cirogiordano
Nuovo Utente
- Messaggi
- 6
- Reazioni
- 0
- Punteggio
- 20
Grazie assai Danilo, ci sentiamo a Natale per il presente... :D
Grazie davvero.
Ciao
Grazie davvero.
Ciao
Pubblicità
PROBLEMA Aiuto Estensione Chrome "Cookies Control"
- Autore discussione WithoutDestiny
- Data d'inizio
Pubblicità
lucabellu
Nuovo Utente
- Messaggi
- 8
- Reazioni
- 0
- Punteggio
- 20
Scusate il doppio post ma da pc dopo l attivazione di questa estensione cookies control mi appare un banner sulla stringa per i commenti e non riesco a scrivere. Purtroppo anche io l ho installato con un programma scaricato online, ora mi rallenta tantissimo il pc e la navigazione online. Aiutatemi non compare nei programmi e l estensione di chrome non si può togliere
danilo79
Utente Èlite
- Messaggi
- 1,814
- Reazioni
- 550
- Punteggio
- 108
Ciao lucabellu
Esegui i software sotto in sequenza come postati:
-Malwarebyte antimalware scaricalo da qui https://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato
-Poi scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia come amministratore e fai la scansione elimina quello che trova e posta il log
poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/download/junkware-removal-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra e apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log jrt.txt scaturito(lo trovi sul desktop)
Poi scarica frst da qui https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt
Ciao
Esegui i software sotto in sequenza come postati:
-Malwarebyte antimalware scaricalo da qui https://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato
-Poi scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia come amministratore e fai la scansione elimina quello che trova e posta il log
poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/download/junkware-removal-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra e apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log jrt.txt scaturito(lo trovi sul desktop)
Poi scarica frst da qui https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt
Ciao
lucabellu
Nuovo Utente
- Messaggi
- 8
- Reazioni
- 0
- Punteggio
- 20
devo incollarli per forza non riesco nè da pc nè da smartphone
Malwarebytes
www.malwarebytes.com
-Dettagli log-
Data scansione: 11/07/17
Ora scansione: 16:24
File di log: malawere.txt
Amministratore: Sì
-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.139
Aggiorna versione pacchetto: 1.0.2342
Licenza: Trial
-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: xw6200-PC\xw6200
-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 328111
Minacce rilevate: 34
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 6 min, 55 sec
-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata
-Dettagli scansione-
Processo: 2
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Modulo: 2
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Chiave di registro: 4
Backdoor.SignalBCD, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wta65048, Nessuna azione intrapresa, [9432], [412708],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Nessuna azione intrapresa, [9500], [-1],0.0.0
PUP.Optional.CookiesControl.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Nessuna azione intrapresa, [9500], [-1],0.0.0
RiskWare.BitCoinMiner, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iinglghmhcgdgjjlafobajghjamdchik, Nessuna azione intrapresa, [112], [414368],1.0.2342
Valore di registro: 1
Backdoor.SignalBCD, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wta65048|IMAGEPATH, Nessuna azione intrapresa, [9432], [412710],1.0.2342
Dati di registro: 0
(Nessun elemento nocivo rilevato)
Flusso di dati: 0
(Nessun elemento nocivo rilevato)
Cartella: 3
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\USERS\XW6200\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFKPEFBLLPCONNKFPDGAGKIFMFLCKKDP, Nessuna azione intrapresa, [9500], [413117],1.0.2342
File: 22
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata\computed_hashes.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata\verified_contents.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\background.js, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-128.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-48.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-96.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-allow.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-block.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-inactive.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\infobar.html, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\manifest.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.css, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.html, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.js, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Nessuna azione intrapresa, [9500], [-1],0.0.0
PUP.Optional.CookiesControl.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Nessuna azione intrapresa, [9500], [-1],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Nessuna azione intrapresa, [342], [329328],1.0.2342
Adware.NeoBar, C:\USERS\XW6200\APPDATA\LOCAL\TEMP\ADBLOCKER.EXE, Nessuna azione intrapresa, [2478], [408862],1.0.2342
Backdoor.SignalBCD, C:\USERS\XW6200\APPDATA\LOCAL\TEMP\MSCLEAN.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Settore fisico: 0
(Nessun elemento nocivo rilevato)
(end)
# AdwCleaner v6.047 - Creato file registro eventi 11/07/2017 in 16:44:48
# Aggiornato su 19/05/2017 da Malwarebytes
# Database : 2017-07-10.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (X64)
# Utente : xw6200 - XW6200-PC
# In esecuzione da : C:\Users\xw6200\Desktop\AdwCleaner.exe
# Modo: pulizia
# Supporto : https://www.malwarebytes.com/support
***** [ Servizi ] *****
***** [ Cartelle ] *****
[-] Cartella eliminata: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\drivereasy
***** [ File ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Collegamenti ] *****
***** [ Attività pianificate ] *****
[-] Attività eliminata: DriverEasy Scheduled Scan
***** [ Registro ] *****
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Chiave eliminata: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\drpsu
[#] Chiave eliminata al riavvio: HKCU\Software\drpsu
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\drpsu
***** [ Browser ] *****
[-] [C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: iinglghmhcgdgjjlafobajghjamdchik
*************************
:: " tracciamento " chiavi eliminate
:: Impostazioni Winsock ripristinate
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1901 Byte] - [11/07/2017 16:44:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [2297 Byte] - [11/07/2017 16:42:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2045 Byte] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by xw6200 (Administrator) on 11/07/2017 at 17:03:26,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/07/2017 at 17:13:27,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by xw6200 (administrator) on XW6200-PC (11-07-2017 19:13:52)
Running from C:\Users\xw6200\Desktop
Loaded Profiles: xw6200 (Available Profiles: xw6200)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-11] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Policies\Explorer: []
Startup: C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk [2017-07-11]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C8EF026-8325-4829-9815-E8D0F7AE9A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Presentazioni Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-11]
CHR Extension: (Documenti Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-11]
CHR Extension: (Adblock Plus) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-11]
CHR Extension: (Google Search) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Adobe Acrobat) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-02]
CHR Extension: (Fogli Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Google Documenti offline) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Avast Online Security) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (SpeakIt!) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-16]
CHR Extension: (Gmail) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-05-25] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-19] (Realtek Semiconductor Corp.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-11] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-03-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-11] (Malwarebytes)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-13] (Realtek Semiconductor Corporation )
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 19:13 - 2017-07-11 19:14 - 00013829 _____ C:\Users\xw6200\Desktop\FRST.txt
2017-07-11 19:13 - 2017-07-11 19:13 - 00000000 ____D C:\FRST
2017-07-11 17:13 - 2017-07-11 17:13 - 00000555 _____ C:\Users\xw6200\Desktop\JRT.txt
2017-07-11 16:53 - 2017-07-11 16:53 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-11 16:51 - 2017-07-11 16:51 - 02437120 _____ (Farbar) C:\Users\xw6200\Desktop\FRST64.exe
2017-07-11 16:50 - 2017-07-11 16:50 - 01663672 _____ (Malwarebytes) C:\Users\xw6200\Desktop\JRT.exe
2017-07-11 16:48 - 2017-07-11 16:48 - 00002146 _____ C:\Users\xw6200\Desktop\AdwCleaner[C0].txt
2017-07-11 16:39 - 2017-07-11 16:44 - 00000000 ____D C:\AdwCleaner
2017-07-11 16:38 - 2017-07-11 16:39 - 04110280 _____ C:\Users\xw6200\Desktop\AdwCleaner.exe
2017-07-11 16:32 - 2017-07-11 16:32 - 00006972 _____ C:\Users\xw6200\Desktop\malawere.txt
