Application\98 Addend Libs Archive.exe" -d "D:\Installer Files\BM Application"
Task: {2923779E-6EEB-48BE-A74D-8C074541E151} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {40FE37DD-AD85-4AB0-9A8F-AE0FEEFFF97C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-15] (Acer Incorporated)
Task: {5048D71E-827A-43CC-8EF3-11AF2132B064} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {52D41732-73CA-4C29-BDE3-10FADFA2AE6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5494CDCD-CBCB-40F8-8031-402B5A478AC6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-01] (Dropbox, Inc.)
Task: {68F132B0-2D08-4AC4-ACDE-48522B34942E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {6F0524B2-FD91-4186-B4A6-3B7FE5E43102} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {760BFC93-26B1-44DE-AEC2-FCEAC3C956BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {7CC3A020-2B4B-420B-B12D-B45BF4A1101B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {88099479-07B6-4177-A4B2-9745E3E05AD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {98ADC8DA-D824-478E-914F-2B2AD158F7F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {A3AD4866-8B87-48A3-B819-3EF2E225DFAB} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {AAA67BCF-B647-430F-8CB8-FF60E1E63D3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D98C2AA1-C9FC-4553-9BBD-1114AD95786D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-17] (Microsoft Corporation)
Task: {DC4482BB-F5C4-4F72-9574-5A1C998A04CD} - System32\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3 => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.exe <==== ATTENTION
Task: {DCF9F0E2-F755-49F1-9030-F6FE2B7EC5C5} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-06-27] (Acer)
Task: {DFDCAAB9-6B79-4179-9FC7-5B019105A536} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-01] (Dropbox, Inc.)
Task: {F69239AC-BF10-463C-8CAE-7FD508923AE7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-10_user.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5_user.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

