Condividi:        

Help! Malware

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Help! Malware

Postdi dadino1 » 27/10/17 13:13

Buon pomeriggio,
mi appello a voi perchè so che riuscirete a darmi delle risposte, e soprattutto quelle che cerco...
Da un po di tempo adwcleaner mi rileva questo malware:
PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS
il PC va bene, però volevo capire cos'è?
Grazia a chi risponderà! Dadino
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Sponsor
 

Re: Help! Malware

Postdi dany79 » 27/10/17 15:08

verifica se hai un programma installato chiamato DriverAgent Plus
se si disinstallalo.. ed elimina cio che ha trovato adwcleaner
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Help! Malware

Postdi dadino1 » 30/10/17 13:18

Il programma installato non c'è, ma io ricordo che lo installai, ma adesso è scomparso. Adwcleaner non me lo cancella...
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dany79 » 30/10/17 16:30

Ciao ,

Scarica frst da qui https://www.bleepingcomputer.com/downlo ... scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

Poi riapri frst,
tasto dx sopra eseguibile--apri come amministratore
una volta aperto copia e incolla nel box bianco:

DRVAGENT64.SYS

Clicca su search file
Posta il log search.txt

Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Help! Malware

Postdi dadino1 » 02/11/17 17:19

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by Scarfato (02-11-2017 17:00:22)
Running from C:\Users\Scarfato\Desktop
Windows 10 Pro Version 1709 16299.19 (X64) (2017-10-18 16:05:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4218426435-2780237930-1221081034-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4218426435-2780237930-1221081034-503 - Limited - Disabled)
Guest (S-1-5-21-4218426435-2780237930-1221081034-501 - Limited - Disabled)
Scarfato (S-1-5-21-4218426435-2780237930-1221081034-1001 - Administrator - Enabled) => C:\Users\Scarfato
WDAGUtilityAccount (S-1-5-21-4218426435-2780237930-1221081034-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adapter (HKLM-x32\...\{86085790-0A1A-4098-8CA9-579DB8F2771D}_is1) (Version: - Macroplant, LLC)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avira (HKLM-x32\...\{bd94e862-c44b-4f68-98ca-b35ddf9dbbfc}) (Version: 1.2.98.37213 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{D03EC4B7-E520-4A6F-974C-4F48533838EC}) (Version: 1.2.98.37213 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{43B2705B-4893-425B-A3F4-2B5E52869E32}) (Version: 2.0.4.43 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.2.1.6365 - Avira Operations GmbH & Co. KG)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CodeTwo QR Code Desktop Reader & Generator (HKLM-x32\...\{5E14DA6D-DBE0-4B58-A059-6B05658A9E52}) (Version: 1.1.1.17 - CodeTwo)
Componente aggiuntivo Microsoft Salvataggio in formato PDF o XPS per applicazioni di Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0410-0000-0000000FF1CE}) (Version: 12.0.4518.1018 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DLL-Files.com Client (HKLM-x32\...\DA71BA65-680A-4212-9150-6239217B53DC_DLL-Files.c~79141F26_is1) (Version: 2.3.0.4908 - DLL-Files.com Client)
Dropbox (HKLM-x32\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Glary Utilities 5.85 (HKLM-x32\...\Glary Utilities 5) (Version: 5.85.0.106 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 9 (64-bit) (HKLM\...\{DA69628A-2608-5BA9-8749-1EE90CB29D95}) (Version: 9.0.0.0 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 5.3 Help Pack (Italian) (HKLM-x32\...\{B1DDB69D-AF27-4041-9707-3732A9072977}) (Version: 5.3.0.3 - The Document Foundation)
Malwarebytes versione 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{312F7EE7-37D0-484D-B974-0CE1B8560C79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x64 it) (HKLM\...\Mozilla Firefox 55.0.3 (x64 it)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 57.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0 (x86 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nemesys 3.1.3 (HKLM-x32\...\Nemesys_is1) (Version: 3.1.3 - Fondazione Ugo Bordoni)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Raccolta foto (HKLM-x32\...\{86A1CEAD-EF47-47BB-AE79-DA8C09E15382}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8258 - Realtek Semiconductor Corp.)
Registry Finder 2.21.1 (HKLM\...\{CC3C7E59-8611-4542-8BFD-FFC6759AD0FB}_is1) (Version: 2.21.1 - Sergey Filippov)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\WhatsApp) (Version: 0.2.6426 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0726D6A0-1F2C-4CB4-BC74-C480F3E225C5} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {08533464-4AF0-4BA0-B8DC-46A7B75206EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {13B6BE4D-9B30-4175-BF00-CBFF52805A24} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {143D0DAC-C12D-4A9B-931D-A74DD8DA490B} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {2510DD49-3328-4D3B-B788-BF61F26B687C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-10-14] (Avira Operations GmbH & Co. KG)
Task: {2D00CF1E-3940-4AB2-8903-A721D4EBFA5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {30CE4750-D7E8-4E41-AC07-EEB2BFDC65B8} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe
Task: {35B184BB-1486-451C-9735-709725696D7A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-03-13] ()
Task: {38DDB81F-0641-4AA8-B95F-AE61D265ADC1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {4F1AE942-A58D-4C90-9873-66B31FB4F921} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5F6A9491-A9AD-4FC5-A388-EAEBC2B3D3D5} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-10-05] (Avira Operations GmbH & Co. KG )
Task: {6348EE79-5179-41E1-857A-11E151C1B73F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7E5512E0-F73D-46B3-AC57-F24EF066FAEE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {9861AEE4-7816-43EF-9CFA-5DA15BA69E56} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-10-05] (Avira Operations GmbH & Co. KG)