2017-07-11 16:24 - 2017-07-11 18:59 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 16:24 - 2017-07-11 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:42 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 16:16 - 2017-07-11 16:16 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-11 16:16 - 2017-07-11 16:16 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-11 16:11 - 2017-07-11 16:11 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-11 15:18 - 2017-07-11 16:36 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-07-11 15:08 - 2017-07-11 15:09 - 00969199 _____ C:\Users\xw6200\Downloads\pnp_dmd_suitabilitiesreferencecard.pdf
2017-07-11 14:09 - 2017-07-11 14:09 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-21 12:03 - 2017-06-21 12:03 - 00001562 _____ C:\Users\xw6200\Desktop\Pokémon Trading Card Game Online.lnk
2017-06-21 12:03 - 2017-06-21 12:03 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-06-20 20:13 - 2017-06-21 12:02 - 286611456 _____ C:\Users\xw6200\Downloads\PokemonInstaller.msi
2017-06-20 14:15 - 2017-06-20 14:15 - 09136798 _____ C:\Users\xw6200\Downloads\Senza titolo.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 18:02 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-11 18:02 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 16:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-11 16:16 - 2015-07-08 23:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-11 16:14 - 2015-07-08 23:29 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-11 16:14 - 2015-07-08 23:29 - 00003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-11 16:07 - 2016-11-04 14:15 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478261752
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-11 14:10 - 2017-03-18 12:22 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-11 14:10 - 2016-11-04 13:58 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149977502578106
2017-07-11 14:09 - 2016-11-04 13:58 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:09 - 2016-11-04 13:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-11 14:08 - 2017-03-18 12:22 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-11 14:08 - 2016-11-04 14:15 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:08 - 2016-11-04 13:58 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-06 00:17 - 2017-03-03 01:28 - 00000033 _____ C:\Users\xw6200\Desktop\netflix pagamenti.txt
2017-07-03 16:25 - 2017-06-02 15:20 - 00000000 ____D C:\Users\xw6200\Documents\sessione cthulhu concorso
2017-07-03 16:09 - 2017-03-18 12:28 - 00000640 _____ C:\Users\xw6200\Desktop\uscite fumetti.txt
2017-06-23 11:34 - 2015-06-17 10:08 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\vlc
2017-06-20 20:09 - 2015-07-09 10:58 - 00000000 ____D C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2016-10-03 17:41 - 2016-10-03 17:41 - 0000001 _____ () C:\Users\xw6200\AppData\Local\llftool.4.40.agreement
2016-05-30 13:40 - 2016-05-30 13:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-08 11:09 - 2015-07-08 11:09 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-11 16:11 - 2017-07-11 16:11 - 0000004 _____ () C:\ProgramData\_lg.3sap
Some files in TEMP:
====================
2017-07-11 15:21 - 2017-07-11 15:21 - 0635981 _____ (ZqwHXl5gA7LFJ1RTG3Zq ) C:\Users\xw6200\AppData\Local\Temp\browmodule.exe
2017-06-23 11:23 - 2017-06-23 11:25 - 30950664 _____ () C:\Users\xw6200\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 13:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by xw6200 (11-07-2017 19:14:53)
Running from C:\Users\xw6200\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-16 14:10:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2837536584-2297837117-1243624517-500 - Administrator - Disabled)
Guest (S-1-5-21-2837536584-2297837117-1243624517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2837536584-2297837117-1243624517-1003 - Limited - Enabled)
xw6200 (S-1-5-21-2837536584-2297837117-1243624517-1000 - Administrator - Enabled) => C:\Users\xw6200
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.51 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.51 - Datel Design & Development)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DriverEasy 4.9.2 (HKLM\...\DriverEasy_is1) (Version: 4.9.2.0 - Easeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Software di base dispositivo (HKLM\...\{ACBD8F87-9F62-4B6A-AF6C-A0AA9E2E152B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
NVIDIA 3D Vision Controller Driver 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.71 - NVIDIA Corporation)
NVIDIA Driver grafico 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.71 - NVIDIA Corporation)
NVIDIA nView 135.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.70 - NVIDIA Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{09D2FBF1-739A-4B36-B933-3867AE85B545}) (Version: 2.45.0 - The Pokémon Company International)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinFast(R) Display Driver (HKLM-x32\...\{F69FD33C-8815-46BF-9134-A643DE68F3C0}) (Version: 1.00.000 - Leadtek Research Inc.)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [2011-02-24] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-04-26] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {028C08B5-C2C9-4726-AE6C-79850CB53B5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2C06903C-E5E2-4F2E-8466-5883E0F49A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {3360FBBD-25D7-4C88-B92B-902C7CB2BBCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-11] (AVAST Software)
Task: {6DB86CB1-58EC-45BB-B6BE-E2368CFC26A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {6EF31907-5F64-4C98-8AD5-723C281D8DFA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {AB408516-28E7-440F-AFAA-240CCF1E27B8} - System32\Tasks\SafeZone scheduled Autoupdate 1478261752 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {AD2ED1E5-FAFC-4A80-8091-2F6A5B1C51BA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {D2194E94-F603-47A3-ABE8-92F6B7A62D64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-07-11 16:24 - 2017-07-11 16:42 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-11 14:03 - 2017-07-11 14:03 - 05684224 _____ () C:\Program Files\AVAST Software\Avast\defs\17071100\algo.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-11 14:08 - 2017-07-11 14:10 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Classes\.scr: AutoCADLTScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-07-11 16:33 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeAutoActivation => C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{0C95AD95-A403-4189-B827-E142ABEA1D46}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [UDP Query User{FD0C8CF5-88BE-4483-919F-4CFA0A3009FB}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [TCP Query User{042EC9E5-6D8F-49EC-A67F-1DFAD4A5F3B2}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{976D2C6B-FA73-4574-89A9-D3AF9D9C6E85}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{D82D3E40-7AFC-42C5-A394-CBAE0D73E1AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{C0E9C745-5181-485F-A5EA-FDD0BE151042}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7829738F-2D45-457F-9047-62151F2AB073}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DC4BD56B-8BFC-44FC-B23B-E952817C103D}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E23C7FFF-9418-4598-8019-723C2D2BBAF8}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFECE004-4A29-4BF8-8096-95F0E3A5B160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7229D822-40F1-4990-9D44-384077724240}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B921A405-4E95-47F2-8BEF-0F7FDF14D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{78450E77-A503-4CC8-9DFD-3A37277F877F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{7DC94BCC-C24F-4837-9DA0-9D4CA9CECF3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B015411-F36C-4E72-9FEC-E72B2E646755}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA6B7C8-6024-4534-8135-62F6F8436627}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F07989F2-3443-4FB6-8C41-46F8E2E668F8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{0BF3EC03-3A6E-4ABE-9D88-6C52929FB7E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-06-2017 13:41:25 Punto di controllo pianificato
27-06-2017 13:22:51 Punto di controllo pianificato
04-07-2017 14:12:20 Punto di controllo pianificato
11-07-2017 16:54:04 JRT Pre-Junkware Removal
11-07-2017 17:03:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Mouse compatibile PS/2
Description: Mouse compatibile PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2017 04:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:29:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma IEXPLORE.EXE versione 11.0.9600.17840 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
ID processo: 10a4
Ora di avvio: 01d2fa4fa7333f47
Ora di chiusura: 0
Percorso applicazione: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID segnalazione:
Error: (07/11/2017 04:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 02:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/10/2017 06:54:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/08/2017 04:57:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/08/2017 12:35:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/07/2017 04:18:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/06/2017 01:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
System errors:
=============
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spooler di stampa non è stato avviato per il seguente errore:
Il servizio non è stato avviato a causa di un errore in fase di accesso.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Servizio Spooler: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:
Richiesta non supportata.
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
Error: (07/11/2017 04:45:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Adobe Acrobat Update Service. Questo evento si è già verificato 1 volta(e).
Error: (07/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spooler di stampa è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio NVIDIA Driver Helper Service. Questo evento si è già verificato 1 volta(e).
Error: (07/11/2017 04:36:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.
Error: (07/11/2017 03:46:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Il server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} non si è registrato con DCOM entro il timeout richiesto.
==================== Memory info ===========================
Processor: Intel(R) Xeon(TM) CPU 3.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4095.57 MB
Available physical RAM: 2460.24 MB
Total Virtual: 8189.36 MB
Available Virtual: 6533.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:460.38 GB) (Free:393.07 GB) NTFS
Drive e: (Pasquale il disco locale) (Fixed) (Total:152.57 GB) (Free:78.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=5.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 4FA04F9F)
Partition 1: (Not Active) - (Size=152.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
-Dettagli log-
Data scansione: 11/07/17
Ora scansione: 16:24
File di log: malawere.txt
Amministratore: Sì
-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.139
Aggiorna versione pacchetto: 1.0.2342
Licenza: Trial
-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: xw6200-PC\xw6200
-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 328111
Minacce rilevate: 34
Minacce messe in quarantena: 0
(Nessun elemento nocivo rilevato)
Tempo impiegato: 6 min, 55 sec
-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata
-Dettagli scansione-
Processo: 2
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Modulo: 2
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Chiave di registro: 4
Backdoor.SignalBCD, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wta65048, Nessuna azione intrapresa, [9432], [412708],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Nessuna azione intrapresa, [9500], [-1],0.0.0
PUP.Optional.CookiesControl.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Nessuna azione intrapresa, [9500], [-1],0.0.0
RiskWare.BitCoinMiner, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iinglghmhcgdgjjlafobajghjamdchik, Nessuna azione intrapresa, [112], [414368],1.0.2342
Valore di registro: 1
Backdoor.SignalBCD, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wta65048|IMAGEPATH, Nessuna azione intrapresa, [9432], [412710],1.0.2342
Dati di registro: 0
(Nessun elemento nocivo rilevato)
Flusso di dati: 0
(Nessun elemento nocivo rilevato)
Cartella: 3
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\USERS\XW6200\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFKPEFBLLPCONNKFPDGAGKIFMFLCKKDP, Nessuna azione intrapresa, [9500], [413117],1.0.2342
File: 22
RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Nessuna azione intrapresa, [281], [133383],1.0.2342
Backdoor.SignalBCD, C:\PROGRAMDATA\WTA65048.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata\computed_hashes.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\_metadata\verified_contents.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\background.js, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-128.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-48.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-96.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-allow.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-block.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon-inactive.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\icon.png, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\infobar.html, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\manifest.json, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.css, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.html, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp\1.0.3_0\options.js, Nessuna azione intrapresa, [9500], [413117],1.0.2342
PUP.Optional.CookiesControl.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Nessuna azione intrapresa, [9500], [-1],0.0.0
PUP.Optional.CookiesControl.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Nessuna azione intrapresa, [9500], [-1],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Nessuna azione intrapresa, [342], [329328],1.0.2342
Adware.NeoBar, C:\USERS\XW6200\APPDATA\LOCAL\TEMP\ADBLOCKER.EXE, Nessuna azione intrapresa, [2478], [408862],1.0.2342
Backdoor.SignalBCD, C:\USERS\XW6200\APPDATA\LOCAL\TEMP\MSCLEAN.EXE, Nessuna azione intrapresa, [9432], [412708],1.0.2342
Settore fisico: 0
(Nessun elemento nocivo rilevato)
(end)
# AdwCleaner v6.047 - Creato file registro eventi 11/07/2017 in 16:44:48
# Aggiornato su 19/05/2017 da Malwarebytes
# Database : 2017-07-10.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (X64)
# Utente : xw6200 - XW6200-PC
# In esecuzione da : C:\Users\xw6200\Desktop\AdwCleaner.exe
# Modo: pulizia
# Supporto : https://www.malwarebytes.com/support
***** [ Servizi ] *****
***** [ Cartelle ] *****
[-] Cartella eliminata: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\drivereasy
***** [ File ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Collegamenti ] *****
***** [ Attività pianificate ] *****
[-] Attività eliminata: DriverEasy Scheduled Scan
***** [ Registro ] *****
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Chiave eliminata: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\drpsu
[#] Chiave eliminata al riavvio: HKCU\Software\drpsu
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\drpsu
***** [ Browser ] *****
[-] [C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: iinglghmhcgdgjjlafobajghjamdchik
*************************
:: " tracciamento " chiavi eliminate
:: Impostazioni Winsock ripristinate
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1901 Byte] - [11/07/2017 16:44:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [2297 Byte] - [11/07/2017 16:42:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2045 Byte] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by xw6200 (Administrator) on 11/07/2017 at 17:03:26,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/07/2017 at 17:13:27,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by xw6200 (administrator) on XW6200-PC (11-07-2017 19:13:52)
Running from C:\Users\xw6200\Desktop
Loaded Profiles: xw6200 (Available Profiles: xw6200)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-11] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Policies\Explorer: []
Startup: C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk [2017-07-11]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C8EF026-8325-4829-9815-E8D0F7AE9A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Presentazioni Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-11]
CHR Extension: (Documenti Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-11]
CHR Extension: (Adblock Plus) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-11]
CHR Extension: (Google Search) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Adobe Acrobat) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-02]
CHR Extension: (Fogli Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Google Documenti offline) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Avast Online Security) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (SpeakIt!) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-16]
CHR Extension: (Gmail) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-05-25] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-19] (Realtek Semiconductor Corp.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-11] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-03-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-11] (Malwarebytes)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-13] (Realtek Semiconductor Corporation )
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 19:13 - 2017-07-11 19:14 - 00013829 _____ C:\Users\xw6200\Desktop\FRST.txt
2017-07-11 19:13 - 2017-07-11 19:13 - 00000000 ____D C:\FRST
2017-07-11 17:13 - 2017-07-11 17:13 - 00000555 _____ C:\Users\xw6200\Desktop\JRT.txt
2017-07-11 16:53 - 2017-07-11 16:53 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-11 16:51 - 2017-07-11 16:51 - 02437120 _____ (Farbar) C:\Users\xw6200\Desktop\FRST64.exe
2017-07-11 16:50 - 2017-07-11 16:50 - 01663672 _____ (Malwarebytes) C:\Users\xw6200\Desktop\JRT.exe
2017-07-11 16:48 - 2017-07-11 16:48 - 00002146 _____ C:\Users\xw6200\Desktop\AdwCleaner[C0].txt
2017-07-11 16:39 - 2017-07-11 16:44 - 00000000 ____D C:\AdwCleaner
2017-07-11 16:38 - 2017-07-11 16:39 - 04110280 _____ C:\Users\xw6200\Desktop\AdwCleaner.exe
2017-07-11 16:32 - 2017-07-11 16:32 - 00006972 _____ C:\Users\xw6200\Desktop\malawere.txt
2017-07-11 16:24 - 2017-07-11 18:59 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-11 16:24 - 2017-07-11 16:47 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 16:24 - 2017-07-11 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:42 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 16:16 - 2017-07-11 16:16 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-11 16:16 - 2017-07-11 16:16 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-11 16:11 - 2017-07-11 16:11 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-11 15:18 - 2017-07-11 16:36 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-07-11 15:08 - 2017-07-11 15:09 - 00969199 _____ C:\Users\xw6200\Downloads\pnp_dmd_suitabilitiesreferencecard.pdf
