Virus? Help

[genio1]

Buonasera, mentre navigavo su internet mi è uscito un link della guardia di finanza, diceva che avrei dovuto pagare entro 12h dei soldi. E poi si è bloccato il pc. Ora mi esce una scritta: Operazione annullata a causa delle restrizioni impostate nel computer. Contattare l'amministratore di sistema"

Potete darmi una mano x capire cosa c'è che non va?

[dany79]

Ciao
il pc ti fa entrare fino al desktop???
riesci ad entrare in modalita provvisoria???

[genio1]

Si, riesco ad entrare anche in modalità provvisoria.

[dany79]

Ciao
in modalita normale entri???
In pratica arrivi a windows sul desktop e poi ti appare quel messaggio???
oppure quando apri il browser per entrare in internet??
fornisci piu info cosi capiamo meglio...grazie

Comunque intanto esegui questi software:

Malwarebyte antimalware scaricalo da qui https://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato

Poi scarica Malwarebyte Antirootkit da quihttps://it.malwarebytes.com/antirootkit/
Segui la guida fornita nel sito nella stessapagina del download
Posta il log generato

Infine ,esegui una scansione con roguekiller...
Scaricalo da qui...
http://www.adlice.com/download/roguekiller/
Segui questa guida per usare il programma
http://it.ccm.net/faq/3204-come-usare
Cancella solo le voci di colore rosso...
Posta il.report

Infine scarica frst daquihttps://www.bleepingcomputer.com/d ... scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile-->apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

ciao

[genio1]

SI, IL MESSAGGIO MI ARRIVA QUANDO APRO LE PAGINE INTERNET. USO GOOGLE CHROME.

[genio1]

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 30/11/17
Ora scansione: 14:29
File di log: 8c9aefca-d5d2-11e7-bf43-c86000e30d00.json
Amministratore: Sì

-Informazioni software-
Versione: 3.2.2.2018
Versione componenti: 1.0.212
Aggiorna versione pacchetto: 1.0.3381
Licenza: Free

-Informazioni sistema-
SO: Windows 10 (Build 16299.64)
CPU: x64
File system: NTFS
Utente: GENNARO\Scarfato

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 397077
Minacce rilevate: 0
(Nessun elemento nocivo rilevato)
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 14 min, 24 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)

[genio1]

RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.16299) 64 bits version
Iniziato in : Modalità Normale
Utente : Scarfato [Amministratore]
Iniziato da : C:\Program Files\RogueKiller\RogueKiller64.exe
Modalità : Scansione -- Data : 11/30/2017 18:48:20 (Durata : 00:57:32)
Conversioni : -refid

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 13 ¤¤¤
[PUP.DllFiles] (X86) HKEY_LOCAL_MACHINE\Software\DLL-Files.com -> Trovato
[PUP.DllFiles] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\DLL-Files.com -> Trovato
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\eSupport.com -> Trovato
[PUP.DllFiles] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\DLL-Files.com -> Trovato
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\eSupport.com -> Trovato
[PUP.DllFiles] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DLL-Files.com -> Trovato
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\eSupport.com -> Trovato
[PUP.DllFiles] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DLL-Files.com -> Trovato
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\eSupport.com -> Trovato
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trovato
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trovato
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trovato
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 8 ¤¤¤
[PUP.HackTool][Cartella] C:\ProgramData\KMSAutoS -> Trovato
[PUP.Gen0][Archivio] C:\Windows\SECOH-QAD.exe -> Trovato
[PUP.DllFiles][Cartella] C:\Users\Scarfato\AppData\Roaming\DLL-files.com -> Trovato
[PUP.Gen1][Cartella] C:\Users\Scarfato\AppData\Roaming\Easeware -> Trovato
[PUP.Gen1][Cartella] C:\Users\Scarfato\AppData\Local\eSupport.com -> Trovato
[PUP.HackTool][Cartella] C:\ProgramData\KMSAutoS -> Trovato
[PUP.Gen1][Cartella] C:\Program Files\Easeware -> Trovato
[PUP.HackTool][Cartella] C:\Program Files\KMSpico -> Trovato