Task: {9F110861-AF52-4AD2-B2F6-DEFFB6F9A781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-14] (Google Inc.)
Task: {A0343095-613D-4EB7-B2CF-751DC27AB133} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {A3041CEB-7FB6-48A6-BC51-1B43063BE78D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {ABF573CC-1FE1-414A-BBC8-1DABDB7BF0B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B7B7589A-DCED-485F-96AB-62B9DFBE28A3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-11] (Dropbox, Inc.)
Task: {B81005CE-3F03-4C5A-BDA8-0668D6CC414E} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-10-05] (Avira Operations GmbH & Co. KG)
Task: {C294542E-BCC9-42AE-924D-B64771D02E56} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-09-28] (Glarysoft Ltd)
Task: {CB4ACA83-A5A3-4E21-A843-22365E10E20C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-11] (Dropbox, Inc.)
Task: {DA6245AE-2966-48EA-A680-D58A76688E0C} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-08-02] (Oracle Corporation)
Task: {E19B8BD0-0576-4CF3-9642-1AFD525235EF} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-08-02] (Oracle Corporation)
Task: {ED899AE0-C059-4C85-BEE9-D55810D4612B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-09-28] (Glarysoft Ltd)
Task: {F6B5B057-4740-4FE3-B56F-23DF31551AC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-14 11:36 - 2017-10-06 23:23 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-09-29 14:42 - 2017-09-30 15:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 14:42 - 2017-09-30 15:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-14 13:59 - 2017-09-14 14:00 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-10 12:00 - 2017-10-10 12:00 - 034988544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-10-10 12:00 - 2017-10-10 12:00 - 009214464 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 12:21 - 2017-08-23 12:21 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 10:56 - 2017-09-26 10:57 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-10 12:00 - 2017-10-10 12:00 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-09-26 21:01 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 21:01 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2017-10-13 13:17 - 2017-10-12 19:40 - 002141184 _____ () C:\Users\Scarfato\AppData\Local\WhatsApp\app-0.2.6426\ffmpeg.dll
2017-11-02 16:08 - 2017-11-02 16:08 - 000489984 _____ () \\?\C:\Users\Scarfato\AppData\Local\Temp\9FAF.tmp.node
2017-10-13 13:17 - 2017-10-12 19:40 - 002551808 _____ () C:\Users\Scarfato\AppData\Local\WhatsApp\app-0.2.6426\libglesv2.dll
2017-10-13 13:17 - 2017-10-12 19:40 - 000093184 _____ () C:\Users\Scarfato\AppData\Local\WhatsApp\app-0.2.6426\libegl.dll
2017-11-02 16:08 - 2017-11-02 16:08 - 000489984 _____ () \\?\C:\Users\Scarfato\AppData\Local\Temp\A2DC.tmp.node
2017-09-30 15:44 - 2017-09-30 15:44 - 015456768 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.21.2492.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-10-23 23:12 - 2015-12-28 12:49 - 000629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-09-28 04:31 - 2017-09-28 04:31 - 000087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2017-09-14 11:51 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0092331502407514mcinstcleanup => 2
HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{406C6545-590B-44C3-9CAC-5A7A4E53C5F4}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{77E5CDED-0096-4D28-B663-D9BAB4FD291C}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{A0829F91-C1B4-4B8C-BB33-812D618AE95E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{131EC98C-FF0F-4A64-9B97-382730686F2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90C260DB-88E0-4DBD-9711-D75934545080}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{80594660-5B83-4560-9C00-0F25ED0DE1B5}] => (Allow) LPort=1900
FirewallRules: [{904D875D-8349-4133-8255-F38E7387C669}] => (Allow) LPort=2869
FirewallRules: [{CAA9A9AB-558A-4359-96D6-412C0ADCCAF0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{427BD269-C3EE-447B-9759-0F4A4E448CA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{37CE10C7-C98C-41DE-B916-9EDE2A6A6F1A}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{9D082C3C-975D-47DB-BC75-80B79A2113FE}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{7ED74ABE-E94B-4540-9392-D6FE1AEEF6C9}] => (Allow) C:\Program Files (x86)\Nemesys\dist\login.exe
FirewallRules: [{58FA8C7F-25BE-4829-97A5-44DC5C059686}] => (Allow) C:\Program Files (x86)\Nemesys\dist\login.exe
FirewallRules: [{62B6B8BB-CE27-4997-A4C9-9DC29DFD06E4}] => (Allow) C:\Program Files (x86)\Nemesys\dist\login.exe
FirewallRules: [{487CC1B2-14D9-46A8-99F1-EA7988D5400E}] => (Allow) C:\Program Files (x86)\Nemesys\dist\login.exe
FirewallRules: [{36691A05-4C30-4555-8EE5-C952862D4E77}] => (Allow) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
FirewallRules: [UDP Query User{FF8CC6CA-2D9C-4629-8858-EFCB7AEF0761}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{F3F7B1FD-0C19-411C-8792-DF6752A33A7F}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{6FA2DF6E-1662-46D6-9C2D-5AE7800F7E72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{21DBDA2E-2C76-472E-BE2B-0E24D8AE5DB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7DD6618A-F75C-4E44-93CB-79F7A89D4A46}] => (Allow) LPort=1688
FirewallRules: [{4987BA51-964C-4231-AACD-BC2C6D8122CB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E599B771-385C-45B3-9146-43E62DE3A213}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B460F5CA-FC81-44BC-9B03-1CD5CD1E4FEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9FF4452E-2DC4-4696-9BE1-1F7E186EF348}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{998EE97D-AB41-4605-BCBB-04E016CB4588}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

