Condividi:        

MALWARE??

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

MALWARE??

Postdi salvatorino31 » 16/12/20 17:48

Buona sera,
mi appello a voi perchè so che riuscirete a darmi delle risposte, e soprattutto quelle che cerco...
Da un po di tempo mentre navigo su google chrome o microsoft edge, si modificano le impostazioni di ricerca, e poi pc lento , ho fatto una scansione con .Farbar Recovery Scan Tool ... Spero mi possiate aiutare, grazie in anticipo.
salvatorino31
Newbie
 
Post: 4
Iscritto il: 16/12/20 17:38

Sponsor
 

Re: MALWARE??

Postdi salvatorino31 » 16/12/20 17:49

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran (15-12-2020 00:18:06)
Running from C:\Users\Gennaro\Downloads
Windows 10 Pro Version 20H2 19042.685 (X64) (2020-06-04 15:53:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3749906407-1835422660-3079171557-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3749906407-1835422660-3079171557-503 - Limited - Disabled)
Gennaro (S-1-5-21-3749906407-1835422660-3079171557-1001 - Administrator - Enabled) => C:\Users\Gennaro
Guest (S-1-5-21-3749906407-1835422660-3079171557-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3749906407-1835422660-3079171557-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.220.0.1109 - BlueStack Systems, Inc.)
Epic Games Launcher (HKLM-x32\...\{A910B614-FC71-4F87-8F7C-C46CC9E9F475}) (Version: 1.1.291.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Intel Driver && Support Assistant (HKLM-x32\...\{513BFF20-438E-4C8B-9C41-DE06B47D3148}) (Version: 20.11.50.9 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{CB94C849-BE4D-4443-899D-096F2BA8C91E}) (Version: 2.4.06492 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5161 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}) (Version: 20.11.50.9 - Intel)
IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
K-Lite Codec Pack 15.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.8.0 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MediaHuman YouTube to MP3 Converter 3.9.9.49 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.49 - MediaHuman)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.47.2 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{EEDD9FD9-D7F9-4386-A07B-BF50C0BA1914}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 83.0 (x64 it) (HKLM\...\Mozilla Firefox 83.0 (x64 it)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 83.0 - Mozilla)
Nero Burning ROM 2020 (HKLM-x32\...\Nero Burning ROM 2020 2020) (Version: 2020 - Nero)
Nero BurningROM 2020 (HKLM-x32\...\{862CBC4E-345C-4296-95EA-F4B3802B59EF}) (Version: 22.0.00600 - Nero AG)
Nero Core (HKLM-x32\...\{7E7E9330-719A-4357-9D0D-D095C8293BF7}) (Version: 2.0.05100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 21.0.1006 - Nero AG)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Parsec (HKLM-x32\...\Parsec) (Version: 150-47 - Parsec Cloud Inc.)
PDF Architect 7 (HKLM-x32\...\PDF Architect 7) (Version: 7.1.13.1755 - pdfforge GmbH)
PDF Architect 7 Create Module (HKLM\...\{B600CC13-8F68-4D44-8867-93490894FAE5}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDF Architect 7 Edit Module (HKLM\...\{BA2C2671-B379-4101-A21C-4C549671FC8D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDF Architect 7 View Module (HKLM\...\{E947A304-6110-4CFE-98AD-E6909072E87D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{00010FEF-82A2-497E-983A-7105A0364FA7}) (Version: 4.2.0 - pdfforge GmbH)
Prerequisite installer (HKLM-x32\...\{964E6898-DEF3-445B-BDCE-EF5089DD7574}) (Version: 22.0.0005 - Nero AG) Hidden
Proteus 8 Demonstration (HKLM-x32\...\{A3531ED7-72AB-4CAA-9D67-7A14EA8656C8}) (Version: 8.11.30052.0 - Labcenter Electronics)
Radmin Viewer 3.5.2 (HKLM-x32\...\{9F9073EA-5DCE-4B23-8A0C-C7D2C89AEADC}) (Version: 3.52.1.0000 - Famatech)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
Roblox Player for Gennaro (HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\roblox-player) (Version: - Roblox Corporation)
Sky Go 20.7.2.0 (HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\com.bskyb.skygoplayer_is1) (Version: 20.7.2.0 - Sky)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.12.4 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\WhatsApp) (Version: 2.2049.9 - WhatsApp)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)

Packages:
=========
Adobe Photoshop Express: editor di immagini, regolazioni, filtri, effetti, bordi -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.8.0_x64__ynb6jyjzte8ga [2020-11-27] (Adobe Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.183.600.0_x86__kgqvnymyfvs32 [2020-12-10] (king.com)
Componente aggiuntivo Foto -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation)
Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation)
Dropbox per modalità S -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-07-01] (Dropbox Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-14] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation) [MS Ad]
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.2.1.0_x64__sbe4t8mqwq93a [2020-11-19] (NG PDF Lab)
Perfect Tube -> C:\Program Files\WindowsApps\10301PerfectThumb.PerfectTube_2.0.99.0_x64__n9t97vrmwej7m [2020-06-05] (Perfect Thumb) [MS Ad]
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.1.1.0_x64__f5eddttrpssna [2020-12-04] (Mooii Tech)
Python 3.8 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0 [2020-12-07] (Python Software Foundation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.32861.0_x64__8wekyb3d8bbwe [2020-12-04] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Gennaro\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Gennaro\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{75f92b33-bbaa-b4b4-04ac-a7c07959e5a66}\InprocServer32 -> 0x2D1D648AB564D6015CE0648AB564D601010000000200000000000000 => No File
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x7C71E8275763D601519B608AB564D601030000000B00000000000000 => No File
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\Gennaro\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers1: [PDFArchitect7_ManagerExt] -> {21989F59-B260-4302-90C3-E51740E03639} => C:\Program Files\PDF Architect 7\context-menu.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2020-07-10] (Dev Code-Sign -> pdfforge GmbH) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\ForumFree.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=onpaokmjncandjkacmikamfgfpfkgfdb