2017-07-11 14:09 - 2017-07-11 14:09 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-21 12:03 - 2017-06-21 12:03 - 00001562 _____ C:\Users\xw6200\Desktop\Pokémon Trading Card Game Online.lnk
2017-06-21 12:03 - 2017-06-21 12:03 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-06-20 20:13 - 2017-06-21 12:02 - 286611456 _____ C:\Users\xw6200\Downloads\PokemonInstaller.msi
2017-06-20 14:15 - 2017-06-20 14:15 - 09136798 _____ C:\Users\xw6200\Downloads\Senza titolo.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 18:02 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-11 18:02 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 16:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-11 16:16 - 2015-07-08 23:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-11 16:14 - 2015-07-08 23:29 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-11 16:14 - 2015-07-08 23:29 - 00003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-11 16:07 - 2016-11-04 14:15 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478261752
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-11 14:10 - 2017-03-18 12:22 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-11 14:10 - 2016-11-04 13:58 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149977502578106
2017-07-11 14:09 - 2016-11-04 13:58 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:09 - 2016-11-04 13:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-11 14:08 - 2017-03-18 12:22 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-11 14:08 - 2016-11-04 14:15 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:08 - 2016-11-04 13:58 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-06 00:17 - 2017-03-03 01:28 - 00000033 _____ C:\Users\xw6200\Desktop\netflix pagamenti.txt
2017-07-03 16:25 - 2017-06-02 15:20 - 00000000 ____D C:\Users\xw6200\Documents\sessione cthulhu concorso
2017-07-03 16:09 - 2017-03-18 12:28 - 00000640 _____ C:\Users\xw6200\Desktop\uscite fumetti.txt
2017-06-23 11:34 - 2015-06-17 10:08 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\vlc
2017-06-20 20:09 - 2015-07-09 10:58 - 00000000 ____D C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2016-10-03 17:41 - 2016-10-03 17:41 - 0000001 _____ () C:\Users\xw6200\AppData\Local\llftool.4.40.agreement
2016-05-30 13:40 - 2016-05-30 13:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-08 11:09 - 2015-07-08 11:09 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-11 16:11 - 2017-07-11 16:11 - 0000004 _____ () C:\ProgramData\_lg.3sap
Some files in TEMP:
====================
2017-07-11 15:21 - 2017-07-11 15:21 - 0635981 _____ (ZqwHXl5gA7LFJ1RTG3Zq ) C:\Users\xw6200\AppData\Local\Temp\browmodule.exe
2017-06-23 11:23 - 2017-06-23 11:25 - 30950664 _____ () C:\Users\xw6200\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 13:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by xw6200 (11-07-2017 19:14:53)
Running from C:\Users\xw6200\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-16 14:10:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2837536584-2297837117-1243624517-500 - Administrator - Disabled)
Guest (S-1-5-21-2837536584-2297837117-1243624517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2837536584-2297837117-1243624517-1003 - Limited - Enabled)
xw6200 (S-1-5-21-2837536584-2297837117-1243624517-1000 - Administrator - Enabled) => C:\Users\xw6200
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.51 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.51 - Datel Design & Development)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DriverEasy 4.9.2 (HKLM\...\DriverEasy_is1) (Version: 4.9.2.0 - Easeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Software di base dispositivo (HKLM\...\{ACBD8F87-9F62-4B6A-AF6C-A0AA9E2E152B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
NVIDIA 3D Vision Controller Driver 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.71 - NVIDIA Corporation)
NVIDIA Driver grafico 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.71 - NVIDIA Corporation)
NVIDIA nView 135.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.70 - NVIDIA Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{09D2FBF1-739A-4B36-B933-3867AE85B545}) (Version: 2.45.0 - The Pokémon Company International)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinFast(R) Display Driver (HKLM-x32\...\{F69FD33C-8815-46BF-9134-A643DE68F3C0}) (Version: 1.00.000 - Leadtek Research Inc.)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [2011-02-24] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-04-26] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {028C08B5-C2C9-4726-AE6C-79850CB53B5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2C06903C-E5E2-4F2E-8466-5883E0F49A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {3360FBBD-25D7-4C88-B92B-902C7CB2BBCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-11] (AVAST Software)
Task: {6DB86CB1-58EC-45BB-B6BE-E2368CFC26A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {6EF31907-5F64-4C98-8AD5-723C281D8DFA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {AB408516-28E7-440F-AFAA-240CCF1E27B8} - System32\Tasks\SafeZone scheduled Autoupdate 1478261752 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {AD2ED1E5-FAFC-4A80-8091-2F6A5B1C51BA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {D2194E94-F603-47A3-ABE8-92F6B7A62D64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-07-11 16:24 - 2017-07-11 16:42 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-11 14:03 - 2017-07-11 14:03 - 05684224 _____ () C:\Program Files\AVAST Software\Avast\defs\17071100\algo.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-11 14:08 - 2017-07-11 14:10 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Classes\.scr: AutoCADLTScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-07-11 16:33 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeAutoActivation => C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{0C95AD95-A403-4189-B827-E142ABEA1D46}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [UDP Query User{FD0C8CF5-88BE-4483-919F-4CFA0A3009FB}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [TCP Query User{042EC9E5-6D8F-49EC-A67F-1DFAD4A5F3B2}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{976D2C6B-FA73-4574-89A9-D3AF9D9C6E85}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{D82D3E40-7AFC-42C5-A394-CBAE0D73E1AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{C0E9C745-5181-485F-A5EA-FDD0BE151042}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7829738F-2D45-457F-9047-62151F2AB073}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DC4BD56B-8BFC-44FC-B23B-E952817C103D}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E23C7FFF-9418-4598-8019-723C2D2BBAF8}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFECE004-4A29-4BF8-8096-95F0E3A5B160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7229D822-40F1-4990-9D44-384077724240}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B921A405-4E95-47F2-8BEF-0F7FDF14D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{78450E77-A503-4CC8-9DFD-3A37277F877F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{7DC94BCC-C24F-4837-9DA0-9D4CA9CECF3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B015411-F36C-4E72-9FEC-E72B2E646755}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA6B7C8-6024-4534-8135-62F6F8436627}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F07989F2-3443-4FB6-8C41-46F8E2E668F8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{0BF3EC03-3A6E-4ABE-9D88-6C52929FB7E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-06-2017 13:41:25 Punto di controllo pianificato
27-06-2017 13:22:51 Punto di controllo pianificato
04-07-2017 14:12:20 Punto di controllo pianificato
11-07-2017 16:54:04 JRT Pre-Junkware Removal
11-07-2017 17:03:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Mouse compatibile PS/2
Description: Mouse compatibile PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2017 04:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:29:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma IEXPLORE.EXE versione 11.0.9600.17840 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
ID processo: 10a4
Ora di avvio: 01d2fa4fa7333f47
Ora di chiusura: 0
Percorso applicazione: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID segnalazione:
Error: (07/11/2017 04:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 02:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/10/2017 06:54:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/08/2017 04:57:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/08/2017 12:35:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/07/2017 04:18:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/06/2017 01:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
System errors:
=============
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spooler di stampa non è stato avviato per il seguente errore:
Il servizio non è stato avviato a causa di un errore in fase di accesso.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Servizio Spooler: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:
Richiesta non supportata.