27-10-2017 19:48:09 Punto di controllo pianificato

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2017 05:01:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2508
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f3c8af9f49
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: ad60d608-639f-47aa-b7f6-861c3f01afbe
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x10a0
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f305326e81
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 8c546c86-65bc-4e0c-ba2f-aebf2aeae64a
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:50:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2464
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f24989db61
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 096ca79d-4673-4c2a-9c97-5335212f4066
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:45:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2de4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f18cdf5f91
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: d636e66f-b747-40ab-b86a-84902f740cf4
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2a44
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f0c139a363
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 1f6bcd33-5e7e-4c79-b9f2-58c59d9d946e
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:34:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x1500
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353f005779aaf
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: d9c2139f-18ea-450e-ae79-6b74d97d57bd
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2aa4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353ef44b9f68c
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: eb03cd4a-648b-4525-80cc-59f0270ec535
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:23:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x1f38
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353ee911dbc5b
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 19519256-811f-4b0c-8ec6-0edbfd1f566c
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x1d74
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353edd50db58b
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: bd580afe-3c28-4e2c-8b14-093b3458a217
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/02/2017 04:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.3720.16299.15, timestamp: 0xf5c7b1f0
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.16299.15, timestamp: 0x493793ea
Codice eccezione: 0xc000000d
Offset errore 0x000000000010b2b0
ID processo che ha generato l'errore: 0x2fc0
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d353ed18edad61
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 82a8998b-de81-4898-9ec2-c308b591641d
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:


System errors:
=============
Error: (11/02/2017 05:01:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 54 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:56:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 53 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 52 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:45:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 51 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:40:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 50 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:34:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 49 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:29:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 48 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:23:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 47 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:18:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 46 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (11/02/2017 04:13:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 45 volta/e. Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.