==================== Loaded Modules (Whitelisted) =============

2020-12-07 11:31 - 2020-12-07 11:31 - 000126464 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll
2020-06-04 22:52 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-12-03 17:23 - 2020-12-03 17:23 - 000007168 _____ (painter) [File not signed] C:\WINDOWS\System32\painter_x64.dll
2020-09-25 22:09 - 2020-09-25 22:09 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2020-11-06 12:42 - 2020-11-06 12:42 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86258047.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86258047.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
BHO: PDF Architect 7 Helper -> {2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0} -> C:\Program Files\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-13] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - PDF Architect 7 Toolbar - {61E612A7-2382-4570-8D3F-42BC136DDAD7} - C:\Program Files\PDF Architect 7\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\wustat.windows.com -> hxxp://wustat.windows.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-12-13 20:19 - 2020-12-14 20:15 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.23.96.1 DESKTOP-VMGHQ24.mshome.net # 2025 12 6 13 19 15 0 275

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\wureset
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: McAfee WebAdvisor => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PDF Architect 7 => 3
MSCONFIG\Services: PDF Architect 7 Creator => 3
MSCONFIG\Services: PDF Architect 7 Update Service => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "ZaAntiRansomware"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\StartupFolder: => "Sidebar400.lnk"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "Mailbird"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "electron.app.EasyXplore"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\StartupApproved\Run: => "Parsec.App.0"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

06-12-2020 20:42:06 Revo Uninstaller's restore point - WinZip 25.0
06-12-2020 20:42:22 Rimosso WinZip 25.0.
07-12-2020 15:26:10 Programma di installazione dei moduli di Windows
07-12-2020 15:54:32 Programma di installazione dei moduli di Windows
08-12-2020 01:12:01 Programma di installazione dei moduli di Windows
09-12-2020 18:06:51 Intel® Driver & Support Assistant
10-12-2020 15:51:31 Programma di installazione dei moduli di Windows
10-12-2020 15:53:01 Programma di installazione dei moduli di Windows
10-12-2020 18:08:59 Revo Uninstaller's restore point - Radmin VPN 1.1.8
10-12-2020 18:09:13 Removed Radmin VPN 1.1.8
11-12-2020 19:54:14 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
11-12-2020 19:54:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
11-12-2020 19:55:36 Installed Adobe Shockwave Player 12.3.
12-12-2020 01:15:04 JRT Pre-Junkware Removal
12-12-2020 01:39:59 AA11
12-12-2020 01:42:08 Revo Uninstaller's restore point - adaware antivirus
12-12-2020 01:42:33 AA11
12-12-2020 01:44:02 Revo Uninstaller's restore point - Avast Secure Browser
13-12-2020 00:53:42 Revo Uninstaller's restore point - Kaspersky VPN
13-12-2020 00:58:43 Revo Uninstaller's restore point - Kaspersky Password Manager
13-12-2020 00:59:03 Removed Kaspersky Password Manager
13-12-2020 02:19:02 Removed 8GadgetPack
13-12-2020 20:13:47 Programma di installazione dei moduli di Windows
13-12-2020 20:27:16 Removed Allway Sync
14-12-2020 20:19:53 Removed mkv2vob
14-12-2020 21:51:11 Removed 8GadgetPack
14-12-2020 21:52:15 Removed Quick CPU x64
14-12-2020 21:52:49 Removed Blender
14-12-2020 22:02:39 Operazione di ripristino

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/15/2020 12:07:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7340,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 11:55:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8104,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 11:47:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7532,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 11:37:48 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (564,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 11:23:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (992,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 11:12:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8552,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 10:55:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5440,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/14/2020 10:48:42 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4212,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\syswow64\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (12/14/2020 10:15:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Virtual Machine Management Hyper-V terminato con l'errore:
Memoria insufficiente.

Error: (12/14/2020 10:13:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Freemake Improver non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (12/14/2020 10:13:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (45000 millisecondi) durante l'attesa della connessione del servizio Freemake Improver.

Error: (12/14/2020 10:13:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio p2psvc dipende dal servizio PNRPsvc che non è stato avviato per il seguente errore:
Impossibile accedere a una chiave.

Error: (12/14/2020 10:13:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio PNRPsvc terminato con l'errore:
Impossibile accedere a una chiave.

Error: (12/14/2020 10:13:40 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Impossibile avviare l'area PNRP. Creazione dell'identità predefinita non riuscita con codice di errore: 0x80630203.

Error: (12/14/2020 08:18:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Freemake Improver non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (12/14/2020 08:18:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Freemake Improver.


Windows Defender:
===================================
Date: 2020-06-11 23:49:12.2520000Z
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.617.0
Origine aggiornamento: Server Microsoft Update
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80240022
Descrizione errore: Impossibile cercare gli aggiornamenti delle definizioni.

Date: 2020-06-11 23:49:12.2520000Z
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.617.0
Origine aggiornamento: Server Microsoft Update
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80240022
Descrizione errore: Impossibile cercare gli aggiornamenti delle definizioni.