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] c5a973c26cfca003fc78b1343c126a41
[BSP] e4b5924577f41733deca7dc45b8ec814 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 475964 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975802368 | Size: 472 MB
User = LL1 ... OK
User = LL2 ... OK

[genio1]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Scarfato (administrator) on GENNARO (30-11-2017 23:02:19)
Running from C:\Users\Scarfato\Desktop
Loaded Profiles: Scarfato & (Available Profiles: Scarfato)
Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9234280 2017-10-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [648728 2017-08-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2017-11-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [161336 2017-08-16] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-28] (Glarysoft Ltd)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [161336 2017-08-16] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-28] (Glarysoft Ltd)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [161336 2017-08-16] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-28] (Glarysoft Ltd)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
BootExecute: autocheck autochk *
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{52838035-a993-4093-a3e7-bfe8233f271c}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

Edge:
======
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2017-11-30]

FireFox:
========
FF DefaultProfile: uadpssrf.default
FF ProfilePath: C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default [2017-11-30]
FF Homepage: Mozilla\Firefox\Profiles\uadpssrf.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=it-it
FF Extension: (Sicurezza browser Avira) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\abs@avira.com.xpi [2017-11-17]
FF Extension: (Bing Search) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-03-26] [Lagacy]
FF Extension: (Flash Control) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2017-08-24] [Lagacy]
FF Extension: (Avira Password Manager) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\passwordmanager@avira.com.xpi [2017-11-17]
FF Extension: (Adblock Plus) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-17]
FF SearchPlugin: C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\searchplugins\bing-.xml [2017-03-26]
FF Plugin: @java.com/DTPlugin,version=12.0.0.0 -> C:\Program Files\Java\jre-9\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=12.0.0.0 -> C:\Program Files\Java\jre-9\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default [2017-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-21]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-21]
CHR Extension: (Chrome Media Router) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-11-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-11-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-11-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-11-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-11-27] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [387128 2017-08-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-11] (Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107008 2016-10-27] (Freemake) [File not signed]
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
S2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-30] (Microsoft Corporation)
S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-11-07] (Avira Operations GmbH & Co. KG)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-02-09] (The OpenVPN Project)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-07-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-07-04] (Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-06-23] (Glarysoft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-10-27] ()
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-21] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-08] (Malwarebytes)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-07-13] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-10-06] (Realtek )
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-08-17] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-30 23:02 - 2017-11-30 23:03 - 000019271 _____ C:\Users\Scarfato\Desktop\FRST.txt
2017-11-30 23:02 - 2017-11-30 23:02 - 000000000 ____D C:\Users\Scarfato\Desktop\FRST-OlderVersion
2017-11-30 19:50 - 2017-11-30 19:50 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\74664B30.sys
2017-11-30 19:41 - 2017-11-30 23:02 - 002391552 _____ (Farbar) C:\Users\Scarfato\Desktop\FRST64.exe
2017-11-30 19:41 - 2017-11-30 19:41 - 002391552 _____ (Farbar) C:\Users\Scarfato\Downloads\FRST64.exe
2017-11-30 19:26 - 2017-11-30 16:47 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Scarfato\Desktop\mbar-1.10.3.1001.exe