==================== Loaded Modules (Whitelisted) ==============

2016-07-26 10:04 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-07-26 10:04 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-07-25 23:23 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-26 07:14 - 2014-02-26 07:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 07:11 - 2014-02-26 07:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 07:17 - 2014-02-26 07:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2016-05-28 16:03 - 2016-05-28 16:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\5062f8f84e45fee3a39c25e1f72b3461\Windows.UI.ni.dll
2012-08-31 20:28 - 2012-08-31 20:28 - 00005120 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MetroNotifications.dll
2016-05-28 16:03 - 2016-05-28 16:03 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\79e6f366f80b06b9eed6b8ac06f81969\Windows.Data.ni.dll
2016-05-28 16:03 - 2016-05-28 16:03 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2016-08-15 15:24 - 2016-08-15 15:24 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-02-21 22:32 - 2015-11-24 02:47 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
2016-09-15 21:26 - 2016-08-24 06:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-15 21:24 - 2016-08-24 06:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-15 21:24 - 2016-08-24 06:43 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-15 21:24 - 2016-08-24 06:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-15 21:26 - 2016-08-24 06:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-15 21:26 - 2016-08-24 06:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-15 21:26 - 2016-08-24 06:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-15 21:26 - 2016-08-24 06:43 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-15 21:24 - 2016-08-24 06:43 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-15 21:24 - 2016-08-24 06:45 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-09-15 21:26 - 2016-08-24 06:43 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-09-15 21:26 - 2016-08-24 06:44 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-15 21:24 - 2016-08-24 06:41 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-15 21:24 - 2016-09-12 15:11 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-15 21:24 - 2016-09-12 15:11 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-15 21:26 - 2016-08-24 06:43 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-09-15 21:26 - 2016-08-24 06:45 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-09-15 21:26 - 2016-09-12 15:11 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-15 21:24 - 2016-09-12 15:11 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2016-06-27 16:12 - 2016-06-27 16:12 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-06-27 16:12 - 2016-06-27 16:12 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-08-23 08:50 - 2016-08-23 08:50 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-15 14:36 - 2016-08-15 14:36 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-15 14:33 - 2016-08-15 14:33 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-17 16:46 - 2016-09-14 02:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 16:46 - 2016-09-14 02:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-18 08:53 - 2016-09-12 17:48 - 17754304 _____ () C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Matteo\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Matteo\Downloads\adwcleaner_6.020.exe:BDU [0]
AlternateDataStreams: C:\Users\Matteo\Downloads\FRST64 (1).exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-11-13 18:13 - 00000901 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0A20BDB2-3A22-4C8B-A174-0307ED73048D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6B04AB04-A2A8-4C44-AD62-DFBE5F7C8CCA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2EA69E2E-4249-4721-9591-66DB1CB31741}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{05FB242C-6370-4FB6-8BA6-BD7354BF5106}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{3F14814A-6654-4502-BAE3-2DB1FEF910BF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2589C329-AB2F-46F6-8E8D-9248B56CE344}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D6EF0449-6107-48A0-95A8-EF40668E33BC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F464C4BB-0BDC-43B9-BFC5-5E6583599744}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A887D22E-D816-4E22-9ED0-B28FE8F6AE12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D2E84BD2-3864-4F75-AE3D-5654C784A634}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CDEC16B4-5A4B-4D10-B875-ED613F33C6BC}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{210BB7BC-3848-4DF8-A6C2-B33FAF509F61}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3B8D4C5B-CEB1-4370-954A-645BB11CD6EE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4104441F-03B5-43F9-8363-15981CD4B06F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{EB7016CD-1F8B-4F11-AC40-C16752905B5C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4511E90D-0F78-4FFB-98E3-B0BD3388F731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F1715276-4C61-437D-9A65-01BD0A390049}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8DD0ED86-4059-434F-81B3-6902CA4C644F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{48AA1308-04FA-4E17-A223-C49505FF420A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7DEC0B89-AEDC-47F9-B4F0-1B9310BD0FBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{95DE2BF2-0907-42EB-B0A7-045B2E66E4FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D3F69499-AC3D-4CA7-BB13-2A91AE92251E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15606C6D-B1DE-49EB-91E5-F93BB10634C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DC8D0B9B-8ABD-46E8-847A-9FD200C72FCA}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{7693699A-51CB-4E22-9623-69FC6B9E2C09}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{CEB2FABD-D9C9-47FC-8604-7E296CC63F7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{12BD35E7-6476-4CDB-A687-9A35DE52197C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C08AE9B-E7A4-41B4-B243-7B42363D1A09}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{651E5799-8DB5-43A7-AD42-74B1971B05A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{36BED75B-5ED2-45BC-B482-0624964067A3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{95F8B744-6290-452C-A5EE-51702093A70D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{999CF2EC-2ABA-47F0-983E-3E39B93938D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{53BA57A5-B9FE-4248-9292-1A4EB5561DAA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E09C6011-9A3F-4400-A2AF-8CF60498E72A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3413684E-4E74-4B24-98DD-CA942AA69521}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{309796CD-001F-444F-B840-74EB523A80B7}] => (Allow) C:\Users\Matteo\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DE3B732A-02FE-411E-8E8C-5CD06E9D4863}] => (Allow) C:\Users\Matteo\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AF50624-2EF4-4463-99C5-83971F426741}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{98033E98-BD37-4D95-8BF2-DBC75F3D427F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00AC453A-2835-4D55-919E-0DA72801CB62}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7E875BDC-A03A-4857-8789-7A71C71839E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0FCD48B7-45D6-4C7F-BCCA-151ED16B8E33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48340368-6F9F-4ECB-8DF8-0ED3CBF91377}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADA07B2F-43AB-4103-AD97-B4A00C2F5BA8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{225E1494-8DDB-44C7-8BCF-4D0D28D730F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0F6A441A-D1BF-4AEB-B241-51E292B4E3CA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{318D1911-92E5-490D-9B87-BD2213774304}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4A9B27D2-3CC2-4C8