CodeIntegrity:
===================================
Date: 2017-11-02 17:01:30.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 17:01:30.164
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dbgeng.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 17:01:30.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 17:01:30.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:56:03.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:56:03.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dbgeng.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:56:03.062
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:56:03.052
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:50:35.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-02 16:50:35.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dbgeng.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 69%
Total physical RAM: 3800.88 MB
Available physical RAM: 1152.26 MB
Total Virtual: 5976.88 MB
Available Virtual: 2194.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.81 GB) (Free:402.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3B31E7DD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=472 MB) - (Type=27)

==================== End of Addition.txt ============================
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dadino1 » 02/11/17 17:44

Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by Scarfato (02-11-2017 17:19:32)
Running from C:\Users\Scarfato\Desktop
Boot Mode: Normal

================== Search Files: "DRVAGENT64.SYS" =============

C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
[2017-10-19 16:06][2016-12-16 11:41] 000020872 _____ (Phoenix Technologies) 29CCFF428E5EB70AE429C3DA8968E1EC [File is digitally signed]


====== End of Search ======
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dadino1 » 02/11/17 17:45

Non riesco ad incollare il file FRST..
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dany79 » 03/11/17 12:10

Prova cosi:

posiziona frst sul desktop assieme al file fixlist.txt da scaricare da qui http://wikisend.com/download/519050/fixlist.txt
tasto dx sopra frst-->esegui come amministratore
clicca su FIX
attendi che finisca le operazioni e che il pc si riavvii (se non si riavvia fallo te manualmente)
posta il fixlog.txt (lo trovi sul desktop)

fa sapere se adwcleaner lo rileva piu....
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Help! Malware

Postdi dadino1 » 03/11/17 14:13

dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dadino1 » 03/11/17 14:17

Adware lo rileva ancora.
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dany79 » 03/11/17 14:24

postami il file Fixlog.txt...
Prova a ripetere la procedura in modalita provvisoria...
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Help! Malware

Postdi dadino1 » 03/11/17 23:43

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Scarfato (03-11-2017 23:20:08) Run:1
Running from C:\Users\Scarfato\Desktop
Loaded Profiles: Scarfato (Available Profiles: Scarfato)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Windows\SysWOW64\drivers\DrvAgent64.SYS

HOSTS:
CMD: ipconfig /flushdns
Removeproxy:
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\SysWOW64\drivers\DrvAgent64.SYS => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42519367 B
Java, Flash, Steam htmlcache => 568 B
Windows/system/drivers => 14513 B
Edge => 13 B
Chrome => 562899062 B
Firefox => 22934495 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 3786 B
Scarfato => 15242596 B

RecycleBin => 33670339 B
EmptyTemp: => 652.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-11-2017 23:26:04)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 23:26:06 ====
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20

Re: Help! Malware

Postdi dany79 » 07/11/17 09:25

Ciao
Quindi confermi che ancora adwcleaner lo rileva???

Se si...
riapri frst,
tasto dx sopra eseguibile--apri come amministratore
una volta aperto copia e incolla nel box bianco:

DRVAGENT64.SYS

Clicca su search file
Posta il log search.txt

Poi riapri frst,
tasto dx sopra eseguibile--apri come amministratore
una volta aperto copia e incolla nel box bianco:

DRVAGENT64.SYS

Clicca su search registry
Posta anche questo log search.txt

Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Help! Malware

Postdi dadino1 » 07/11/17 18:09

Ciao, tutto ok, non lo rileva più. Grazie mille.
dadino1
Utente Junior
 
Post: 13
Iscritto il: 27/10/17 12:20


Torna a Sicurezza e Privacy


Topic correlati a "Help! Malware":

MALWARE??
Autore: salvatorino31
Forum: Sicurezza e Privacy
Risposte: 4
MALWARE??
Autore: angelo90
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti