Condividi:        

Pc infettato?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Pc infettato?

Postdi rino86 » 25/08/17 23:52

Salve, ho effettuato una scansione con adwcleaner ed mi ha evidenziato due errori, qualcuno può aiutarmi?

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 22:28:44 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-25-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, YSearchUtilSvc


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Users\Scarfato\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\yset


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
PUP.Optional.YahooChrome, [Key] - HKLM\SOFTWARE\Yahoo\SS


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/8/12 18:25:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [1011 B] - [2017/8/23 7:13:26]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Sponsor
 

Re: Pc infettato?

Postdi Luke57 » 29/08/17 12:30

Ciao, ripeti la scansione con adwceaner e clicca su pulisci al termine della stessa.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Pc infettato?

Postdi rino86 » 12/09/17 15:22

L'ho fatto, mi è uscito questo:

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 12 13:47:22 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1579 B] - [2017/8/25 22:29:58]
C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/8/12 18:25:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [1011 B] - [2017/8/23 7:13:26]
C:/AdwCleaner/AdwCleaner[S2].txt - [1487 B] - [2017/8/25 22:28:44]
C:/AdwCleaner/AdwCleaner[S3].txt - [1214 B] - [2017/8/26 12:28:16]
C:/AdwCleaner/AdwCleaner[S4].txt - [1282 B] - [2017/8/29 11:56:6]
C:/AdwCleaner/AdwCleaner[S5].txt - [1349 B] - [2017/8/31 15:6:25]
C:/AdwCleaner/AdwCleaner[S6].txt - [1416 B] - [2017/9/4 14:28:37]
C:/AdwCleaner/AdwCleaner[S7].txt - [1483 B] - [2017/9/6 21:47:19]
C:/AdwCleaner/AdwCleaner[S8].txt - [1647 B] - [2017/9/11 16:27:4]
C:/AdwCleaner/AdwCleaner[S9].txt - [1714 B] - [2017/9/12 13:46:41]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi dany79 » 12/09/17 16:27

Se non risolvi esegui i software sotto in sequenza come postati :

Malwarebyte antimalware scaricalo da quiihttps://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato

Poi scarica adwcleaner(rieseguilo anche se lo hai gia fatto)da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia come amministratore e fai la scansione
elimina quello che trova e posta il log

poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/downlo ... oval-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra ed apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log scaturito(lo trovi sul desktop)

Infine scarica frst da quihttps://www.bleepingcomputer.com/dow ... scan-tool/
scarica la versione adatta al tuo sistemaoperativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

le scansioni sono tutte relativamente veloci...

Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Pc infettato?

Postdi rino86 » 12/09/17 23:16

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 12/09/17
Ora scansione: 23:57
File di log: 634a1c3c-9805-11e7-9692-c86000e30d00.json
Amministratore: Sì

-Informazioni software-
Versione: 3.2.2.2018
Versione componenti: 1.0.188
Aggiorna versione pacchetto: 1.0.2788
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 15063.540)
CPU: x64
File system: NTFS
Utente: GENNARO\Scarfato

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 367334
Minacce rilevate: 0
(Nessun elemento nocivo rilevato)
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 5 min, 36 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi rino86 » 12/09/17 23:34

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 12 22:15:04 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-12-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1579 B] - [2017/8/25 22:29:58]
C:/AdwCleaner/AdwCleaner[C1].txt - [1887 B] - [2017/9/12 13:47:22]
C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/8/12 18:25:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [1011 B] - [2017/8/23 7:13:26]
C:/AdwCleaner/AdwCleaner[S2].txt - [1487 B] - [2017/8/25 22:28:44]
C:/AdwCleaner/AdwCleaner[S3].txt - [1214 B] - [2017/8/26 12:28:16]
C:/AdwCleaner/AdwCleaner[S4].txt - [1282 B] - [2017/8/29 11:56:6]
C:/AdwCleaner/AdwCleaner[S5].txt - [1349 B] - [2017/8/31 15:6:25]
C:/AdwCleaner/AdwCleaner[S6].txt - [1416 B] - [2017/9/4 14:28:37]
C:/AdwCleaner/AdwCleaner[S7].txt - [1483 B] - [2017/9/6 21:47:19]
C:/AdwCleaner/AdwCleaner[S8].txt - [1647 B] - [2017/9/11 16:27:4]
C:/AdwCleaner/AdwCleaner[S9].txt - [1714 B] - [2017/9/12 13:46:41]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi rino86 » 12/09/17 23:54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Scarfato (Administrator) on 13/09/2017 at 0:33:54,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Scarfato\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/09/2017 at 0:39:16,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi rino86 » 12/09/17 23:58

Farbar Service Scanner Version: 27-01-2016
Ran by Scarfato (administrator) on 13-09-2017 at 00:46:05
Running from "C:\Users\Scarfato\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi dany79 » 13/09/17 12:48

Ciao rino86
il programma non è fss (farbar service scanner) ma frst (farbar recovery scan tool)scaricalo da qui https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit (il tuo è 64bit)
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Pc infettato?