Date: 2020-06-04 16:53:31.2380000Z
Description:
Microsoft Defender Antivirus: errore durante il tentativo di caricare l'intelligence sulla sicurezza. Verrà tentato di ripristinare una versione valida.
%Intelligence sulla sicurezza tentata: Corrente
Codice errore: 0x80070003
Descrizione errore: Impossibile trovare il percorso specificato.
Versione intelligence sulla sicurezza: 0.0.0.0;0.0.0.0
Versione motore: 0.0.0.0

CodeIntegrity:
===================================

Date: 2020-12-15 00:19:02.6880000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:18:16.2910000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:17:07.9420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:16:45.8040000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:12:12.4090000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:10:42.6950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:10:42.6770000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-15 00:08:49.6500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 4601 09/18/2013
Motherboard: ASUSTeK COMPUTER INC. P8H61-M LX
Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 89%
Total physical RAM: 3800.88 MB
Available physical RAM: 400.11 MB
Total Virtual: 7896.88 MB
Available Virtual: 3253.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.12 GB) (Free:289.43 GB) NTFS
Drive d: (MB Support CD) (CDROM) (Total:3.47 GB) (Free:0 GB) CDFS

\\?\Volume{110a6353-0000-0000-0000-100000000000}\ (Riservato per il sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{110a6353-0000-0000-0000-20a76f000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
salvatorino31
Newbie
 
Post: 4
Iscritto il: 16/12/20 17:38

Re: MALWARE??

Postdi salvatorino31 » 16/12/20 17:55

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(@ByELDI -> ByELDI) [File not signed] C:\Program Files (x86)\Common Files\KMSpico\Update\kmsupd.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(IDSA Production signing key -> Intel) C:\ProgramData\Package Cache\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}\Intel-Driver-and-Support-Assistant-Installer.exe <3>
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2>
(Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117352 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\RunOnce: [{7972bdc2-99e9-4a54-b071-e7f08bdf056d}] => C:\ProgramData\Package Cache\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}\Intel-Driver-and-Support-Assistant-Installer.exe [949544 2020-12-09] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32410000 2020-09-24] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [431120 2020-10-16] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\...\Run: [Discord] => C:\Users\Gennaro\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKLM\...\Print\Monitors\PDF Architect 7 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\pdf architect_pdfpmon_v.4.12.26.3.dll [932984 2020-09-25] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [116736 2020-09-25] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001Core" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001UA" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CreateExplorerShellUnelevatedTask" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\klcp_update" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\KMSpico Auto Update Scheduler" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\USER_ESRV_SVC_QUEENCREEK" /ENABLE
Task: {0AB1076E-56A4-4F1F-BFCE-61088F0E26A5} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {0CA724D7-3432-443F-8C52-712B66D6098A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {0ED3E65D-21A1-4369-B399-BC942D2B47E5} - System32\Tasks\Microsoft\Windows\PLA\Processore1 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {108C0981-4393-4ABD-9EA7-CC7C39F85379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {1864339C-92D0-47E0-8404-C43A19A99FDE} - System32\Tasks\KMSpico Auto Update Scheduler => C:\Program Files (x86)\Common Files\KMSpico\Update\kmsupd.exe [81248 2020-02-26] (@ByELDI -> ByELDI) [File not signed]
Task: {1E8E8533-53A6-42FC-8C77-59C0759759BA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {2A212808-7A8E-4224-8AB1-94E62FD1EE94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {34D7F56C-BF19-4957-985E-743F18941676} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {3A0A7D99-11CA-43CB-9E3E-FF78158AB0DA} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001UA => C:\Users\Gennaro\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-05] (Chromium.) [File not signed] <==== ATTENTION
Task: {43C78921-9C50-4616-A9E5-B2B747CB8DCD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {4730282F-2E82-4507-9D38-F7968FE87CA7} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-10-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {48F664D3-8C0A-4FB8-9FD4-392DBFCBFC65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Task: {61777658-2E3A-4704-9D15-21C01C376DCC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {6E0A4E98-BEB3-4098-9EF7-B4CAA4F7A9FE} - System32\Tasks\Microsoft\Windows\PLA\Processore => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {73F561D0-CB60-44CB-B2D7-C989B75B83A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-10-20] () [File not signed]
Task: {7F2F8000-3C7A-4C29-BDC1-D1CAB42CC515} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-12-16] (Avast Software s.r.o. -> Avast Software)
Task: {88A8F26B-B72A-45EA-BC04-04EA6B63710E} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3749906407-1835422660-3079171557-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-03] (Microsoft Windows -> )
Task: {B020A00B-72BE-4669-9F4F-AD26FC223C66} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {B87A7FFF-ABB3-44E2-A7C6-9DE0EB164E4B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D953D7CA-4D58-45AB-8C26-2F0B4D04A108} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001Core => C:\Users\Gennaro\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-05] (Chromium.) [File not signed] <==== ATTENTION
Task: {DB20FB3A-C3DA-4900-818C-9C2C2F04AC0C} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {E280FB33-75EA-4B35-8806-979274BA2F72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {E42541C8-36DA-451A-AD20-CD53D618FCD5} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7071000 2019-08-29] (Nero AG -> Nero AG)
Task: {F7FFB8F7-BC21-4CBA-98D0-ED76271514E3} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {FCBE80A6-53A8-4711-953B-B29FCB7102AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{0D47272B-6CCC-4BA3-9724-FCEC43B38BF4}] => hxxp://127.0.0.1:86/
AutoConfigURL: [{53DBC0B0-DD24-482E-B80A-6A27E8E818C3}] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ae927be2-3154-41e5-8e50-9113907cd264}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Gennaro\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-15]
Edge Profile: C:\Users\Gennaro\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-12-13]