2017-11-30 19:23 - 2017-11-30 19:23 - 000001430 _____ C:\Users\Scarfato\Desktop\Report.txt
2017-11-30 18:48 - 2017-11-30 20:24 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-30 18:47 - 2017-11-30 22:58 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-30 18:47 - 2017-11-30 19:47 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-30 18:47 - 2017-11-30 18:47 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-30 18:47 - 2017-11-30 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-30 18:46 - 2017-11-30 18:46 - 036146872 _____ (Adlice Software ) C:\Users\Scarfato\Downloads\RogueKiller_setup_ref3.exe
2017-11-30 18:46 - 2017-11-30 18:46 - 036146872 _____ (Adlice Software ) C:\Users\Scarfato\Desktop\RogueKiller_setup_ref3.exe
2017-11-30 16:47 - 2017-11-30 20:23 - 000000000 ____D C:\Users\Scarfato\Desktop\mbar
2017-11-30 16:47 - 2017-11-30 16:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\41473282.sys
2017-11-30 16:46 - 2017-11-30 16:47 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Scarfato\Downloads\mbar-1.10.3.1001.exe
2017-11-30 15:08 - 2017-11-30 15:11 - 000339928 _____ C:\TDSSKiller.3.1.0.15_30.11.2017_15.08.45_log.txt
2017-11-30 15:07 - 2017-11-30 15:08 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Scarfato\Downloads\tdsskiller.exe
2017-11-30 14:15 - 2017-11-30 14:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-29 21:42 - 2017-11-29 21:43 - 000056243 _____ C:\Users\Scarfato\Desktop\Addition.txt
2017-11-29 15:45 - 2017-11-29 15:45 - 000221662 _____ C:\Users\Scarfato\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-11-28 19:33 - 2017-11-30 14:13 - 000000000 ____D C:\WINDOWS\pss
2017-11-28 18:06 - 2017-11-28 18:06 - 000000000 _____ C:\autoexec.bat
2017-11-28 18:05 - 2017-11-28 18:05 - 000000000 ____D C:\Program Files\Enigma Software Group
2017-11-28 17:21 - 2017-11-28 17:21 - 001354964 _____ C:\Users\Scarfato\Downloads\Microsoft Toolkit Final pass 123456.rar
2017-11-28 15:00 - 2017-11-28 15:00 - 000135872 _____ C:\Users\Scarfato\Desktop\Diario di Assunzione del farmaco 31 gg.pdf
2017-11-22 15:15 - 2017-11-22 15:25 - 000000000 ____D C:\Users\Scarfato\Desktop\DiscoveryTool
2017-11-22 15:15 - 2017-11-22 15:15 - 012158199 _____ C:\Users\Scarfato\Downloads\SA00086_Windows.zip
2017-11-22 15:15 - 2017-11-16 10:22 - 000000000 ____D C:\Users\Scarfato\Desktop\DiscoveryTool.GUI
2017-11-22 15:15 - 2017-11-16 10:00 - 000000000 ____D C:\Users\Scarfato\Desktop\DiscoveryTool.AppPackage
2017-11-20 14:41 - 2017-11-20 14:41 - 000000913 _____ C:\Users\Public\Desktop\Luminance HDR.lnk
2017-11-20 14:17 - 2017-11-20 14:17 - 000452246 _____ C:\Users\Scarfato\Downloads\Esito_65.pdf
2017-11-20 14:17 - 2017-11-20 14:17 - 000134945 _____ C:\Users\Scarfato\Downloads\Esito_54.pdf
2017-11-20 14:16 - 2017-11-20 14:16 - 000441969 _____ C:\Users\Scarfato\Downloads\Esito_66.pdf
2017-11-20 13:05 - 2017-11-20 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminance HDR
2017-11-20 13:05 - 2017-11-20 14:41 - 000000000 ____D C:\Program Files\Luminance HDR
2017-11-20 13:05 - 2017-11-20 13:06 - 000000000 ____D C:\Users\Scarfato\LuminanceHDR
2017-11-20 13:04 - 2017-11-20 13:03 - 050288999 _____ (Luminance HDR Dev Team ) C:\Users\Scarfato\Desktop\Luminance-HDR-x64-SETUP-v2.5.1.exe
2017-11-20 13:03 - 2017-11-20 13:03 - 050288999 _____ (Luminance HDR Dev Team ) C:\Users\Scarfato\Downloads\Luminance-HDR-x64-SETUP-v2.5.1.exe
2017-11-17 15:17 - 2017-11-17 15:17 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
2017-11-17 13:56 - 2017-11-17 13:56 - 000000072 ___SH C:\bootTel.dat
2017-11-16 13:22 - 2017-11-16 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-16 13:21 - 2017-11-16 13:21 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk
2017-11-15 13:09 - 2017-11-15 13:09 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-11-15 09:58 - 2017-10-25 10:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-15 09:58 - 2017-10-25 10:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-15 09:58 - 2017-10-25 10:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-15 09:58 - 2017-10-25 09:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-15 09:58 - 2017-10-25 09:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-15 09:58 - 2017-10-25 09:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-15 09:58 - 2017-10-25 07:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-15 09:58 - 2017-10-25 05:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-15 09:58 - 2017-10-25 05:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 09:58 - 2017-10-25 05:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 09:58 - 2017-10-25 05:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-15 09:58 - 2017-10-25 05:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-15 09:58 - 2017-10-25 05:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 