Postdi rino86 » 13/09/17 13:51

Ok, grazie!
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi rino86 » 13/09/17 14:10

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2017
Ran by Scarfato (administrator) on GENNARO (13-09-2017 14:45:30)
Running from C:\Users\Scarfato\Desktop
Loaded Profiles: Scarfato (Available Profiles: Scarfato)
Platform: Windows 10 Pro Version 1703 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
(Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Corporation) C:\Windows\System32\TieringEngineService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(BlueSprig) C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\UNP\UNPCampaignManager.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(© 2015 Microsoft Corporation) C:\Users\Scarfato\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66144 2017-09-12] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [161336 2017-08-16] (BlueStack Systems, Inc.)
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{52838035-a993-4093-a3e7-bfe8233f271c}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_or ... orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> {872B0682-020B-49D1-95AE-DD07E21E27A5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-25] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

Edge:
======
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2016-11-21]

FireFox:
========
FF DefaultProfile: uadpssrf.default
FF ProfilePath: C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default [2017-09-13]
FF NewTab: Mozilla\Firefox\Profiles\uadpssrf.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uadpssrf.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\uadpssrf.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uadpssrf.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\uadpssrf.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=it-it
FF Keyword.URL: Mozilla\Firefox\Profiles\uadpssrf.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (Avira Browser Safety) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\abs@avira.com [2017-07-30]
FF Extension: (Bing Search) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-03-26]
FF Extension: (Flash Control) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2017-08-24]
FF Extension: (Avira Password Manager) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\passwordmanager@avira.com [2017-07-30]
FF Extension: (Adblock Plus) - C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-23]
FF SearchPlugin: C:\Users\Scarfato\AppData\Roaming\Mozilla\Firefox\Profiles\uadpssrf.default\searchplugins\bing-.xml [2017-03-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://it.search.yahoo.com/sugg/ie?out ... n&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default [2017-09-13]
CHR Extension: (Documenti Google) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-17]
CHR Extension: (Google Drive) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-17]
CHR Extension: (YouTube) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-17]
CHR Extension: (The QR Code Generator) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2017-06-18]
CHR Extension: (Google Documenti offline) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-17]
CHR Extension: (Yahoo Partner) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpedbdniajflhgfoipnjkednnlkngbj [2017-08-25]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-09] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-08-31] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [387128 2017-08-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107008 2016-10-27] (Freemake) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-07-17] (SurfRight B.V.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [52656 2017-08-17] (AnchorFree Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
S2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-09-12] (Avira Operations GmbH & Co. KG)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AFTrafMgr1.3; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_3_64.sys [64912 2017-08-14] (AnchorFree Inc.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-02-09] (The OpenVPN Project)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [173784 2017-08-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-08-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-07-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-07-04] (Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-08] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-06-23] (Glarysoft Ltd)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-09-13] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-13] (Malwarebytes)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-07-13] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-08-17] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 14:45 - 2017-09-13 14:48 - 000023083 _____ C:\Users\Scarfato\Desktop\FRST.txt
2017-09-13 14:44 - 2017-09-13 14:45 - 000000000 ____D C:\FRST
2017-09-13 14:41 - 2017-09-13 14:41 - 002397184 _____ (Farbar) C:\Users\Scarfato\Desktop\FRST64.exe
2017-09-13 14:37 - 2017-09-13 14:37 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\ProductData
2017-09-13 00:46 - 2017-09-13 00:46 - 000001175 _____ C:\Users\Scarfato\Desktop\FSS.txt
2017-09-13 00:39 - 2017-09-13 00:39 - 000000823 _____ C:\Users\Scarfato\Desktop\JRT.txt
2017-09-13 00:25 - 2017-09-13 00:25 - 001790024 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\JRT.exe
2017-09-13 00:20 - 2017-09-13 14:41 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-09-13 00:16 - 2017-09-13 00:16 - 000001851 _____ C:\Users\Scarfato\Desktop\AdwCleaner[S10].txt
2017-09-13 00:05 - 2017-09-13 00:05 - 008182736 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\AdwCleaner (1).exe
2017-09-13 00:03 - 2017-09-13 00:03 - 000001431 _____ C:\Users\Scarfato\Desktop\Report malwarebytes.txt