Chrome:
=======
CHR Profile: C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://www.google.it/","hxxp://www.google.it/"
CHR Extension: (Old Layout for Facebook) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaegaeagge [2020-12-13]
CHR Extension: (Google Drive) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-13]
CHR Extension: (YouTube) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-13]
CHR Extension: (uBlock Origin) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-13]
CHR Extension: (Documenti Google offline) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-13]
CHR Extension: (Avast Online Security) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-12-13]
CHR Extension: (Invite All) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfiadggaijonhadndemaccnilcmnljah [2020-12-13]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-13]
CHR Extension: (ForumFree) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\onpaokmjncandjkacmikamfgfpfkgfdb [2020-12-13]
CHR Extension: (Gmail) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\Gennaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3749906407-1835422660-3079171557-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-03-17] (Mixbyte Inc -> Freemake)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [394256 2020-10-16] (Parsec Cloud, Inc. -> Parsec)
S4 PDF Architect 7; C:\Program Files\PDF Architect 7\ws.exe [2579752 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 7 Creator; C:\Program Files\PDF Architect 7\creator\common\creator-ws.exe [692008 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 7 Update Service; C:\Program Files\PDF Architect 7\updater-ws.exe [1832232 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12720144 2020-11-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-07-26] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-16] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-06-05] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [69048 2020-05-27] (Famatech Corp. -> Famatech Corp.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237840 2020-07-11] (Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 15:47 - 2020-12-16 15:47 - 000000000 ____D C:\Users\Gennaro\cleanmgr+
2020-12-16 15:19 - 2020-12-16 15:17 - 000237764 _____ C:\Users\Gennaro\cleanmgr+.zip
2020-12-16 15:17 - 2020-12-16 15:17 - 000237764 _____ C:\Users\Gennaro\Downloads\cleanmgr+.zip
2020-12-16 14:30 - 2020-12-16 14:30 - 000002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-16 14:30 - 2020-12-16 14:30 - 000001989 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-16 14:30 - 2020-12-16 14:30 - 000001989 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-16 14:29 - 2020-12-16 14:29 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-16 14:29 - 2020-12-16 14:29 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-16 14:29 - 2020-12-16 14:29 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-16 14:29 - 2020-12-16 14:29 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-16 14:29 - 2020-12-16 14:29 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-16 14:29 - 2020-12-16 14:28 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-16 14:29 - 2020-12-16 14:28 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-16 14:28 - 2020-12-16 14:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-16 14:27 - 2020-12-16 14:27 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-16 14:23 - 2020-12-16 14:23 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-12-16 14:23 - 2020-12-16 14:23 - 000002112 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-12-16 14:23 - 2020-12-16 14:23 - 000002112 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-12-16 14:23 - 2020-12-16 14:23 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Avast Software
2020-12-16 14:20 - 2020-12-16 14:20 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-12-16 14:19 - 2020-12-16 14:19 - 000469472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000326064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000216984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-12-16 14:19 - 2020-12-16 14:19 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2020-12-16 14:19 - 2020-12-16 14:18 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-12-16 14:19 - 2020-12-16 14:18 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-12-16 14:19 - 2020-12-16 14:18 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-12-16 14:19 - 2020-12-16 14:18 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-12-16 14:19 - 2020-12-16 14:18 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-12-16 14:19 - 2020-12-16 14:18 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-12-16 14:19 - 2020-12-16 14:18 - 000036792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-12-16 14:16 - 2020-12-16 14:19 - 000000000 ____D C:\ProgramData\Avast Software
2020-12-16 14:06 - 2020-12-16 14:06 - 000049708 _____ C:\ProgramData\agent.uninstall.1608123995.bdinstall.v2.bin
2020-12-16 13:47 - 2020-12-16 13:47 - 000001435 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2020-12-16 10:06 - 2020-12-16 10:08 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Discord
2020-12-16 01:21 - 2020-12-16 01:21 - 000000000 ____D C:\WINDOWS\Panther
2020-12-16 01:09 - 2020-12-16 14:12 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-16 00:58 - 2020-12-16 00:58 - 005954552 _____ (Check Point Software Technologies Ltd.) C:\Users\Gennaro\Downloads\zaSetupWeb_158_145_18590.exe
2020-12-15 21:26 - 2020-12-15 21:26 - 000001174 _____ C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-12-15 21:26 - 2020-12-15 21:26 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-12-15 21:25 - 2020-12-15 21:25 - 000000000 ____D C:\ProgramData\Bitdefender
2020-12-15 21:24 - 2020-12-15 21:24 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-12-15 21:22 - 2020-12-15 21:24 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-12-15 21:22 - 2020-12-15 21:22 - 000116840 _____ C:\ProgramData\agent.1608063746.bdinstall.v2.bin
2020-12-15 21:22 - 2020-12-15 21:22 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-12-15 21:20 - 2020-12-15 21:20 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2020-12-15 21:18 - 2020-12-15 21:18 - 013543384 _____ C:\Users\Gennaro\Downloads\bitdefender_online.exe
2020-12-15 19:49 - 2020-12-15 19:49 - 000354137 _____ C:\Users\Gennaro\Downloads\Biblioteca - elenco libri.xlsx
2020-12-15 14:50 - 2020-12-15 14:50 - 000354496 _____ C:\Users\Gennaro\Downloads\_2020_12_albopretorio_000015760_001_ordinanzasindacalen.106del11.12.2020.pdf
2020-12-15 14:13 - 2020-12-15 14:13 - 000001769 _____ C:\WINDOWS\Language_trs.ini
2020-12-15 14:07 - 2020-12-15 14:07 - 008234296 _____ (Piriform Software Ltd) C:\Users\Gennaro\Downloads\spsetup132.exe
2020-12-15 14:07 - 2020-12-15 14:07 - 000000797 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-12-15 14:07 - 2020-12-15 14:07 - 000000797 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-12-15 14:07 - 2020-12-15 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-12-15 14:07 - 2020-12-15 14:07 - 000000000 ____D C:\Program Files\Speccy
2020-12-15 13:20 - 2020-12-15 13:20 - 068822328 _____ (Discord Inc.) C:\Users\Gennaro\Downloads\DiscordSetup.exe
2020-12-15 00:18 - 2020-12-16 02:30 - 000039318 _____ C:\Users\Gennaro\Downloads\Addition.txt
2020-12-15 00:16 - 2020-12-16 16:30 - 000028635 _____ C:\Users\Gennaro\Downloads\FRST.txt
2020-12-15 00:16 - 2020-12-16 16:24 - 000000000 ____D C:\FRST
2020-12-14 22:21 - 2020-12-14 22:21 - 000000000 ____D C:\Program Files (x86)\Realtek
2020-12-14 22:21 - 2016-11-21 12:15 - 000082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2020-12-14 22:21 - 2016-11-21 12:13 - 000946696 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2020-12-14 22:20 - 2020-12-14 22:20 - 010680139 _____ C:\Users\Gennaro\Downloads\LAN_Win10_10.12.1007.2016.zip
2020-12-14 22:18 - 2020-12-15 21:21 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2020-12-14 21:59 - 2020-12-15 14:13 - 000027079 _____ C:\WINDOWS\Ascd_tmp.ini
2020-12-14 21:59 - 2009-04-02 13:30 - 000010296 _____ C:\WINDOWS\SysWOW64\Drivers\ASUSHWIO.SYS
2020-12-14 20:29 - 2020-12-14 20:29 - 000001910 _____ C:\Users\Gennaro\Downloads\Disabilitare Windows Defender e Antimalware Service Executable.zip
2020-12-14 20:16 - 2020-12-15 21:21 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2020-12-14 20:16 - 2020-12-15 21:21 - 000002678 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2020-12-14 20:16 - 2020-12-15 21:21 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2020-12-14 20:16 - 2020-11-06 12:42 - 000041816 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2020-12-14 20:15 - 2020-12-14 20:15 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-12-14 20:14 - 2020-12-14 20:14 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2020-12-14 20:09 - 2020-12-14 20:11 - 235142100 _____ C:\Users\Gennaro\Downloads\Non confermato 321469.crdownload
2020-12-14 19:37 - 2020-12-14 19:37 - 040473968 _____ (Adlice Software ) C:\Users\Gennaro\Downloads\setup.exe
2020-12-14 17:41 - 2020-12-14 17:41 - 002040904 _____ (Malwarebytes) C:\Users\Gennaro\Downloads\MBSetup-0009996.0009996-consumer.exe
2020-12-14 17:30 - 2020-12-14 17:30 - 002286592 ____N (Farbar) C:\Users\Gennaro\Downloads\FRST64.exe
2020-12-13 20:36 - 2020-12-16 14:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-12-13 20:35 - 2020-12-13 20:35 - 000220784 _____ (AVAST Software) C:\Users\Gennaro\Downloads\avast_free_antivirus_setup_online.exe
2020-12-13 20:19 - 2020-12-14 20:15 - 000000444 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2020-12-13 20:14 - 2020-12-16 14:12 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2020-12-13 20:14 - 2020-12-13 20:14 - 001579818 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2020-12-13 20:14 - 2020-12-13 20:14 - 001152064 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof
2020-12-13 20:14 - 2020-12-13 20:14 - 000671744 _____ C:\WINDOWS\system32\hgattest.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000373776 _____ C:\WINDOWS\system32\vp9fs.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000151352 _____ C:\WINDOWS\system32\nmscrub.exe
2020-12-13 20:14 - 2020-12-13 20:14 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2020-12-13 20:14 - 2020-12-13 20:14 - 000057856 _____ C:\WINDOWS\system32\hgsclientplugin.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000056320 _____ C:\WINDOWS\system32\vmstaging.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000040960 _____ C:\WINDOWS\SysWOW64\vmstaging.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000016384 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-12-13 20:14 - 2020-12-13 20:14 - 000006658 _____ C:\WINDOWS\system32\VmChipset Third-Party Notices.txt
2020-12-13 20:14 - 2020-12-13 20:14 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2020-12-13 20:14 - 2020-12-13 20:14 - 000000000 ____D C:\Program Files\Hyper-V
2020-12-13 19:08 - 2020-12-13 19:08 - 000001434 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2020-12-13 17:32 - 2020-12-13 17:33 - 000002018 _____ C:\Users\Gennaro\Downloads\netadapter-log-2020-12-13-17-32-51.txt
2020-12-13 17:32 - 2020-12-13 17:32 - 002091520 _____ (Conner Bernhard) C:\Users\Gennaro\Downloads\NetAdapterRepair1.2.exe
2020-12-12 23:24 - 2020-12-12 23:24 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Kaspersky Lab
2020-12-12 23:22 - 2020-12-13 19:08 - 000000000 ____D C:\Program Files\Common Files\AV
2020-12-12 23:22 - 2020-12-12 23:22 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2020-12-12 23:22 - 2020-12-12 23:22 - 000000000 ____D C:\Users\Default User\AppData\Local\Kaspersky Lab
2020-12-12 23:21 - 2020-12-13 00:54 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-12-12 19:33 - 2020-12-12 19:33 - 000000000 ____D C:\Users\Gennaro\AppData\Local\GUI.Win
2020-12-12 18:03 - 2020-12-12 18:03 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2020-12-12 16:41 - 2020-12-12 16:41 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
2020-12-12 01:39 - 2020-12-12 01:39 - 000000680 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2020-12-12 01:39 - 2020-12-12 01:39 - 000000680 _____ C:\ProgramData\Desktop\PDFCreator.lnk
2020-12-12 01:39 - 2020-12-12 01:39 - 000000000 ____D C:\ProgramData\PDF Architect 8
2020-12-12 01:39 - 2020-12-12 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2020-12-12 01:38 - 2020-12-12 01:37 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-12 01:28 - 2020-12-12 01:28 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\DiskDefrag
2020-12-12 01:10 - 2020-12-12 01:10 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2020-12-11 23:31 - 2020-12-15 17:03 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-11 23:31 - 2020-12-11 23:31 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-11 23:31 - 2020-12-11 23:31 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-12-11 23:31 - 2020-12-11 23:31 - 000000999 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-12-11 23:31 - 2020-12-11 23:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-11 23:31 - 2020-12-11 23:31 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Mozilla
2020-12-11 23:31 - 2020-12-11 23:31 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Mozilla