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
Error: (07/11/2017 04:45:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Adobe Acrobat Update Service. Questo evento si è già verificato 1 volta(e).
Error: (07/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spooler di stampa è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.
Error: (07/11/2017 04:44:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio NVIDIA Driver Helper Service. Questo evento si è già verificato 1 volta(e).
Error: (07/11/2017 04:36:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.
Error: (07/11/2017 03:46:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Il server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} non si è registrato con DCOM entro il timeout richiesto.
==================== Memory info ===========================
Processor: Intel(R) Xeon(TM) CPU 3.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4095.57 MB
Available physical RAM: 2460.24 MB
Total Virtual: 8189.36 MB
Available Virtual: 6533.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:460.38 GB) (Free:393.07 GB) NTFS
Drive e: (Pasquale il disco locale) (Fixed) (Total:152.57 GB) (Free:78.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=5.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 4FA04F9F)
Partition 1: (Not Active) - (Size=152.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
danilo79
Utente Èlite
- Messaggi
- 1,814
- Reazioni
- 550
- Punteggio
- 108
Ok...esegui questi passi:
rifai la scansione con Malwarebyte ed elimina tutto quello che trova
dal report non hai eliminato niente, hai fatto solo la scansione come puoi vedere dalle voci sotto del log:
Minacce rilevate: 34
Minacce messe in quarantena: 0
Copia il report
Rifai la scansione con farbar recovery scan tool dopo le eliminazioni di malwarebyte
aprilo come amministratore
una volta aperto metti la spunta su addition (mi raccomando mettila se no devi rifare la scansione)
clicca su scan
copia i due report frst.txt e addition.txt
Ciao grazie
rifai la scansione con Malwarebyte ed elimina tutto quello che trova
dal report non hai eliminato niente, hai fatto solo la scansione come puoi vedere dalle voci sotto del log:
Minacce rilevate: 34
Minacce messe in quarantena: 0
Copia il report
Rifai la scansione con farbar recovery scan tool dopo le eliminazioni di malwarebyte
aprilo come amministratore
una volta aperto metti la spunta su addition (mi raccomando mettila se no devi rifare la scansione)
clicca su scan
copia i due report frst.txt e addition.txt
Ciao grazie
lucabellu
Nuovo Utente
- Messaggi
- 8
- Reazioni
- 0
- Punteggio
- 20
scansione rifatta ora mi pare l abbia messi in quarantena, ma l'altro ieri ne aveva trovati 34 e oggi solo 2 quindi dovrebbe averli eliminati no? anche perchè l'icona di cookies report non la vedo più fra le estensioni di chrome. cmq copio i nuovi report, grazie dell'aiuto
Malwarebytes
www.malwarebytes.com
-Dettagli log-
Data scansione: 13/07/17
Ora scansione: 10:45
File di log: report malawere.txt
Amministratore: Sì
-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.141
Aggiorna versione pacchetto: 1.0.2352
Licenza: Trial
-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: xw6200-PC\xw6200
-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 328295
Minacce rilevate: 2
Minacce messe in quarantena: 2
Tempo impiegato: 4 min, 28 sec
-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata
-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)
Modulo: 0
(Nessun elemento nocivo rilevato)
Chiave di registro: 0
(Nessun elemento nocivo rilevato)
Valore di registro: 0
(Nessun elemento nocivo rilevato)
Dati di registro: 0
(Nessun elemento nocivo rilevato)
Flusso di dati: 0
(Nessun elemento nocivo rilevato)
Cartella: 0
(Nessun elemento nocivo rilevato)
File: 2
Adware.FileTour, C:\$RECYCLE.BIN\S-1-5-21-2837536584-2297837117-1243624517-1000\$R9OLCVT.EXE, In quarantena, [252], [415479],1.0.2352
Adware.FileTour, C:\$RECYCLE.BIN\S-1-5-21-2837536584-2297837117-1243624517-1000\$R5C6XG6.ZIP, In quarantena, [252], [415479],1.0.2352
Settore fisico: 0
(Nessun elemento nocivo rilevato)
(end)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by xw6200 (13-07-2017 11:11:40)
Running from C:\Users\xw6200\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-16 14:10:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2837536584-2297837117-1243624517-500 - Administrator - Disabled)
Guest (S-1-5-21-2837536584-2297837117-1243624517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2837536584-2297837117-1243624517-1003 - Limited - Enabled)
xw6200 (S-1-5-21-2837536584-2297837117-1243624517-1000 - Administrator - Enabled) => C:\Users\xw6200
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.51 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.51 - Datel Design & Development)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DriverEasy 4.9.2 (HKLM\...\DriverEasy_is1) (Version: 4.9.2.0 - Easeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Software di base dispositivo (HKLM\...\{ACBD8F87-9F62-4B6A-AF6C-A0AA9E2E152B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
NVIDIA 3D Vision Controller Driver 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.71 - NVIDIA Corporation)
NVIDIA Driver grafico 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.71 - NVIDIA Corporation)
NVIDIA nView 135.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.70 - NVIDIA Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{09D2FBF1-739A-4B36-B933-3867AE85B545}) (Version: 2.45.0 - The Pokémon Company International)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinFast(R) Display Driver (HKLM-x32\...\{F69FD33C-8815-46BF-9134-A643DE68F3C0}) (Version: 1.00.000 - Leadtek Research Inc.)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [2011-02-24] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-04-26] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {028C08B5-C2C9-4726-AE6C-79850CB53B5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2C06903C-E5E2-4F2E-8466-5883E0F49A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {2C6E503E-0B2B-4818-993F-09C4B7CF78F0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {3360FBBD-25D7-4C88-B92B-902C7CB2BBCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-11] (AVAST Software)
Task: {6DB86CB1-58EC-45BB-B6BE-E2368CFC26A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {6EF31907-5F64-4C98-8AD5-723C281D8DFA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {AB408516-28E7-440F-AFAA-240CCF1E27B8} - System32\Tasks\SafeZone scheduled Autoupdate 1478261752 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {D2194E94-F603-47A3-ABE8-92F6B7A62D64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-07-11 16:24 - 2017-07-11 16:42 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-13 10:44 - 2017-07-13 10:44 - 05781504 _____ () C:\Program Files\AVAST Software\Avast\defs\17071210\algo.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-13 10:49 - 2017-07-13 10:49 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-11 14:08 - 2017-07-11 14:10 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Classes\.scr: AutoCADLTScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-07-11 16:33 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeAutoActivation => C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{0C95AD95-A403-4189-B827-E142ABEA1D46}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [UDP Query User{FD0C8CF5-88BE-4483-919F-4CFA0A3009FB}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [TCP Query User{042EC9E5-6D8F-49EC-A67F-1DFAD4A5F3B2}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{976D2C6B-FA73-4574-89A9-D3AF9D9C6E85}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{D82D3E40-7AFC-42C5-A394-CBAE0D73E1AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{C0E9C745-5181-485F-A5EA-FDD0BE151042}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7829738F-2D45-457F-9047-62151F2AB073}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DC4BD56B-8BFC-44FC-B23B-E952817C103D}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E23C7FFF-9418-4598-8019-723C2D2BBAF8}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFECE004-4A29-4BF8-8096-95F0E3A5B160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7229D822-40F1-4990-9D44-384077724240}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B921A405-4E95-47F2-8BEF-0F7FDF14D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{78450E77-A503-4CC8-9DFD-3A37277F877F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{7DC94BCC-C24F-4837-9DA0-9D4CA9CECF3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B015411-F36C-4E72-9FEC-E72B2E646755}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA6B7C8-6024-4534-8135-62F6F8436627}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F07989F2-3443-4FB6-8C41-46F8E2E668F8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{0BF3EC03-3A6E-4ABE-9D88-6C52929FB7E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-06-2017 13:41:25 Punto di controllo pianificato
27-06-2017 13:22:51 Punto di controllo pianificato
04-07-2017 14:12:20 Punto di controllo pianificato
11-07-2017 16:54:04 JRT Pre-Junkware Removal
11-07-2017 17:03:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Mouse compatibile PS/2
Description: Mouse compatibile PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2017 11:06:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/13/2017 10:53:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/12/2017 03:36:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/12/2017 02:10:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:29:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma IEXPLORE.EXE versione 11.0.9600.17840 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
ID processo: 10a4
Ora di avvio: 01d2fa4fa7333f47
Ora di chiusura: 0
Percorso applicazione: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID segnalazione:
Error: (07/11/2017 04:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 02:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/10/2017 06:54:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
System errors:
=============
Error: (07/13/2017 11:06:53 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.