2017-09-12 15:51 - 2017-09-12 15:51 - 000001887 _____ C:\Users\Scarfato\Desktop\AdwCleaner[C1].txt
2017-09-12 15:45 - 2017-09-12 15:45 - 008182736 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (3).exe
2017-09-12 14:35 - 2017-09-12 14:35 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-12 14:35 - 2017-09-12 14:35 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-12 14:23 - 2017-09-13 14:44 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-09-11 18:25 - 2017-09-11 18:25 - 008182736 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (2).exe
2017-09-11 00:40 - 2017-09-11 00:40 - 000000012 _____ C:\Users\Scarfato\Desktop\linkedin.txt
2017-09-11 00:38 - 2017-09-11 00:38 - 000000000 _____ C:\Users\Scarfato\Desktop\Nuovo documento di testo.txt
2017-09-10 01:08 - 2017-09-10 01:08 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-09-10 01:08 - 2017-09-10 01:08 - 000001270 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-09-10 01:08 - 2017-09-10 01:08 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\Thunderbird
2017-09-10 01:08 - 2017-09-10 01:08 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Thunderbird
2017-09-10 01:08 - 2017-09-10 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-09-10 01:07 - 2017-09-10 01:07 - 040149208 _____ (Mozilla) C:\Users\Scarfato\Downloads\Thunderbird Setup 52.3.0.exe
2017-09-09 10:29 - 2017-09-09 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-08 00:46 - 2017-09-13 14:36 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 00:46 - 2017-09-13 14:36 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-08 00:46 - 2017-09-13 14:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-08 00:46 - 2017-09-13 14:36 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-08 00:46 - 2017-09-08 11:42 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-08 00:46 - 2017-09-08 00:46 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-08 00:46 - 2017-09-08 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 00:45 - 2017-09-08 11:42 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-08 00:44 - 2017-09-08 00:45 - 065942208 _____ (Malwarebytes ) C:\Users\Scarfato\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe
2017-09-08 00:26 - 2017-09-08 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Scarfato\Downloads\HijackThis.exe
2017-09-08 00:24 - 2017-06-24 01:32 - 000002026 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170908-002412.backup
2017-09-08 00:16 - 2017-09-08 00:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-08 00:16 - 2017-09-08 00:28 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-08 00:16 - 2017-09-08 00:16 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Scarfato\Downloads\spybotsd-2.6.46.exe
2017-09-08 00:16 - 2017-09-08 00:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-09-07 14:56 - 2017-09-07 14:56 - 000000000 ____D C:\Users\Scarfato\Desktop\Disabilita Cortana in Windows 10 1607
2017-09-07 14:55 - 2017-09-07 14:55 - 000001758 _____ C:\Users\Scarfato\Downloads\Disabilita Cortana in Windows 10 1607.zip
2017-09-06 23:46 - 2017-09-06 23:46 - 008182736 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (1).exe
2017-09-06 12:29 - 2017-09-06 12:29 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-06 12:29 - 2017-09-06 12:29 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-06 12:29 - 2017-09-06 12:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-04 23:42 - 2017-09-04 23:42 - 000297537 _____ C:\Users\Scarfato\Downloads\Mod_7_ANNI_PREZIOSI_.pdf
2017-09-04 23:41 - 2017-09-04 23:41 - 000299664 _____ C:\Users\Scarfato\Downloads\Mod_7_LABORATORI_PER_LA_PACE_.pdf
2017-09-04 23:41 - 2017-09-04 23:41 - 000298673 _____ C:\Users\Scarfato\Downloads\Mod_7_ONDE_DI_PACE8.pdf
2017-09-04 23:41 - 2017-09-04 23:41 - 000298003 _____ C:\Users\Scarfato\Downloads\Mod_7_STORIA_E_CULTURA13.pdf
2017-09-03 20:24 - 2017-09-03 20:24 - 016981432 _____ C:\Users\Scarfato\Downloads\Glary_Utilities_v5.82.0.103 (1).exe
2017-08-31 17:05 - 2017-08-31 17:05 - 008182736 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1.exe
2017-08-31 17:04 - 2017-08-31 17:04 - 008162248 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner-7-0-0-0.exe
2017-08-31 01:24 - 2017-08-31 01:24 - 000320671 _____ C:\Users\Scarfato\Downloads\ASL_NA3_SUD_CONCORSI_BANDO_NUOVO__RADIODIAGNOSTICA_CONCORSI.pdf
2017-08-30 00:42 - 2017-08-30 00:42 - 016981432 _____ C:\Users\Scarfato\Downloads\Glary_Utilities_v5.82.0.103.exe
2017-08-30 00:38 - 2017-08-30 00:38 - 000001521 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-08-30 00:36 - 2017-08-30 00:37 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2017-08-30 00:35 - 2017-08-30 00:35 - 260215248 _____ (BlueStack Systems Inc.) C:\Users\Scarfato\Downloads\BlueStacks_App_Player_v3.7.36.1601.exe
2017-08-29 15:52 - 2017-08-29 15:52 - 000356223 _____ C:\Users\Scarfato\Desktop\17A0201500200010110001.pdf
2017-08-29 15:52 - 2017-08-29 15:52 - 000137373 _____ C:\Users\Scarfato\Desktop\17A0201501100010110001.pdf
2017-08-29 14:37 - 2017-08-29 14:37 - 000011280 _____ C:\Users\Scarfato\Desktop\nota-spese.pdf
2017-08-26 00:30 - 2017-08-26 00:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Hotspot Shield
2017-08-26 00:29 - 2017-08-26 00:29 - 000001487 _____ C:\Users\Scarfato\Desktop\AdwCleaner[S2].txt
2017-08-25 18:12 - 2017-08-25 18:12 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Notepad++
2017-08-25 18:11 - 2017-08-25 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-08-25 14:37 - 2017-08-25 14:37 - 000738880 _____ (Oracle Corporation) C:\Users\Scarfato\Downloads\JavaSetup8u144.exe
2017-08-25 00:49 - 2017-08-25 16:08 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2017-08-25 00:49 - 2017-08-25 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2017-08-25 00:48 - 2017-08-25 00:49 - 000000000 ____D C:\ProgramData\Hotspot Shield