09:58 - 2017-10-25 05:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-15 09:58 - 2017-10-25 05:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-15 09:58 - 2017-10-25 05:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 09:58 - 2017-10-25 05:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 09:58 - 2017-10-25 05:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 09:58 - 2017-10-25 05:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-15 09:58 - 2017-10-25 05:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 09:58 - 2017-10-25 05:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-15 09:58 - 2017-10-25 05:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 09:58 - 2017-10-25 05:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 09:58 - 2017-10-25 05:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-15 09:58 - 2017-10-25 05:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-15 09:58 - 2017-10-25 05:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-15 09:58 - 2017-10-25 05:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-15 09:58 - 2017-10-25 05:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-15 09:58 - 2017-10-25 05:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-15 09:58 - 2017-10-25 05:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-15 09:58 - 2017-10-25 05:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-15 09:58 - 2017-10-25 05:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-15 09:58 - 2017-10-25 05:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 09:58 - 2017-10-25 05:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-15 09:58 - 2017-10-25 05:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-15 09:58 - 2017-10-25 05:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-15 09:58 - 2017-10-25 05:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-15 09:58 - 2017-10-25 05:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-15 09:58 - 2017-10-25 04:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-15 09:58 - 2017-10-25 04:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 09:58 - 2017-10-25 04:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 09:58 - 2017-10-25 04:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-15 09:58 - 2017-10-25 04:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-15 09:58 - 2017-10-25 04:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-15 09:58 - 2017-10-25 04:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-15 09:58 - 2017-10-25 04:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-15 09:58 - 2017-10-25 04:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-15 09:58 - 2017-10-25 04:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-15 09:58 - 2017-10-25 04:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-15 09:58 - 2017-10-25 04:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-15 09:58 - 2017-10-25 04:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 09:58 - 2017-10-25 04:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-15 09:58 - 2017-10-25 04:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 09:58 - 2017-10-25 04:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-15 09:58 - 2017-10-25 04:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-15 09:58 - 2017-10-25 04:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-15 09:58 - 2017-10-25 04:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-15 09:58 - 2017-10-25 04:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-15 09:58 - 2017-10-25 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-15 09:58 - 2017-10-25 04:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-15 09:58 - 2017-10-25 04:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 09:58 - 2017-10-25 04:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-15 09:58 - 2017-10-25 04:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-15 09:58 - 2017-10-25 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 09:58 - 2017-10-25 04:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 09:58 - 2017-10-25 04:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-15 09:58 - 2017-10-25 04:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-15 09:58 - 2017-10-25 04:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 09:58 - 2017-10-25 04:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-15 09:58 - 2017-10-25 04:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-15 09:58 - 2017-10-25 04:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 09:58 - 2017-10-25 04:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-15 09:58 - 2017-10-25 04:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 09:58 - 2017-10-25 04:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 09:58 - 2017-10-25 04:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 