Error: (07/13/2017 11:06:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
Error: (07/13/2017 11:06:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio aswbIDSAgent.
Error: (07/13/2017 11:03:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Diagnostics Tracking Service non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.
Error: (07/13/2017 11:03:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Client di Criteri di gruppo non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.
Error: (07/13/2017 10:40:37 AM) (Source: Server) (EventID: 2505) (User: )
Description: Il server non ha potuto effettuare il binding del trasporto \Device\NetBT_Tcpip_{600021AD-6960-4ED3-AE8E-480BA0135F73} perché un altro computer sulla rete ha lo stesso nome. Impossibile avviare il server.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spooler di stampa non è stato avviato per il seguente errore:
Il servizio non è stato avviato a causa di un errore in fase di accesso.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Servizio Spooler: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:
Richiesta non supportata.
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
Error: (07/11/2017 04:45:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
==================== Memory info ===========================
Processor: Intel(R) Xeon(TM) CPU 3.60GHz
Percentage of memory in use: 38%
Total physical RAM: 4095.57 MB
Available physical RAM: 2516.5 MB
Total Virtual: 8189.36 MB
Available Virtual: 6673.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:460.38 GB) (Free:391.64 GB) NTFS
Drive e: (Pasquale il disco locale) (Fixed) (Total:152.57 GB) (Free:78.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=5.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 4FA04F9F)
Partition 1: (Not Active) - (Size=152.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by xw6200 (administrator) on XW6200-PC (13-07-2017 11:10:32)
Running from C:\Users\xw6200\Desktop
Loaded Profiles: xw6200 (Available Profiles: xw6200)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-11] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Policies\Explorer: []
Startup: C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk [2017-07-13]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C8EF026-8325-4829-9815-E8D0F7AE9A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default [2017-07-13]
CHR Extension: (Presentazioni Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-11]
CHR Extension: (Documenti Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-11]
CHR Extension: (Adblock Plus) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google Search) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Adobe Acrobat) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-02]
CHR Extension: (Fogli Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Google Documenti offline) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Avast Online Security) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (SpeakIt!) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-16]
CHR Extension: (Gmail) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-05-25] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-19] (Realtek Semiconductor Corp.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-11] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-03-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-13] (Malwarebytes)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-13] (Realtek Semiconductor Corporation )
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 11:10 - 2017-07-13 11:10 - 00000000 ____D C:\Users\xw6200\Desktop\FRST-OlderVersion
2017-07-13 11:09 - 2017-07-13 11:09 - 00001570 _____ C:\Users\xw6200\Desktop\report malawere.txt
2017-07-11 19:14 - 2017-07-11 19:15 - 00028456 _____ C:\Users\xw6200\Desktop\Addition.txt
2017-07-11 19:13 - 2017-07-13 11:10 - 00014437 _____ C:\Users\xw6200\Desktop\FRST.txt
2017-07-11 19:13 - 2017-07-13 11:10 - 00000000 ____D C:\FRST
2017-07-11 17:13 - 2017-07-11 17:13 - 00000555 _____ C:\Users\xw6200\Desktop\JRT.txt
2017-07-11 16:51 - 2017-07-13 11:10 - 02435584 _____ (Farbar) C:\Users\xw6200\Desktop\FRST64.exe
2017-07-11 16:50 - 2017-07-11 16:50 - 01663672 _____ (Malwarebytes) C:\Users\xw6200\Desktop\JRT.exe
2017-07-11 16:48 - 2017-07-11 16:48 - 00002146 _____ C:\Users\xw6200\Desktop\AdwCleaner[C0].txt
2017-07-11 16:39 - 2017-07-11 16:44 - 00000000 ____D C:\AdwCleaner
2017-07-11 16:38 - 2017-07-11 16:39 - 04110280 _____ C:\Users\xw6200\Desktop\AdwCleaner.exe
2017-07-11 16:32 - 2017-07-11 16:32 - 00006972 _____ C:\Users\xw6200\Desktop\malawere.txt
2017-07-11 16:24 - 2017-07-13 11:05 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 16:24 - 2017-07-11 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:42 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 16:16 - 2017-07-11 16:16 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-11 16:16 - 2017-07-11 16:16 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-11 16:11 - 2017-07-11 16:11 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-11 15:18 - 2017-07-11 16:36 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-07-11 15:08 - 2017-07-11 15:09 - 00969199 _____ C:\Users\xw6200\Downloads\pnp_dmd_suitabilitiesreferencecard.pdf
2017-07-11 14:09 - 2017-07-11 14:09 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-21 12:03 - 2017-06-21 12:03 - 00001562 _____ C:\Users\xw6200\Desktop\Pokémon Trading Card Game Online.lnk
2017-06-21 12:03 - 2017-06-21 12:03 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-06-20 20:13 - 2017-06-21 12:02 - 286611456 _____ C:\Users\xw6200\Downloads\PokemonInstaller.msi
2017-06-20 14:15 - 2017-06-20 14:15 - 09136798 _____ C:\Users\xw6200\Downloads\Senza titolo.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 11:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 10:44 - 2017-03-18 12:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-12 16:58 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:58 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 16:16 - 2015-07-08 23:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-11 16:14 - 2015-07-08 23:29 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-11 16:14 - 2015-07-08 23:29 - 00003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-11 16:07 - 2016-11-04 14:15 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478261752
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-11 14:10 - 2016-11-04 13:58 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149977502578106
2017-07-11 14:09 - 2016-11-04 13:58 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:09 - 2016-11-04 13:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-11 14:08 - 2017-03-18 12:22 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-11 14:08 - 2016-11-04 14:15 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:08 - 2016-11-04 13:58 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-06 00:17 - 2017-03-03 01:28 - 00000033 _____ C:\Users\xw6200\Desktop\netflix pagamenti.txt
2017-07-03 16:25 - 2017-06-02 15:20 - 00000000 ____D C:\Users\xw6200\Documents\sessione cthulhu concorso
2017-07-03 16:09 - 2017-03-18 12:28 - 00000640 _____ C:\Users\xw6200\Desktop\uscite fumetti.txt
2017-06-23 11:34 - 2015-06-17 10:08 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\vlc
2017-06-20 20:09 - 2015-07-09 10:58 - 00000000 ____D C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2016-10-03 17:41 - 2016-10-03 17:41 - 0000001 _____ () C:\Users\xw6200\AppData\Local\llftool.4.40.agreement
2016-05-30 13:40 - 2016-05-30 13:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-08 11:09 - 2015-07-08 11:09 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-11 16:11 - 2017-07-11 16:11 - 0000004 _____ () C:\ProgramData\_lg.3sap
Some files in TEMP:
====================
2017-07-11 15:21 - 2017-07-11 15:21 - 0635981 _____ (ZqwHXl5gA7LFJ1RTG3Zq ) C:\Users\xw6200\AppData\Local\Temp\browmodule.exe
2017-06-23 11:23 - 2017-06-23 11:25 - 30950664 _____ () C:\Users\xw6200\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-12 16:50
==================== End of FRST.txt ============================
Malwarebytes
www.malwarebytes.com
-Dettagli log-
Data scansione: 13/07/17
Ora scansione: 10:45
File di log: report malawere.txt
Amministratore: Sì
-Informazioni software-
Versione: 3.1.2.1733
Versione componenti: 1.0.141
Aggiorna versione pacchetto: 1.0.2352
Licenza: Trial
-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: xw6200-PC\xw6200
-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 328295
Minacce rilevate: 2
Minacce messe in quarantena: 2
Tempo impiegato: 4 min, 28 sec
-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Attivata
PUM: Attivata
-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)
Modulo: 0
(Nessun elemento nocivo rilevato)
Chiave di registro: 0
(Nessun elemento nocivo rilevato)
Valore di registro: 0
(Nessun elemento nocivo rilevato)
Dati di registro: 0
(Nessun elemento nocivo rilevato)
Flusso di dati: 0
(Nessun elemento nocivo rilevato)
Cartella: 0
(Nessun elemento nocivo rilevato)
File: 2
Adware.FileTour, C:\$RECYCLE.BIN\S-1-5-21-2837536584-2297837117-1243624517-1000\$R9OLCVT.EXE, In quarantena, [252], [415479],1.0.2352
Adware.FileTour, C:\$RECYCLE.BIN\S-1-5-21-2837536584-2297837117-1243624517-1000\$R5C6XG6.ZIP, In quarantena, [252], [415479],1.0.2352
Settore fisico: 0
(Nessun elemento nocivo rilevato)
(end)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by xw6200 (13-07-2017 11:11:40)
Running from C:\Users\xw6200\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-16 14:10:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2837536584-2297837117-1243624517-500 - Administrator - Disabled)
Guest (S-1-5-21-2837536584-2297837117-1243624517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2837536584-2297837117-1243624517-1003 - Limited - Enabled)
xw6200 (S-1-5-21-2837536584-2297837117-1243624517-1000 - Administrator - Enabled) => C:\Users\xw6200
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.51 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.51 - Datel Design & Development)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DriverEasy 4.9.2 (HKLM\...\DriverEasy_is1) (Version: 4.9.2.0 - Easeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Software di base dispositivo (HKLM\...\{ACBD8F87-9F62-4B6A-AF6C-A0AA9E2E152B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
NVIDIA 3D Vision Controller Driver 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.71 - NVIDIA Corporation)
NVIDIA Driver grafico 270.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.71 - NVIDIA Corporation)
NVIDIA nView 135.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.70 - NVIDIA Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{09D2FBF1-739A-4B36-B933-3867AE85B545}) (Version: 2.45.0 - The Pokémon Company International)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinFast(R) Display Driver (HKLM-x32\...\{F69FD33C-8815-46BF-9134-A643DE68F3C0}) (Version: 1.00.000 - Leadtek Research Inc.)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [2011-02-24] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2011-04-26] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-11] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-31] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {028C08B5-C2C9-4726-AE6C-79850CB53B5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2C06903C-E5E2-4F2E-8466-5883E0F49A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {2C6E503E-0B2B-4818-993F-09C4B7CF78F0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {3360FBBD-25D7-4C88-B92B-902C7CB2BBCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-11] (AVAST Software)
Task: {6DB86CB1-58EC-45BB-B6BE-E2368CFC26A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {6EF31907-5F64-4C98-8AD5-723C281D8DFA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {AB408516-28E7-440F-AFAA-240CCF1E27B8} - System32\Tasks\SafeZone scheduled Autoupdate 1478261752 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {D2194E94-F603-47A3-ABE8-92F6B7A62D64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-07-11 16:24 - 2017-07-11 16:42 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-13 10:44 - 2017-07-13 10:44 - 05781504 _____ () C:\Program Files\AVAST Software\Avast\defs\17071210\algo.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-13 10:49 - 2017-07-13 10:49 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-11 14:08 - 2017-07-11 14:08 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-11 14:08 - 2017-07-11 14:10 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Classes\.scr: AutoCADLTScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-07-11 16:33 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeAutoActivation => C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{0C95AD95-A403-4189-B827-E142ABEA1D46}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [UDP Query User{FD0C8CF5-88BE-4483-919F-4CFA0A3009FB}C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\officesoftwareprotectionplatform\kms.exe
FirewallRules: [TCP Query User{042EC9E5-6D8F-49EC-A67F-1DFAD4A5F3B2}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{976D2C6B-FA73-4574-89A9-D3AF9D9C6E85}E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe] => (Allow) E:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{D82D3E40-7AFC-42C5-A394-CBAE0D73E1AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{C0E9C745-5181-485F-A5EA-FDD0BE151042}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7829738F-2D45-457F-9047-62151F2AB073}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DC4BD56B-8BFC-44FC-B23B-E952817C103D}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E23C7FFF-9418-4598-8019-723C2D2BBAF8}] => (Allow) C:\Users\xw6200\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFECE004-4A29-4BF8-8096-95F0E3A5B160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7229D822-40F1-4990-9D44-384077724240}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B921A405-4E95-47F2-8BEF-0F7FDF14D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{78450E77-A503-4CC8-9DFD-3A37277F877F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{7DC94BCC-C24F-4837-9DA0-9D4CA9CECF3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B015411-F36C-4E72-9FEC-E72B2E646755}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA6B7C8-6024-4534-8135-62F6F8436627}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F07989F2-3443-4FB6-8C41-46F8E2E668F8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{0BF3EC03-3A6E-4ABE-9D88-6C52929FB7E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-06-2017 13:41:25 Punto di controllo pianificato
27-06-2017 13:22:51 Punto di controllo pianificato
04-07-2017 14:12:20 Punto di controllo pianificato
11-07-2017 16:54:04 JRT Pre-Junkware Removal
11-07-2017 17:03:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Mouse compatibile PS/2
Description: Mouse compatibile PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2017 11:06:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/13/2017 10:53:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/12/2017 03:36:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/12/2017 02:10:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 04:29:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma IEXPLORE.EXE versione 11.0.9600.17840 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
ID processo: 10a4
Ora di avvio: 01d2fa4fa7333f47
Ora di chiusura: 0
Percorso applicazione: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID segnalazione:
Error: (07/11/2017 04:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/11/2017 02:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (07/10/2017 06:54:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
System errors:
=============
Error: (07/13/2017 11:06:53 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.
Error: (07/13/2017 11:06:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
Error: (07/13/2017 11:06:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio aswbIDSAgent.
Error: (07/13/2017 11:03:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Diagnostics Tracking Service non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.
Error: (07/13/2017 11:03:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Client di Criteri di gruppo non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.
Error: (07/13/2017 10:40:37 AM) (Source: Server) (EventID: 2505) (User: )
Description: Il server non ha potuto effettuare il binding del trasporto \Device\NetBT_Tcpip_{600021AD-6960-4ED3-AE8E-480BA0135F73} perché un altro computer sulla rete ha lo stesso nome. Impossibile avviare il server.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spooler di stampa non è stato avviato per il seguente errore:
Il servizio non è stato avviato a causa di un errore in fase di accesso.
Error: (07/11/2017 04:45:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Servizio Spooler: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:
Richiesta non supportata.
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
Error: (07/11/2017 04:45:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.
Error: (07/11/2017 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
==================== Memory info ===========================
Processor: Intel(R) Xeon(TM) CPU 3.60GHz
Percentage of memory in use: 38%
Total physical RAM: 4095.57 MB
Available physical RAM: 2516.5 MB
Total Virtual: 8189.36 MB
Available Virtual: 6673.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:460.38 GB) (Free:391.64 GB) NTFS
Drive e: (Pasquale il disco locale) (Fixed) (Total:152.57 GB) (Free:78.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=5.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 4FA04F9F)
Partition 1: (Not Active) - (Size=152.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by xw6200 (administrator) on XW6200-PC (13-07-2017 11:10:32)
Running from C:\Users\xw6200\Desktop
Loaded Profiles: xw6200 (Available Profiles: xw6200)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-11] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\...\Policies\Explorer: []
Startup: C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk [2017-07-13]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3520 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C8EF026-8325-4829-9815-E8D0F7AE9A34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{600021AD-6960-4ED3-AE8E-480BA0135F73}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2837536584-2297837117-1243624517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-25] (Google Inc.)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default [2017-07-13]
CHR Extension: (Presentazioni Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-11]
CHR Extension: (Documenti Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-11]
CHR Extension: (Adblock Plus) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google Search) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Adobe Acrobat) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-02]
CHR Extension: (Fogli Google) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Google Documenti offline) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Avast Online Security) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (SpeakIt!) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-16]
CHR Extension: (Gmail) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\xw6200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKU\S-1-5-21-2837536584-2297837117-1243624517-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-05-25] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S3 klvssbrigde64; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-19] (Realtek Semiconductor Corp.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-11] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-03-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-07-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-13] (Malwarebytes)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-13] (Realtek Semiconductor Corporation )
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 11:10 - 2017-07-13 11:10 - 00000000 ____D C:\Users\xw6200\Desktop\FRST-OlderVersion
2017-07-13 11:09 - 2017-07-13 11:09 - 00001570 _____ C:\Users\xw6200\Desktop\report malawere.txt
2017-07-11 19:14 - 2017-07-11 19:15 - 00028456 _____ C:\Users\xw6200\Desktop\Addition.txt
2017-07-11 19:13 - 2017-07-13 11:10 - 00014437 _____ C:\Users\xw6200\Desktop\FRST.txt
2017-07-11 19:13 - 2017-07-13 11:10 - 00000000 ____D C:\FRST
2017-07-11 17:13 - 2017-07-11 17:13 - 00000555 _____ C:\Users\xw6200\Desktop\JRT.txt
2017-07-11 16:51 - 2017-07-13 11:10 - 02435584 _____ (Farbar) C:\Users\xw6200\Desktop\FRST64.exe
2017-07-11 16:50 - 2017-07-11 16:50 - 01663672 _____ (Malwarebytes) C:\Users\xw6200\Desktop\JRT.exe
2017-07-11 16:48 - 2017-07-11 16:48 - 00002146 _____ C:\Users\xw6200\Desktop\AdwCleaner[C0].txt
2017-07-11 16:39 - 2017-07-11 16:44 - 00000000 ____D C:\AdwCleaner
2017-07-11 16:38 - 2017-07-11 16:39 - 04110280 _____ C:\Users\xw6200\Desktop\AdwCleaner.exe
2017-07-11 16:32 - 2017-07-11 16:32 - 00006972 _____ C:\Users\xw6200\Desktop\malawere.txt
2017-07-11 16:24 - 2017-07-13 11:05 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-11 16:24 - 2017-07-13 11:05 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-11 16:24 - 2017-07-11 16:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-11 16:24 - 2017-07-11 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:42 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-11 16:23 - 2017-07-11 16:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-11 16:16 - 2017-07-11 16:16 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-11 16:16 - 2017-07-11 16:16 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-11 16:11 - 2017-07-11 16:11 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-11 15:18 - 2017-07-11 16:36 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-07-11 15:08 - 2017-07-11 15:09 - 00969199 _____ C:\Users\xw6200\Downloads\pnp_dmd_suitabilitiesreferencecard.pdf
2017-07-11 14:09 - 2017-07-11 14:09 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-21 12:03 - 2017-06-21 12:03 - 00001562 _____ C:\Users\xw6200\Desktop\Pokémon Trading Card Game Online.lnk
2017-06-21 12:03 - 2017-06-21 12:03 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-06-20 20:13 - 2017-06-21 12:02 - 286611456 _____ C:\Users\xw6200\Downloads\PokemonInstaller.msi
2017-06-20 14:15 - 2017-06-20 14:15 - 09136798 _____ C:\Users\xw6200\Downloads\Senza titolo.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-13 11:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 10:44 - 2017-03-18 12:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-12 16:58 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 16:58 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 16:16 - 2015-07-08 23:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-11 16:14 - 2015-07-08 23:29 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-11 16:14 - 2015-07-08 23:29 - 00003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-11 16:07 - 2016-11-04 14:15 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478261752
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-11 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-11 14:10 - 2016-11-04 13:58 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149977502578106
2017-07-11 14:09 - 2016-11-04 13:58 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:09 - 2016-11-04 13:58 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:09 - 2016-11-04 13:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-11 14:08 - 2017-03-18 12:22 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-11 14:08 - 2017-03-18 12:22 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-11 14:08 - 2016-11-04 14:15 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:08 - 2016-11-04 13:58 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-06 00:17 - 2017-03-03 01:28 - 00000033 _____ C:\Users\xw6200\Desktop\netflix pagamenti.txt
2017-07-03 16:25 - 2017-06-02 15:20 - 00000000 ____D C:\Users\xw6200\Documents\sessione cthulhu concorso
2017-07-03 16:09 - 2017-03-18 12:28 - 00000640 _____ C:\Users\xw6200\Desktop\uscite fumetti.txt
2017-06-23 11:34 - 2015-06-17 10:08 - 00000000 ____D C:\Users\xw6200\AppData\Roaming\vlc
2017-06-20 20:09 - 2015-07-09 10:58 - 00000000 ____D C:\Windows\system32\appmgmt
==================== Files in the root of some directories =======
2016-10-03 17:41 - 2016-10-03 17:41 - 0000001 _____ () C:\Users\xw6200\AppData\Local\llftool.4.40.agreement
2016-05-30 13:40 - 2016-05-30 13:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-08 11:09 - 2015-07-08 11:09 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-11 16:11 - 2017-07-11 16:11 - 0000004 _____ () C:\ProgramData\_lg.3sap
Some files in TEMP:
====================
2017-07-11 15:21 - 2017-07-11 15:21 - 0635981 _____ (ZqwHXl5gA7LFJ1RTG3Zq ) C:\Users\xw6200\AppData\Local\Temp\browmodule.exe
2017-06-23 11:23 - 2017-06-23 11:25 - 30950664 _____ () C:\Users\xw6200\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-12 16:50
==================== End of FRST.txt ============================
Pubblicità