2017-08-25 00:48 - 2017-08-25 00:48 - 015068880 _____ (AnchorFree Inc.) C:\Users\Scarfato\Downloads\HotspotShield-7.0.5-10255279.exe
2017-08-23 17:25 - 2017-08-23 17:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-08-23 13:00 - 2017-09-10 09:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-23 13:00 - 2017-08-23 13:00 - 000245960 _____ (Mozilla) C:\Users\Scarfato\Downloads\Firefox Installer.exe
2017-08-23 13:00 - 2017-08-23 13:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-23 13:00 - 2017-08-23 13:00 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-23 13:00 - 2017-08-23 13:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-23 12:47 - 2017-08-23 12:47 - 009791816 _____ (Piriform Ltd) C:\Users\Scarfato\Downloads\ccsetup533.exe
2017-08-23 09:57 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2017-08-23 09:12 - 2017-08-23 09:12 - 008185288 _____ (Malwarebytes) C:\Users\Scarfato\Downloads\adwcleaner_7.0.1.0.exe
2017-08-23 09:02 - 2017-08-23 09:03 - 099942552 _____ (Microsoft Corporation) C:\Users\Scarfato\Downloads\excel2013-kb4011080-fullfile-x64-glb.exe
2017-08-22 20:24 - 2017-08-24 09:43 - 000000040 _____ C:\Users\Scarfato\Desktop\Telepass.txt
2017-08-17 19:36 - 2017-08-17 19:36 - 000042064 _____ (Anchorfree Inc.) C:\WINDOWS\system32\Drivers\taphss6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 14:43 - 2017-07-15 00:56 - 002535936 ___SH C:\Users\Scarfato\Downloads\Thumbs.db
2017-09-13 14:37 - 2017-07-12 18:30 - 000726528 ___SH C:\Users\Scarfato\Desktop\Thumbs.db
2017-09-13 14:37 - 2016-10-10 18:05 - 000000000 __SHD C:\Users\Scarfato\IntelGraphicsProfiles
2017-09-13 14:35 - 2017-06-27 18:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 01:13 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-13 01:09 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-13 01:06 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 00:33 - 2017-08-10 11:15 - 000005360 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GENNARO-Scarfato GENNARO
2017-09-13 00:29 - 2017-06-23 12:44 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-09-13 00:16 - 2017-06-27 18:00 - 000000000 ____D C:\Users\Scarfato
2017-09-13 00:15 - 2017-08-12 20:24 - 000000000 ____D C:\AdwCleaner
2017-09-13 00:09 - 2017-06-27 17:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-12 20:56 - 2017-06-27 18:15 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{06D580FE-19D8-4555-BF1F-8B36352CCB16}
2017-09-12 14:54 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-12 14:54 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-12 14:35 - 2017-07-30 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-12 14:35 - 2017-03-02 02:12 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-12 14:22 - 2017-07-30 13:21 - 000000000 ____D C:\Program Files (x86)\Avira
2017-09-12 14:19 - 2017-06-27 18:16 - 002303220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-12 14:19 - 2017-03-20 06:06 - 001055614 _____ C:\WINDOWS\system32\perfh010.dat
2017-09-12 14:19 - 2017-03-20 06:06 - 000227574 _____ C:\WINDOWS\system32\perfc010.dat
2017-09-11 19:16 - 2016-10-10 17:48 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Packages
2017-09-10 01:11 - 2016-11-29 20:43 - 000000000 ____D C:\Users\Scarfato\AppData\LocalLow\Mozilla
2017-09-09 10:40 - 2017-07-27 12:33 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4218426435-2780237930-1221081034-1001
2017-09-09 10:40 - 2016-10-10 17:53 - 000002459 _____ C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 10:40 - 2016-10-10 17:53 - 000000000 ___RD C:\Users\Scarfato\OneDrive
2017-09-09 10:30 - 2016-10-11 21:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-08 00:45 - 2016-10-18 00:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-08 00:26 - 2016-10-10 17:48 - 000000000 ____D C:\Users\Scarfato\AppData\Local\VirtualStore
2017-09-03 20:26 - 2017-06-27 18:15 - 000003380 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-09-03 20:26 - 2017-06-27 18:15 - 000003032 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-09-03 20:26 - 2017-06-23 12:45 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-09-03 20:26 - 2017-06-23 12:45 - 000001153 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-08-31 22:04 - 2017-06-19 00:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-30 00:51 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-30 00:38 - 2016-12-03 11:13 - 000001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-08-30 00:38 - 2016-12-03 11:13 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-08-30 00:38 - 2016-12-03 11:11 - 000000000 ____D C:\Users\Scarfato\AppData\Local\Bluestacks
2017-08-30 00:37 - 2016-12-03 11:10 - 000000000 ____D C:\ProgramData\Bluestacks
2017-08-29 00:31 - 2016-10-11 13:40 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 14:06 - 2016-10-10 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-08-26 00:29 - 2017-02-17 00:43 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-08-25 18:11 - 2016-10-12 23:15 - 000000000 ____D C:\Users\Scarfato\AppData\Roaming\Notepad++
2017-08-25 14:53 - 2017-02-17 00:40 - 000000000 ____D C:\ProgramData\Oracle
2017-08-25 14:52 - 2017-02-17 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-25 14:52 - 2017-02-17 00:40 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-25 14:38 - 2017-02-17 00:40 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-23 12:48 - 2016-10-12 19:29 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-23 09:57 - 2017-07-10 01:01 - 000001407 _____ C:\Users\Public\Desktop\Music Search MP3.lnk
2017-08-23 09:57 - 2016-10-27 13:55 - 000001263 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2017-08-23 09:57 - 2016-10-27 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2017-08-23 09:04 - 2016-10-11 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-22 17:38 - 2017-07-30 13:21 - 000000000 ____D C:\ProgramData\Avira