09:58 - 2017-10-25 04:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-15 09:58 - 2017-10-25 04:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-15 09:58 - 2017-10-25 04:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 09:58 - 2017-10-25 04:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-15 09:58 - 2017-10-25 04:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 09:58 - 2017-10-25 04:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-15 09:58 - 2017-10-25 04:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-15 09:58 - 2017-10-25 04:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-15 09:58 - 2017-10-25 04:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 09:58 - 2017-10-25 04:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 09:58 - 2017-10-25 04:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 09:58 - 2017-10-25 04:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-15 09:58 - 2017-10-25 04:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 09:58 - 2017-10-25 04:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-15 09:58 - 2017-10-25 04:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-15 09:58 - 2017-10-25 04:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 09:58 - 2017-10-25 04:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 09:58 - 2017-10-25 04:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 09:58 - 2017-10-25 03:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 09:58 - 2017-10-25 03:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 09:58 - 2017-10-25 03:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-15 09:58 - 2017-10-25 03:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-15 09:58 - 2017-10-25 03:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-15 09:58 - 2017-10-25 03:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 09:58 - 2017-10-25 03:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-15 09:58 - 2017-10-25 03:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-15 09:58 - 2017-10-21 13:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-15 09:58 - 2017-10-20 15:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-15 09:58 - 2017-10-20 06:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 13:05 - 2017-11-30 14:45 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-11-13 15:12 - 2017-11-13 15:12 - 000002217 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2017-11-13 15:12 - 2017-11-13 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-11-13 15:12 - 2017-11-13 15:12 - 000000000 ____D C:\Program Files (x86)\Browny02
2017-11-13 15:12 - 2017-11-13 15:12 - 000000000 ____D C:\Program Files (x86)\Brother
2017-11-13 15:12 - 2017-11-13 15:12 - 000000000 ____D C:\Brother
2017-11-13 15:12 - 2010-08-02 20:57 - 000217088 ____N (brother) C:\WINDOWS\SysWOW64\NSSearch.dll
2017-11-13 15:12 - 2010-03-15 19:56 - 000002560 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2S.dll
2017-11-13 15:12 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2.dll
2017-11-13 15:12 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2L.dll
2017-11-13 11:26 - 2017-11-13 11:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-13 11:26 - 2017-11-13 11:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-13 11:26 - 2017-11-13 11:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-13 11:26 - 2017-11-13 11:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-11-13 01:17 - 2017-11-13 01:17 - 000000000 ____D C:\Users\Scarfato\Desktop\Y10D_C1-gdi-64-win8-109
2017-11-13 01:13 - 2017-11-13 01:13 - 000000000 ____D C:\Users\Scarfato\Desktop\rempnp
2017-11-13 01:11 - 2017-11-13 01:12 - 000000000 ____D C:\Users\Scarfato\Downloads\rempnp
2017-11-11 16:08 - 2017-11-11 16:08 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MIView
2017-11-11 16:08 - 2017-11-11 16:08 - 000000000 ____D C:\Program Files\MIView
2017-11-09 00:53 - 2017-11-09 00:55 - 000000000 ____D C:\Users\Scarfato\Desktop\FATTURE MEDIASET
2017-11-07 17:56 - 2017-11-07 18:09 - 000000251 _____ C:\Users\Scarfato\Desktop\Search.txt
2017-11-07 17:18 - 2017-11-08 15:21 - 000001317 _____ C:\Users\Scarfato\Desktop\Dropbox.lnk
2017-11-07 12:11 - 2017-11-07 12:11 - 000002459 _____ C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 14:54 - 2017-11-06 14:54 - 000076491 _____ C:\Users\Scarfato\Desktop\Modello_acquisto_sus_Inform_Iva_agev.pdf
2017-11-03 14:03 - 2017-11-03 14:03 - 008261584 _____ (Malwarebytes) C:\Users\Scarfato\Desktop\AdwCleaner.exe
2017-11-02 20:29 - 2017-11-02 20:29 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Avira Operations Gmbh & Co. KG
2017-11-02 20:28 - 2017-11-02 20:28 - 000003660 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2017-11-02 20:28 - 2017-11-02 20:28 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Avira_Operations_Gmbh_&_C