2020-12-11 23:31 - 2020-12-11 23:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-11 23:31 - 2020-12-11 23:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-11 22:52 - 2020-12-11 22:52 - 101146624 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2020-12-11 22:52 - 2020-12-11 22:52 - 006406144 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2020-12-11 22:52 - 2020-12-11 22:52 - 002281472 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2020-12-11 22:52 - 2020-12-11 22:52 - 000081920 _____ C:\WINDOWS\system32\config\SAM.iobit
2020-12-11 22:52 - 2020-12-11 22:52 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2020-12-11 22:49 - 2020-12-12 01:10 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\IObit
2020-12-11 22:49 - 2020-12-12 01:10 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-11 20:02 - 2014-06-15 15:18 - 000626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2020-12-11 20:02 - 2014-06-15 15:18 - 000450560 _____ (RAD Game Tools, Inc.) C:\WINDOWS\system32\mss32.dll
2020-12-11 20:02 - 2014-06-15 15:17 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEShims.dll
2020-12-11 20:02 - 2014-06-15 15:10 - 000176128 _____ (RAD Game Tools, Inc.) C:\WINDOWS\system32\binkw32.dll
2020-12-11 19:59 - 2020-12-11 19:59 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Macromedia
2020-12-11 19:56 - 2020-12-11 19:56 - 000001431 _____ C:\AiOLog.txt
2020-12-11 19:56 - 2020-12-11 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2020-12-11 19:56 - 2020-12-11 19:56 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2020-12-11 19:56 - 2020-12-11 19:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2020-12-11 19:55 - 2020-12-11 19:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2020-12-11 16:40 - 2020-12-11 16:40 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-11 16:30 - 2020-12-11 16:30 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2020-12-10 21:03 - 2020-12-15 21:21 - 000002522 _____ C:\WINDOWS\system32\Tasks\KMSpico Auto Update Scheduler
2020-12-10 21:03 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2020-12-10 18:25 - 2020-12-10 18:25 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\LibreOffice
2020-12-10 16:38 - 2020-12-10 16:38 - 000177292 _____ C:\Users\Gennaro\WhatsApp Image 2020-12-10 at 16.35.41.jpeg
2020-12-10 15:57 - 2020-12-10 15:57 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2020-12-10 15:56 - 2020-12-10 15:56 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 15:56 - 2020-12-10 15:56 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 15:56 - 2020-12-10 15:56 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-09 18:19 - 2020-12-09 18:19 - 000000000 ____D C:\Users\Gennaro\WRCFree
2020-12-09 17:56 - 2020-12-09 17:56 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2020-12-07 17:07 - 2020-12-07 17:07 - 000000000 ____D C:\Users\Gennaro\.idlerc
2020-12-07 15:27 - 2020-12-07 15:27 - 000001435 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2020-12-05 23:32 - 2020-12-05 23:32 - 000000000 ___HD C:\$SysReset
2020-12-05 21:52 - 2020-12-13 20:19 - 000000000 ____D C:\Program Files (x86)\Unlocker
2020-12-04 21:33 - 2020-12-04 21:33 - 000000000 ___HD C:\$Windows.~WS
2020-12-03 18:45 - 2020-12-03 18:45 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\SyncService
2020-12-03 18:44 - 2020-12-03 18:44 - 000000112 ___SH C:\bootTel.dat
2020-12-03 18:01 - 2020-12-03 18:01 - 000044985 _____ C:\Users\Gennaro\Desktop\sfclog.txt
2020-12-03 17:23 - 2020-12-15 21:21 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-12-03 17:23 - 2020-12-03 17:23 - 000007168 _____ (painter) C:\WINDOWS\system32\painter_x64.dll
2020-12-03 16:52 - 2020-12-03 16:52 - 000000000 ____D C:\Users\Gennaro\Desktop\Backup
2020-12-03 16:50 - 2020-12-03 17:31 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.old
2020-12-03 15:22 - 2020-12-03 15:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-03 15:22 - 2020-12-03 15:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-03 15:22 - 2020-12-03 15:22 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-03 15:22 - 2020-12-03 15:22 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-03 15:22 - 2020-12-03 15:22 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-03 15:21 - 2020-12-03 15:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-03 15:21 - 2020-12-03 15:21 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-03 15:21 - 2020-12-03 15:21 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-03 15:21 - 2020-12-03 15:21 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-03 15:21 - 2020-12-03 15:21 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-03 15:21 - 2020-12-03 15:21 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-03 15:21 - 2020-12-03 15:21 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-02 21:28 - 2020-12-02 21:28 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Sky
2020-12-02 21:28 - 2020-12-02 21:28 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2020-12-01 14:47 - 2020-12-01 14:47 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\26812
2020-11-30 22:01 - 2020-11-30 22:05 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\dvdcss
2020-11-30 21:49 - 2020-11-30 21:49 - 000000171 _____ C:\Users\Gennaro\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2020-11-30 21:49 - 2020-11-30 21:49 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\DVDFab
2020-11-30 21:49 - 2020-11-30 21:49 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-11-30 21:48 - 2020-11-30 21:48 - 000000000 ____D C:\Users\Gennaro\OneDrive\Documents\DVDFab
2020-11-27 21:08 - 2020-11-27 21:08 - 000019440 _____ C:\WINDOWS\system32\results.xml
2020-11-27 21:02 - 2020-11-27 21:02 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Blender Foundation
2020-11-27 21:02 - 2020-11-27 21:02 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Intel
2020-11-27 21:01 - 2020-12-09 18:07 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2020-11-27 20:58 - 2020-11-27 20:58 - 000000000 ____D C:\Users\Gennaro\.thumbnails
2020-11-24 23:09 - 2020-11-24 23:09 - 000000000 ____D C:\ProgramData\Wondershare
2020-11-24 23:08 - 2020-12-03 20:02 - 000000000 ____D C:\ProgramData\iSkysoft
2020-11-24 23:08 - 2020-11-24 23:08 - 000000000 ____D C:\Program Files (x86)\Iskysoft
2020-11-24 23:08 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2020-11-18 19:59 - 2020-12-11 22:55 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2020-11-17 19:53 - 2020-11-17 19:53 - 000000000 ____D C:\Users\Gennaro\AppData\LocalLow\Cisco
2020-11-17 19:52 - 2020-12-14 13:00 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Sky Go