==================== Files in the root of some directories =======

2017-03-31 22:40 - 2017-03-31 22:40 - 000000053 _____ () C:\Users\Scarfato\AppData\Roaming\PLGComp.ini
2016-12-03 11:13 - 2017-06-14 09:44 - 000000552 _____ () C:\Users\Scarfato\AppData\Local\TroubleshooterConfig.json
2017-03-28 12:40 - 2017-03-28 12:40 - 000000000 _____ () C:\Users\Scarfato\AppData\Local\{F121EF24-95F6-41BF-B19B-3760F03AA517}
2017-06-27 17:59 - 2017-06-27 17:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-03 19:05

==================== End of FRST.txt ============================
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi rino86 » 13/09/17 14:11

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017
Ran by Scarfato (13-09-2017 14:50:21)
Running from C:\Users\Scarfato\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-27 16:25:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4218426435-2780237930-1221081034-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4218426435-2780237930-1221081034-503 - Limited - Disabled)
Guest (S-1-5-21-4218426435-2780237930-1221081034-501 - Limited - Disabled)
Scarfato (S-1-5-21-4218426435-2780237930-1221081034-1001 - Administrator - Enabled) => C:\Users\Scarfato

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{7c01a3b4-3454-446e-8473-8a245f962c28}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.29.32 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{BD2F10E7-4BEB-4E90-9863-73CAE1EA1D38}) (Version: 2.0.3.56495 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.1.0.6081 - Avira Operations GmbH & Co. KG)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Componente aggiuntivo Microsoft Salvataggio in formato PDF o XPS per applicazioni di Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0410-0000-0000000FF1CE}) (Version: 12.0.4518.1018 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Glary Utilities 5.82 (HKLM-x32\...\Glary Utilities 5) (Version: 5.82.0.103 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Hotspot Shield 7.0.5 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C127FCCF}) (Version: 7.0.5.10668 - AnchorFree Inc.) Hidden
Hotspot Shield 7.0.5 (HKLM-x32\...\{f799ba47-be7f-4fe6-93b2-6f143cc57193}) (Version: 7.0.5.10668 - AnchorFree Inc.)
Hotspot Shield 7.0.5 (HKLM-x32\...\HotspotShield) (Version: 7.0.5 - AnchorFree Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
LibreOffice 5.3 Help Pack (Italian) (HKLM-x32\...\{B1DDB69D-AF27-4041-9707-3732A9072977}) (Version: 5.3.0.3 - The Document Foundation)
Malwarebytes versione 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.2 (x64 it) (HKLM\...\Mozilla Firefox 55.0.2 (x64 it)) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.3.0 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 it)) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\WinDirStat) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-09] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-09] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050D46EB-EB03-4FC4-88C2-D5EAE0B723DC} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {0726D6A0-1F2C-4CB4-BC74-C480F3E225C5} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {0A535CF3-EC2C-403A-9F48-420DE5AE2D0E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-08-21] (Glarysoft Ltd)
Task: {13B6BE4D-9B30-4175-BF00-CBFF52805A24} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {143D0DAC-C12D-4A9B-931D-A74DD8DA490B} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {231C80EE-BEF0-4EBC-B0BD-9D7A4F2F9FAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-11] (Google Inc.)
Task: {2D00CF1E-3940-4AB2-8903-A721D4EBFA5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {30CE4750-D7E8-4E41-AC07-EEB2BFDC65B8} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe
Task: {35B184BB-1486-451C-9735-709725696D7A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-03-13] ()
Task: {38DDB81F-0641-4AA8-B95F-AE61D265ADC1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {3CCE26E2-0A5E-4E60-AD8C-7B1BE515F65E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-11] (Google Inc.)
Task: {51743D64-2EFC-49B2-921E-D8731CB700C4} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-09-12] (Avira Operations GmbH & Co. KG)
Task: {60B85776-E8BE-4681-871E-0E3696785126} - System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\2 => C:\Users\Scarfato\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {6348EE79-5179-41E1-857A-11E151C1B73F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {84EE344B-F611-42CB-B758-357043EA88D9} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-09-12] (Avira Operations GmbH & Co. KG)
Task: {8FDB002D-2D49-46EC-906C-36B84656F659} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GENNARO-Scarfato GENNARO => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {99B9B499-DBA5-4520-A31E-AEBC984FC384} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-08-21] (Glarysoft Ltd)
Task: {A0343095-613D-4EB7-B2CF-751DC27AB133} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A3041CEB-7FB6-48A6-BC51-1B43063BE78D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {ABF573CC-1FE1-414A-BBC8-1DABDB7BF0B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B39FFE61-1783-4708-BB94-77CBBEF118FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {B75F575C-795A-49D0-A4D5-D0B1D5AB17BC} - System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\1 => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [2017-08-21] (Glarysoft Ltd) <==== ATTENTION
Task: {B7B7589A-DCED-485F-96AB-62B9DFBE28A3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-11] (Dropbox, Inc.)
Task: {CB4ACA83-A5A3-4E21-A843-22365E10E20C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-11] (Dropbox, Inc.)
Task: {DA6245AE-2966-48EA-A680-D58A76688E0C} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Google Play Musica.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:57 - 2017-03-18 22:57 - 000037376 _____ () C:\WINDOWS\system32\SpectrumSyncClient.dll
2017-09-08 00:45 - 2017-09-08 11:42 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-15 23:20 - 2017-08-15 23:20 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 22:59 - 2017-03-20 06:07 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-07 14:42 - 2017-07-28 07:18 - 004125088 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-18 22:59 - 2017-03-20 06:07 - 002487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-08-23 13:21 - 2017-08-23 13:21 - 024502272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-08-23 13:21 - 2017-08-23 13:21 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-08 12:48 - 2017-08-08 12:48 - 003544488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-23 13:21 - 2017-08-23 13:21 - 011159040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-08-29 00:31 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 00:31 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-08-17 19:13 - 2017-08-17 19:13 - 000161200 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2016-10-24 00:12 - 2015-12-28 13:49 - 000629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-08-11 12:25 - 2013-01-21 14:37 - 000187696 _____ () C:\Program Files (x86)\BlueSprig\JetClean\madBasic_.bpl
2017-08-11 12:25 - 2013-01-21 14:37 - 000362800 _____ () C:\Program Files (x86)\BlueSprig\JetClean\madExcept_.bpl
2017-08-11 12:25 - 2013-01-21 14:37 - 000051504 _____ () C:\Program Files (x86)\BlueSprig\JetClean\madDisAsm_.bpl
2017-08-21 03:40 - 2017-08-21 03:40 - 000087032 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-06-24 01:32 - 000002026 ____N C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0092331502407514mcinstcleanup => 2
HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F4E5B59D-B110-47DD-8278-B5C692E9236F}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{3CD47A6C-7AAC-433A-984B-EFFEC4290D17}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{D6CC7929-7C58-4816-9F01-D7136926ADE3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{20D33B23-EFDE-4F17-B28A-527FF38104EA}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{2FEC7297-6C26-4FF4-82D7-CBC6BE19481F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{94796848-9093-4430-B391-A313821EF351}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{6BDC7C8C-C999-4032-A087-C3E30AB86A18}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{7918AE87-B24E-4D1E-8F79-8AC72DA65553}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{9FF4452E-2DC4-4696-9BE1-1F7E186EF348}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B460F5CA-FC81-44BC-9B03-1CD5CD1E4FEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E599B771-385C-45B3-9146-43E62DE3A213}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4987BA51-964C-4231-AACD-BC2C6D8122CB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{7B7FD7EC-536E-4752-A5AF-9442B0FB95C7}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{C9CD5227-57F4-4CB8-9862-F84074A736A0}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{7DD6618A-F75C-4E44-93CB-79F7A89D4A46}] => (Allow) LPort=1688
FirewallRules: [{21DBDA2E-2C76-472E-BE2B-0E24D8AE5DB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6FA2DF6E-1662-46D6-9C2D-5AE7800F7E72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{13969987-9B4D-4588-A1E1-D3E589B10672}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F3F7B1FD-0C19-411C-8792-DF6752A33A7F}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{FF8CC6CA-2D9C-4629-8858-EFCB7AEF0761}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{36691A05-4C30-4555-8EE5-C952862D4E77}] => (Allow) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
FirewallRules: [{2686D297-6EDE-4FDF-A500-84D13D35A67C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

31-08-2017 19:20:49 Punto di controllo pianificato
09-09-2017 19:46:20 Punto di controllo pianificato
13-09-2017 00:34:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2017 02:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Nome del modulo che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Codice eccezione: 0xc0000409
Offset errore 0x0000000000035e68
ID processo che ha generato l'errore: 0x894
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c8ec7c86d5c
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
ID segnalazione: db264ff9-1c8f-4be3-9a30-520c03da198f
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/13/2017 02:48:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Nome del modulo che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Codice eccezione: 0xc0000409
Offset errore 0x0000000000035e68
ID processo che ha generato l'errore: 0x2c60
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c8ea160c0cc
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
ID segnalazione: 615ac77f-d7c5-48ca-99d3-9850f97985f4
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/13/2017 02:47:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Nome del modulo che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Codice eccezione: 0xc0000409
Offset errore 0x0000000000035e68
ID processo che ha generato l'errore: 0x1610
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c8cc52d56ac
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
ID segnalazione: 20dbc611-8b72-4d70-be98-2d7077f63ddc
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/13/2017 02:47:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_DiagTrack, versione: 10.0.15063.0, timestamp: 0x02799ef5
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.15063.447, timestamp: 0xa329d3a8
Codice eccezione: 0x00000512
Offset errore 0x00000000000a5424
ID processo che ha generato l'errore: 0x1348
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c8cc50226e1
Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\System32\svchost.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 67ef3a64-c3ae-48e5-a45a-4032964902ab
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/13/2017 02:39:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Errore di License Activation (slui.exe). Codice di errore:
hr=0xC004F074
Argomenti della riga di comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/13/2017 02:38:49 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Impossibile caricare la DLL dei contatori flessibili rdyboost. I primi quattro byte (DWORD) della sezione Data contengono il codice di errore di Windows.