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-30 23:02 - 2017-10-26 00:29 - 000000000 ____D C:\FRST
2017-11-30 22:56 - 2017-10-18 16:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-30 20:23 - 2017-09-14 11:36 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-11-30 20:22 - 2017-10-26 00:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-30 19:53 - 2017-09-26 15:48 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\WhatsApp
2017-11-30 15:18 - 2017-09-15 13:12 - 000000000 ____D C:\AdwCleaner
2017-11-30 15:10 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-30 14:58 - 2016-11-29 19:43 - 000000000 ____D C:\Users\Scarfato\AppData\LocalLow\Mozilla
2017-11-30 14:53 - 2017-07-30 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-11-30 14:46 - 2017-06-18 23:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 14:27 - 2017-06-23 11:44 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-11-30 14:23 - 2017-10-18 17:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-30 14:23 - 2016-10-10 17:05 - 000000000 __SHD C:\Users\Scarfato\IntelGraphicsProfiles
2017-11-30 14:22 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-30 14:05 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-30 14:05 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-30 14:04 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-30 13:55 - 2017-10-18 16:42 - 000000000 ____D C:\Users\Scarfato
2017-11-30 13:34 - 2017-09-13 13:37 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\ProductData
2017-11-30 13:34 - 2017-03-02 01:12 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-30 13:34 - 2016-10-11 16:19 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\vlc
2017-11-30 13:34 - 2015-10-30 08:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-30 13:19 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\registration
2017-11-30 13:19 - 2016-11-02 23:44 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Mozilla
2017-11-30 13:19 - 2016-10-11 10:18 - 000000000 __RHD C:\MSOCache
2017-11-29 15:47 - 2016-10-29 16:59 - 000000000 ____D C:\Users\Scarfato\AppData\Local\ElevatedDiagnostics
2017-11-29 15:30 - 2017-10-14 14:07 - 000000000 ___HD C:\Users\Scarfato\Desktop\Foto
2017-11-28 15:06 - 2017-10-18 16:43 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Packages
2017-11-26 21:55 - 2017-09-21 14:50 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\.minecraft
2017-11-24 20:26 - 2017-10-18 17:00 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{06D580FE-19D8-4555-BF1F-8B36352CCB16}
2017-11-21 10:52 - 2017-01-28 21:03 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-18 19:11 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-17 20:59 - 2017-08-23 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-17 20:59 - 2016-10-11 10:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-17 20:51 - 2017-08-23 12:00 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 00:01 - 2017-10-18 17:00 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 17:29 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-16 13:22 - 2016-10-11 20:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-15 21:09 - 2017-10-18 16:38 - 000391520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 21:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 21:06 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 20:54 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 13:13 - 2016-10-11 10:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-11-15 13:08 - 2015-10-30 08:24 - 000000167 _____ C:\WINDOWS\win.ini
2017-11-14 23:17 - 2016-10-11 21:12 - 000000000 ___RD C:\Users\Scarfato\Dropbox
2017-11-14 23:07 - 2017-09-14 14:57 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 23:07 - 2017-09-14 14:57 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-14 18:35 - 2017-10-18 17:00 - 000004738 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 18:35 - 2017-10-18 17:00 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 18:35 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 18:35 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 18:00 - 2017-10-18 17:00 - 000003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 18:00 - 2017-10-18 17:00 - 000003544 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 13:05 - 2017-10-18 17:00 - 000003768 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2017-11-14 13:05 - 2017-07-30 12:21 - 000000000 ____D C:\Program Files (x86)\Avira
2017-11-13 15:12 - 2017-08-07 16:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-13 01:14 - 2017-06-27 16:58 - 000000000 ____D C:\ProgramData\Brother
2017-11-09 14:21 - 2017-09-26 15:48 - 000002317 _____ C:\Users\Scarfato\Desktop\WhatsApp.lnk
2017-11-09 14:21 - 2017-09-26 15:48 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-11-09 14:21 - 2017-09-26 15:47 - 000000000 ____D C:\Users\Scarfato\AppData\Local\WhatsApp
2017-11-09 14:20 - 2017-09-26 15:47 - 000000000 ____D C:\Users\Scarfato\AppData\Local\SquirrelTemp
2017-11-08 12:38 - 2016-10-11 20:29 - 000001144 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-08 12:38 - 2016-10-11 20:29 - 000001140 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-07 17:08 - 2016-10-11 20:29 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Dropbox
2017-11-07 17:05 - 2017-10-18 17:00 - 000004204 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-07 17:05 - 2017-10-18 17:00 - 000003972 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-07 12:12 - 2017-10-18 17:00 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4218426435-2780237930-1221081034-1001
2017-11-07 12:11 - 2016-10-10 16:53 - 000000000 ___RD C:\Users\Scarfato\OneDrive
2017-11-06 00:44 - 2016-11-04 00:14 - 000000000 ____D C:\Users\Scarfato\AppData\LocalLow\Temp
2017-11-04 02:25 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 02:25 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 00:05 - 2017-10-13 00:09 - 000000000 ____D C:\Users\Scarfato\Desktop\Password

==================== Files in the root of some directories =======

2017-03-31 21:40 - 2017-03-31 21:40 - 000000053 _____ () C:\Users\Scarfato\AppData\Roaming\PLGComp.ini
2016-12-03 10:13 - 2017-06-14 08:44 - 000000552 _____ () C:\Users\Scarfato\AppData\Local\TroubleshooterConfig.json
2017-03-28 11:40 - 2017-03-28 11:40 - 000000000 _____ () C:\Users\Scarfato\AppData\Local\{F121EF24-95F6-41BF-B19B-3760F03AA517}

Some files in TEMP:
====================
2017-11-30 18:47 - 2017-10-25 05:37 - 001954048 _____ (Microsoft Corporation) C:\Users\Scarfato\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-30 20:18

==================== End of FRST.txt ============================

[dany79]

Posta anche il file addition.txt
Lo trovi sul desktop...
Grazie

[genio1]

Non riesco ad incollare il file.

[dany79]

Usa wikisend..
collegati al sito http://wikisend.com
clicca su cerca file
seleziona il file
clicca su upload
copi incolla il link del download qui

[genio1]

http://wikisend.com/download/821934/Addition.txt

[dany79]

Ciao
Esegui attentamente tutti i passaggi in ordine come scritti...

rimuovi da pannello di controllo questi java obsoleti:

Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)

Se non sai cosa è questo programmi disinstallali:
MIView (HKLM-x32\...\MIView) (Version: - )
Nemesys 3.1.3 (HKLM-x32\...\Nemesys_is1) (Version: 3.1.3 - Fondazione Ugo Bordoni)

Poi esegui questi passaggi:

-Posiziona il programma frst sul desktop assieme al file allegato fixlist.txt (mi raccomando sul desktop).
LINK Fixlist fixlist.txt
-Tasto destro con il mouse sopra a frst---->esegui come amministratore
-quando si apre clicca su FIX
-attendi che finisca le operazioni e che il pc si riavvii (importante:se non si riavvia fallo te manualmente)
-Quando rientri in windows, posta il file fixlog.txt scaturito (lo trovi sul desktop)

-Fai pulizia con cclenaer sia sistema che registro se non lo possiedi scaricalo da qui https://www.piriform.com/ccleaner/download

-Resetta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser

Poi apri il prompt dei comandi (cmd) (no power schell) come amministratore, copia/incolla le seguenti stringhe una alla volta e dai invio:

RD /S /Q "%WinDir%\System32\GroupPolicyUsers"

RD /S /Q "%WinDir%\System32\GroupPolicy"

gpupdate /force

Ora chiudi il Prompt e clicca con il tasto destro sul desktop (in uno spazio vuoto) e seleziona "Aggiorna"

Dovrai cambiare la pagina iniziale di Chrome.

Verifica e fa sapere se ha funzionato...