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 16:13 - 2020-06-04 16:51 - 000000000 ____D C:\Users\Gennaro
2020-12-16 15:57 - 2020-06-05 16:54 - 000000000 ____D C:\Users\Gennaro\AppData\Local\D3DSCache
2020-12-16 15:55 - 2020-06-08 19:48 - 000000000 ____D C:\WINDOWS\Minidump
2020-12-16 15:47 - 2020-06-05 18:37 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\WhatsApp
2020-12-16 14:19 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 14:17 - 2020-06-04 15:46 - 001756968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 14:17 - 2019-12-07 16:09 - 000780170 _____ C:\WINDOWS\system32\perfh010.dat
2020-12-16 14:17 - 2019-12-07 16:09 - 000146478 _____ C:\WINDOWS\system32\perfc010.dat
2020-12-16 14:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-16 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-16 14:12 - 2020-06-04 21:42 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-16 14:12 - 2020-06-04 16:55 - 000000000 __SHD C:\Users\Gennaro\IntelGraphicsProfiles
2020-12-16 14:12 - 2020-06-04 16:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-16 14:11 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-12-16 14:07 - 2019-12-07 10:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-12-16 13:47 - 2020-10-12 17:27 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\discord
2020-12-16 12:35 - 2020-06-05 15:17 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\.minecraft
2020-12-16 10:08 - 2020-10-12 17:27 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-12-16 10:08 - 2020-06-05 18:36 - 000000000 ____D C:\Users\Gennaro\AppData\Local\SquirrelTemp
2020-12-16 08:37 - 2020-06-04 16:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-16 01:36 - 2020-08-06 19:31 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Roblox
2020-12-15 22:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-15 22:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-15 21:22 - 2020-06-04 17:09 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-12-15 21:21 - 2020-09-30 22:02 - 000003598 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-15 21:21 - 2020-09-30 22:02 - 000003374 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-15 21:21 - 2020-06-09 15:25 - 000002966 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2020-12-15 21:21 - 2020-06-08 23:22 - 000003560 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-15 21:21 - 2020-06-08 23:22 - 000003336 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-15 21:21 - 2020-06-05 15:18 - 000003550 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001UA
2020-12-15 21:21 - 2020-06-05 15:18 - 000003282 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskUserS-1-5-21-3749906407-1835422660-3079171557-1001Core
2020-12-15 21:21 - 2020-06-04 23:09 - 000003080 _____ C:\WINDOWS\system32\Tasks\klcp_update
2020-12-15 21:21 - 2020-06-04 17:32 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-15 17:08 - 2020-06-04 21:47 - 000000000 ____D C:\Users\Gennaro\AppData\LocalLow\Mozilla
2020-12-15 15:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-14 22:21 - 2020-07-16 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-12-14 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2020-12-14 21:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-14 21:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\System
2020-12-14 21:52 - 2020-11-05 14:49 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\JAM Software
2020-12-14 21:51 - 2020-10-26 22:16 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Zoom
2020-12-14 21:51 - 2020-06-05 12:44 - 000000000 ____D C:\Program Files\Bulk Rename Utility
2020-12-14 21:51 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-12-14 21:51 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-12-14 21:50 - 2020-06-26 23:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2020-12-14 20:18 - 2020-07-23 12:58 - 000000000 ____D C:\Program Files (x86)\Freemake
2020-12-14 20:18 - 2020-06-05 23:42 - 000000000 ____D C:\Users\Gennaro\AppData\Local\FreeCommanderXE
2020-12-14 20:16 - 2020-09-12 19:53 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-12-14 20:16 - 2020-09-12 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-12-14 20:08 - 2020-11-13 16:12 - 000000000 ____D C:\Program Files (x86)\Radmin Viewer 3
2020-12-14 17:59 - 2020-06-06 14:50 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-13 20:27 - 2020-06-04 22:55 - 000000000 ____D C:\Program Files\Allway Sync
2020-12-13 20:20 - 2020-10-24 20:25 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reset Windows Update Tool
2020-12-13 20:20 - 2020-06-05 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2020-12-13 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\schemas
2020-12-13 19:08 - 2020-06-30 11:28 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\GlarySoft
2020-12-12 19:44 - 2020-06-04 21:42 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\TeamViewer
2020-12-12 16:03 - 2020-11-04 17:48 - 000000000 ____D C:\Users\Gennaro\AppData\Local\WhatsApp
2020-12-12 01:39 - 2020-09-25 22:09 - 000000000 ____D C:\Program Files\PDFCreator
2020-12-12 01:38 - 2020-06-04 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-12 01:38 - 2020-06-04 23:12 - 000000000 ____D C:\Program Files\Java
2020-12-12 01:35 - 2020-06-04 17:24 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-12 01:35 - 2020-06-04 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-12 01:35 - 2020-06-04 17:24 - 000000000 ____D C:\Program Files\WinRAR
2020-12-12 01:10 - 2020-06-05 21:18 - 000000000 ____D C:\Users\Gennaro\AppData\LocalLow\IObit
2020-12-12 00:34 - 2020-06-04 20:16 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\vlc
2020-12-12 00:33 - 2020-06-04 17:25 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-12-12 00:33 - 2020-06-04 17:25 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-12-12 00:32 - 2020-06-04 21:01 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start DC.lnk
2020-12-09 18:07 - 2020-06-04 15:46 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-08 13:19 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-07 15:58 - 2020-06-04 17:13 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2020-12-07 15:58 - 2020-06-04 17:13 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2020-12-07 15:58 - 2020-06-04 17:13 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2020-12-07 15:58 - 2020-06-04 17:13 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2020-12-07 15:58 - 2020-06-04 17:13 - 000002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2020-12-07 15:58 - 2020-06-04 17:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office 2016
2020-12-07 15:52 - 2020-06-04 17:13 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2020-12-06 20:42 - 2020-11-03 15:47 - 000000000 ____D C:\ProgramData\WinZip
2020-12-04 21:35 - 2020-06-04 15:50 - 000000000 ____D C:\ESD
2020-12-04 21:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2020-12-04 19:17 - 2020-07-14 20:07 - 000000000 ____D C:\TPWDB
2020-12-03 22:21 - 2020-06-05 13:16 - 000000000 ____D C:\Users\Gennaro\AppData\Local\CrashDumps
2020-12-03 15:25 - 2019-12-07 16:12 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-03 15:25 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-02 23:27 - 2020-09-30 22:11 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 23:27 - 2020-09-30 22:11 - 000002204 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-02 23:27 - 2020-09-30 22:03 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-30 21:48 - 2020-06-04 15:45 - 000000000 ___RD C:\Users\Gennaro\OneDrive
2020-11-27 21:25 - 2020-06-05 01:15 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-11-27 21:25 - 2020-06-05 01:15 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-11-27 21:25 - 2020-06-05 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-11-27 21:08 - 2020-06-15 14:11 - 000000000 ____D C:\ProgramData\Intel
2020-11-27 21:08 - 2020-06-04 22:57 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2020-11-25 00:45 - 2020-09-25 22:19 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\PDF Architect 7
2020-11-19 00:21 - 2020-07-16 18:04 - 000000000 ____D C:\Users\Gennaro\AppData\Roaming\qBittorrent
2020-11-18 19:58 - 2020-07-13 11:49 - 000000000 ___HD C:\Users\Gennaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2020-11-16 22:30 - 2020-10-26 22:26 - 000000000 ____D C:\Users\Gennaro\AppData\Local\Songr