Error: (09/13/2017 02:38:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Errore di License Activation (slui.exe). Codice di errore:
hr=0xC004F074
Argomenti della riga di comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/13/2017 02:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: FreemakeUtilsService.exe, versione: 1.0.0.0, timestamp: 0x581227f8
Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 10.0.15063.502, timestamp: 0xc3955624
Codice eccezione: 0xe0434352
Offset errore 0x000eb802
ID processo che ha generato l'errore: 0x1338
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c8cc501c05c
Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\System32\KERNELBASE.dll
ID segnalazione: a6ea26d2-6acc-495b-b978-529fcc0e2e89
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/13/2017 02:36:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: FreemakeUtilsService.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.IO.FileNotFoundException
in FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
in FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
in FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
in System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
in System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
in System.Threading.ThreadPoolWorkQueue.Dispatch()
in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/13/2017 12:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Nome del modulo che ha generato l'errore: MsSense.exe, versione: 10.2930.15063.0, timestamp: 0x39f7edf6
Codice eccezione: 0xc0000409
Offset errore 0x0000000000035e68
ID processo che ha generato l'errore: 0x2834
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d32c15f950dfe2
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
ID segnalazione: ec51de66-899a-4055-9a29-66c03017c366
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:


System errors:
=============
Error: (09/13/2017 02:53:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Servizio Windows Defender Advanced Threat Protection. Questo evento si è già verificato 3 volta(e).

Error: (09/13/2017 02:48:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (09/13/2017 02:47:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio Windows Defender Advanced Threat Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (09/13/2017 02:47:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Esperienze utente connesse e telemetria è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (09/13/2017 02:41:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Ottimizzazione recapito bloccato in partenza.

Error: (09/13/2017 02:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Freemake Improver. Questo evento si è già verificato 1 volta(e).

Error: (09/13/2017 02:38:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (120000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DiagTrack.

Error: (09/13/2017 02:36:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio WiaRpc terminato con l'errore specifico del servizio
Server RPC non disponibile.

Error: (09/13/2017 02:36:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio WEPHOSTSVC terminato con l'errore:
Eccezione nel servizio durante la gestione della richiesta di controllo.

Error: (09/13/2017 02:36:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.


CodeIntegrity:
===================================
Date: 2017-09-13 14:53:43.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 14:53:42.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 14:48:46.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 14:48:46.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 14:47:25.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 14:47:24.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 00:27:50.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 00:27:49.775
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 00:24:00.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 00:24:00.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 62%
Total physical RAM: 3800.88 MB
Available physical RAM: 1406.78 MB
Total Virtual: 5080.88 MB
Available Virtual: 2212.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:410.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3B31E7DD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi dany79 » 14/09/17 08:15

Ciao allora

Disinstalla da pannello di controllo spybot search & destroy (se cè, se no ok) basta malwarebyte antimalware...
disabilita la protezione in tempo reale di malwarebyte antimalware(se hai la versione free) hai gia avira come antivirus...

apri il blocconote e copia/incolla tutto lo script di questo file allegato http://wikisend.com/download/400102/fixlist.txt
poi fai file--salva con nome
all apertura della finestra Nomefile :fixlist e salva come: Documenti di testo (*txt)
poi clicca su salva

posiziona il programma frst sul desktop assieme al file da scaricare fixlist.txt (mi raccomando posizionali tutti e due sul desktop)
apri frst come amministratore e clicca su fix
attendi la fine delle operazioni e che il pc si riavvii (se non lo fa riavvia te)
posta il fix log generato (lo trovi sul desktop)

fai pulizia con ccleaner sia sistema che registro

ripristina i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser
una volta ripristinato bisogna reipostare le pagine iniziali (tipo google)

testa il pc e vedi come va
fa sapere

poi se tutto è ok faremo pulizia dei programmi usati per fare le scansioni...

Ciao
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Pc infettato?

Postdi rino86 » 14/09/17 12:13

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by Scarfato (14-09-2017 12:45:11) Run:1
Running from C:\Users\Scarfato\Desktop
Loaded Profiles: Scarfato (Available Profiles: Scarfato)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_or ... orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4218426435-2780237930-1221081034-1001 -> {872B0682-020B-49D1-95AE-DD07E21E27A5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
FF NewTab: Mozilla\Firefox\Profiles\uadpssrf.default -> about:newtab
CHR DefaultSearchURL: Default -> hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://it.search.yahoo.com/sugg/ie?out ... n&command={searchTerms}&nResults=10
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
2017-09-08 00:16 - 2017-09-08 00:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-08 00:16 - 2017-09-08 00:28 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-08 00:16 - 2017-09-08 00:16 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Scarfato\Downloads\spybotsd-2.6.46.exe
2017-09-08 00:16 - 2017-09-08 00:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-09-03 20:26 - 2017-06-27 18:15 - 000003032 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-06-27 17:59 - 2017-06-27 17:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {60B85776-E8BE-4681-871E-0E3696785126} - System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\2 => C:\Users\Scarfato\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (� 2015 Microsoft Corporation) <==== ATTENTION
Task: {B75F575C-795A-49D0-A4D5-D0B1D5AB17BC} - System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\1 => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [2017-08-21] (Glarysoft Ltd) <==== ATTENTION
ShortcutWithArgument: C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Google Play Musica.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