E-97D7-7CF2B7F2EB2E}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{AB6DAE07-5709-4FCE-90C9-166EB194456C}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{A5730BDD-4C11-4A80-A095-D868CF04CF0B}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{1B0C0AC5-9DA8-4F86-949A-1A362ECB77D4}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{EC8662E8-3413-4AFA-ADEE-C0E4BDF981A7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1E9EC14F-39F5-4022-98A3-A57E018CB69E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E1189244-B199-4804-994E-B9A3FCF24B1C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5BA9FADC-4AFD-4290-A8D2-32413D3193FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{434806C8-C88C-47D7-873A-635A3C6E2F8F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F39A4D43-AE2B-4A1C-8FC6-C54426A80809}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{538905EB-F5C2-44D8-A4F6-0D3B58F7365C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8A256AC0-CC3B-49B5-8327-7EDB9D092470}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{F27710DE-164C-467D-8E77-2CFBD162A449}C:\users\matteo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matteo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C42B2D61-254C-4D4E-B38C-7E5983A7EE1A}C:\users\matteo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matteo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6A970F63-E0E5-48C8-BA75-0337FE57D63F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D57258FA-93BC-42A0-BC2D-83000F4EAD56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{9CED5DC2-0B78-45C8-85F5-769DADDF8EA1}C:\users\matteo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matteo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{904033A1-6485-4E3C-8BBC-C6379195DE00}C:\users\matteo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matteo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7EFB66E9-F489-4C1E-B207-3310650F8E57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2630E567-CFC8-4F08-803D-448DE4B0E7EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{37D8F68D-0AD3-4FBD-ABDD-0AF769FE1F1C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E4EFD859-0C0A-41C3-BCDC-EBC674611244}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4E72CBAE-56EB-47AF-8297-6D6A7B06ABD1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E56FF9DF-0035-42D6-A7D0-FC301F1BA487}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3E450F12-4276-4675-A39B-AEA5BA667BCA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B48B7FE7-04F7-4F1C-8A12-A0F457AF2BA4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1CFF41E3-6B72-427F-9346-DE5750861E97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{518D9C89-AB8C-4EF7-BF61-586ABEA4A90C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7332FED2-293F-4AC0-8433-ECBA5D74A9B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{30A2BF1B-E67C-431F-B2B2-493A55732532}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C5E9054A-7493-427E-B9F7-93EED2A08CB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{958183AF-0286-409F-877B-DBED3CE774DB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9D31EDD7-C32D-4710-A2E1-91762CDAA1CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E31E44F4-3C33-4DFC-A433-2DBEE295AAEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1CEE99F-6DDF-484D-A14C-844A96E09378}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B1608E8D-A781-487A-AEF3-105E15CC5DF8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17182305-0128-4C4B-AFF8-BD0D771DE3CE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2F152F98-41D6-4F71-A2D9-AA78EECB6A44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9C95691B-1096-4969-8579-FEA16F4B5A36}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{02A3939A-BE57-4AAB-AED1-B836E84DFED2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{727AC391-FECD-4CF5-8157-862FC115A94C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{C69B61E4-25E9-4686-B183-2686597478CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{BBB03840-0A87-4A66-BDDE-E27CDC308F2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{20B79141-8621-437B-81CB-EB582319CC6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{C2890666-08E1-416C-8270-84EEA8EF00E0}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{551358E4-DAEB-4CDF-8CB9-BCFA09D2F57F}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{18D3FDB1-19E8-485C-93F8-716AE69DE583}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{AC0529F8-5682-497F-B6FA-149A5C91FB08}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{ED6BDB3C-A6BD-46B1-8FD7-FEE6F3034978}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5D678722-2032-436A-B687-D23463B4B9BE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{857CA50C-C36E-48E9-AA1B-017BDF01A19D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{057D7261-2C36-4165-93D7-9E5826FD47BB}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{7A1C373A-0A78-4AEC-BCFA-1D8A08C31FD3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{6E2330A1-3926-4FAE-87E5-3C56A503A054}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{11800EF0-F9F8-4A4F-A570-9F578A0F5060}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{1B68C7E0-C088-49BB-99B9-AC473AC65072}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{BE0F9E76-B9F7-493E-837A-A851C3B353D6}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{20461A85-8140-450F-8226-DD3A9C6D3D28}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{27EBFA0C-2943-4AE8-AC0A-5A16B87609AD}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{F66F1E7E-A3D7-45A4-92DE-51337B3164BE}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{FC87379C-EFA0-4690-BE12-9AD4A0A362A4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{05B277D3-0041-4A14-BA24-FC131FE21EE3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{A919DDCE-606D-4C09-80E5-5209DA95053D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{54DF1B6A-F628-45CA-936F-95B1C87942F5}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{A794EF51-00D9-4D2F-B84F-2048F1442EED}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{418EE96C-F04B-49C8-8F81-9D71A09FEDC4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F4CE06D4-A1E6-4F24-A0B2-F34C52C0E5B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E90BAA7C-4610-48CA-B266-07AA11B4D9E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05703E6E-752E-4352-B672-11B4085FEFC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{006360D1-9256-4527-8839-90C4BC90F168}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5C9A7184-8C11-49A0-9006-8A99BD17C0C8}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D0F54A49-BAFB-45EA-A615-AF71A83064DD}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{E6AB3092-0B4E-4504-8E04-2637490AF3B8}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{DCD9DFF6-3708-4DF9-AA6D-7FFE751A4CA3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{7D538508-9D1D-4AA0-B7D6-16FE48E96F82}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{0942DA2D-322F-446F-840C-345C94AB2D60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-08-2016 19:09:03 Windows Update
09-09-2016 21:55:36 Punto di controllo pianificato
16-09-2016 09:28:13 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2016 10:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: wmplayer.exe, versione: 12.0.9600.17415, timestamp: 0x545046f0
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x71a72810
ID processo che ha generato l'errore: 0x13ec
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d1eb69c41fb03a
Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Percorso del modulo che ha generato l'errore: unknown
ID segnalazione: 0a0feb54-575d-11e6-82c2-3010b35d91cf
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (07/30/2016 04:10:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe". Errore nel file manifesto o dei criteri "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe", riga 0.
Sintassi XML non valida.

Error: (07/29/2016 04:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MATTEO)
Description: Attivazione dell'app Microsoft.SkypeApp_kzf8qxf38zg5c!App non riuscita con errore: -2144927142 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.

Error: (07/29/2016 04:58:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma wwahost.exe versione 6.3.9600.17415 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 3c0

Ora di avvio: 01d1e9a9a6191307

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\syswow64\wwahost.exe

ID segnalazione: f3ae7dc6-559c-11e6-82c2-3010b35d91cf

Nome completo pacchetto che ha generato l'errore: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (07/29/2016 04:58:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MATTEO)
Description: L'app Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c+App non è stata avviata nell'intervallo di tempo consentito.

Error: (07/27/2016 03:55:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Users\Matteo\Downloads\SoftonicDownloader_per_bittorrent(1).exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/27/2016 03:55:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Users\Matteo\Downloads\SoftonicDownloader_per_bittorrent.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/27/2016 03:55:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Users\Matteo\Downloads\SoftonicDownloader_per_apache-openoffice.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/27/2016 03:55:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Users\Matteo\Downloads\SoftonicDownloader_per_vlc-media-player.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/26/2016 07:12:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MATTEO)
Description: Attivazione dell'app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo non riuscita con errore: -2144927142 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.


System errors:
=============
Error: (09/18/2016 04:33:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio VBoxAsw Support Driver non è stato avviato per il seguente errore:
Impossibile trovare il percorso specificato.

Error: (09/18/2016 03:25:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.

Error: (09/18/2016 03:25:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio User Experience Improvement Program. Questo evento si è già verificato 1 volta(e).

Error: (09/18/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (09/18/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Quick Access RadioMgr Service. Questo evento si è già verificato 1 volta(e).

Error: (09/18/2016 03:25:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio ePower Service. Questo evento si è già verificato 1 volta(e).

Error: (09/18/2016 03:24:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Quick Access Service. Questo evento si è già verificato 1 volta(e).

Error: (09/18/2016 03:24:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (09/18/2016 03:24:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio TTService è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 5000 millisecondi: Riavvia il servizio.

Error: (09/18/2016 03:24:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Cyberlink RichVideo Service(CRVS). Questo evento si è già verificato 1 volta(e).


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 83%
Total physical RAM: 3288.23 MB
Available physical RAM: 534.1 MB
Total Virtual: 5592.23 MB
Available Virtual: 2207.89 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.6 GB) (Free:259.91 GB) NTFS
Drive d: (KRD10) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 943A9F71)

Partition: GPT.

==================== End of Addition.txt ============================
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi shel » 18/09/16 20:10

tu non sei infetto, sei super infetto :)

ora fai come ti dico senza sbagliare, mi raccomando - per primo scarica questo file zip
disconnetti il pc, estrai sul desktop dal file zip solo il file Hosts, selezionalo, tasto destro del mouse, copia, poi apri la cartella C:\Windows\System32\drivers\etc in un punto libero fai incolla, accetta la sostituzione del file hosts esistente, potrebbe darti errori non preoccuparti, riavvia il pc.

scarica questo file e mettilo sul desktop poi apri ill programma frst e clicca su fix, dopo le eliminazioni verra' rilasciato un file fixlog.txt, allegalo nel forum e fai sapere se il problema e' risolto
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 22:04

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by Matteo (18-09-2016 22:42:23) Run:1
Running from C:\Users\Matteo\Desktop
Loaded Profiles: Matteo (Available Profiles: Matteo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\...\MountPoints2: {471cba84-2e51-11e5-827f-f8a963decf9d} - "E:\setup.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583953125-3082570099-1052405021-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_sour ... default&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.homepage-web.com
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-10_user.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5_user.job => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.exe <==== ATTENTION
Task: {DC4482BB-F5C4-4F72-9574-5A1C998A04CD} - System32\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3 => C:\Program Files (x86)\PlusHD Cinema 2.1cV16.03\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.exe <==== ATTENTION
end
EmptyTemp:
Reboot:
*****************

"HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{471cba84-2e51-11e5-827f-f8a963decf9d}" => key removed successfully
HKCR\CLSID\{471cba84-2e51-11e5-827f-f8a963decf9d} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
"HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found.
"HKU\S-1-5-21-1583953125-3082570099-1052405021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found.
Chrome DefaultSearchKeyword => removed successfully
C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-10_user.job => moved successfully
C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3.job => moved successfully
C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5.job => moved successfully
C:\Windows\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-5_user.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC4482BB-F5C4-4F72-9574-5A1C998A04CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC4482BB-F5C4-4F72-9574-5A1C998A04CD}" => key removed successfully
C:\Windows\System32\Tasks\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c5fd8500-105a-4fd2-91f5-3b84eda9724d-3" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23261954 B
Java, Flash, Steam htmlcache => 40689079 B
Windows/system/drivers => 167381806 B
Edge => 0 B
Chrome => 590685930 B
Firefox => 378691803 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 736040 B
systemprofile32 => 128 B
LocalService => 842994 B
NetworkService => 0 B
Matteo => 279822588 B

RecycleBin => 12793220998 B
EmptyTemp: => 13.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:44:41 ====
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi polentaeosei » 18/09/16 22:12

Purtroppo il problema persiste: utilizzando chrome mi si aprono milioni di schede indesiderate, e poi la solita finestra: "L'applicazione logonui.exe usa grafica e/o 3D ma al momento no è associata a uno specifico processore grafico. Per selezionare un processore per l'applicazione fare clic su Configura"

Come faare? Ti prego non dirmi che non potrò csaricare gli amati pornazzi
polentaeosei
Utente Junior
 
Post: 17
Iscritto il: 20/11/08 16:53

Re: aiutoooo... pc probabilmente infetto

Postdi shel » 19/09/16 10:29

se vai su certi siti e' ovvio che ti infetti

scarica Junkware Removal Tool
clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt

rimuovi chrome poi pulisci il sistema con ccleaner registro compreso e reinstalla chrome da qui se dovessi avere ancora problemi dopo questi due passaggi fai una nuova scansione con Farbar Recovery Scan Tool e allega i due log

per favore non incollarli

per allegare i log vai qui = > http://wikisend.com/ e clicca su ''sfoglia''

seleziona il file di testo, clicca su ''apri'' e poi su ''upload file''

copia il primo link e incollalo nel forum
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56


Re: aiutoooo... pc probabilmente infetto

Postdi shel » 19/09/16 19:17

il log di frst e' bianco, dovresti ripetere la scansione e gia' che ci sei prima di avviarla spunta anche addition.txt

intanto volevo chiederti se hai rimosso e reinstallato chrome
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "aiutoooo... pc probabilmente infetto":

pc infetto
Autore: vermulen
Forum: Sicurezza e Privacy
Risposte: 9
Aiutoooo
Autore: Chiarairon
Forum: Forum off-topic
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 29 ospiti

cron