==================== Files in the root of some directories ========

2020-11-30 21:49 - 2020-11-30 21:49 - 000000171 _____ () C:\Users\Gennaro\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2020-06-22 22:52 - 2020-06-23 01:18 - 000807895 _____ () C:\Users\Gennaro\AppData\Roaming\ICARE.LOG
2020-09-24 10:18 - 2020-09-24 10:18 - 000016438 _____ () C:\Users\Gennaro\AppData\Local\partner.bmp
2020-06-29 19:41 - 2020-06-29 19:41 - 000000017 _____ () C:\Users\Gennaro\AppData\Local\resmon.resmoncfg
salvatorino31
Newbie
 
Post: 4
Iscritto il: 16/12/20 17:38

Re: MALWARE??

Postdi Dylan666 » 16/12/20 21:54

Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Re: MALWARE??

Postdi salvatorino31 » 16/12/20 22:37

Fatto, ma non ha rilevato nulla.
salvatorino31
Newbie
 
Post: 4
Iscritto il: 16/12/20 17:38


Torna a Sicurezza e Privacy


Topic correlati a "MALWARE??":

MALWARE??
Autore: angelo90
Forum: Sicurezza e Privacy
Risposte: 2
Help! Malware
Autore: dadino1
Forum: Sicurezza e Privacy
Risposte: 13

Chi c’è in linea

Visitano il forum: Nessuno e 22 ospiti