HOSTS:
Removeproxy:
CMD: ipconfig /flushdns
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{872B0682-020B-49D1-95AE-DD07E21E27A5} => key removed successfully
HKLM\Software\Classes\CLSID\{872B0682-020B-49D1-95AE-DD07E21E27A5} => key not found.
Firefox "newtab" removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Scarfato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdbpcigaolookbahgdofnimidinicfid => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\njpedbdniajflhgfoipnjkednnlkngbj => key removed successfully
HKLM\System\CurrentControlSet\Services\aswHdsKe => key removed successfully
aswHdsKe => service removed successfully
HKLM\System\CurrentControlSet\Services\BstHdDrv => key removed successfully
BstHdDrv => service removed successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Users\Scarfato\Downloads\spybotsd-2.6.46.exe => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\WINDOWS\System32\Tasks\GU5SkipUAC => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => key removed successfully
HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellConverter => key removed successfully
HKLM\Software\Classes\CLSID\{30A4E07E-068A-4d91-8F05-691283A1336B} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60B85776-E8BE-4681-871E-0E3696785126} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B85776-E8BE-4681-871E-0E3696785126} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Scarfato\2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B75F575C-795A-49D0-A4D5-D0B1D5AB17BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B75F575C-795A-49D0-A4D5-D0B1D5AB17BC} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Scarfato\1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Scarfato\1 => key removed successfully
C:\Users\Scarfato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Google Play Musica.lnk => Shortcut argument removed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4218426435-2780237930-1221081034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40414814 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1960220 B
Edge => 686 B
Chrome => 753221688 B
Firefox => 21207257 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 5742 B
NetworkService => 0 B
Scarfato => 14066903 B

RecycleBin => 0 B
EmptyTemp: => 801.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-09-2017 12:51:34)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 12:51:38 ====
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28

Re: Pc infettato?

Postdi dany79 » 14/09/17 12:56

Quando hai eseguito tutti i passaggi come da me indicato in precedenza e verificato che il pc non riscontra problemi....
esegui delfix scaricalo da qui https://www.bleepingcomputer.com/download/delfix/
posizionalo sul desktop---tasto dx sopra---eegui come amministratore
quando si apre metti la spunta a Remove disinfection tool
clicca su run
posta il log scaturito

Se non ci sono piu problemi abbiamo concluso
By By :)
--DARRILL79--
Avatar utente
dany79
Utente Junior
 
Post: 65
Iscritto il: 26/10/13 11:51
Località: Barchi (pu)

Re: Pc infettato?

Postdi rino86 » 14/09/17 13:38

# DelFix v1.010 - Logfile created 14/09/2017 at 14:25:16
# Updated 26/04/2015 by Xplode
# Username : Scarfato - GENNARO
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Scarfato\Desktop\FRST-OlderVersion
Deleted : C:\Users\Scarfato\Desktop\Addition.txt
Deleted : C:\Users\Scarfato\Desktop\AdwCleaner (2).exe
Deleted : C:\Users\Scarfato\Desktop\AdwCleaner[C1].txt
Deleted : C:\Users\Scarfato\Desktop\AdwCleaner[S10].txt
Deleted : C:\Users\Scarfato\Desktop\AdwCleaner[S2].txt
Deleted : C:\Users\Scarfato\Desktop\Fixlog.txt
Deleted : C:\Users\Scarfato\Desktop\FRST.txt
Deleted : C:\Users\Scarfato\Desktop\FRST64.exe
Deleted : C:\Users\Scarfato\Desktop\FSS.txt
Deleted : C:\Users\Scarfato\Desktop\JRT.txt
Deleted : C:\Users\Scarfato\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Scarfato\Downloads\AdwCleaner (2).exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner-7-0-0-0.exe
Deleted : C:\Users\Scarfato\Downloads\AdwCleaner.exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner_7.0.1.0.exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (1).exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (2).exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1 (3).exe
Deleted : C:\Users\Scarfato\Downloads\adwcleaner_7.0.2.1.exe
Deleted : C:\Users\Scarfato\Downloads\JRT.exe
Deleted : C:\Users\Scarfato\Downloads\HijackThis.exe
Deleted : C:\Users\Scarfato\Downloads\hijackthis.log

########## - EOF - ##########


Grazie mille, sei stato gentilissimo. Ciao ciao
rino86
Utente Junior
 
Post: 88
Iscritto il: 21/10/14 13:28


Torna a Sicurezza e Privacy


Topic correlati a "Pc infettato?":

pc infettato
Autore: claudio61
Forum: Sistemi Operativi Windows
Risposte: 3
FORSE PC INFETTATO???
Autore: danyela
Forum: Sicurezza e Privacy
Risposte: 19
Pc infettato?
Autore: franco11
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti