Capisco, grazie. Speriamo bene...
FRST.txs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Francesco (administrator) on FRANCESCO-PC (28-03-2018 20:21:40)
Running from C:\Users\Francesco\Desktop
Loaded Profiles: Francesco (Available Profiles: Francesco & Paola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2010-02-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [StmRst] => C:\Windows\StmClean.exe
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [258512 2011-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\Run: [PeenyBee] => C:\Users\Francesco\AppData\Local\PennyBee\PennyBeeW.exe
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\MountPoints2: {824f8747-8690-11e4-b50e-4487fcf95cdd} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-05] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-05] (Lavasoft Limited)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0050B548-63D8-4728-A5C1-B7FFC91EFAB9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.google.it/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-137798577-3675640412-3209826276-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-137798577-3675640412-3209826276-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-137798577-3675640412-3209826276-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá‑*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`‑Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)xä URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-07] (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-07] (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\f2ikf224.default [2018-03-16]
FF Homepage: Mozilla\Firefox\Profiles\f2ikf224.default -> nohomepageset
FF NewTab: Mozilla\Firefox\Profiles\f2ikf224.default -> nohomepageset
FF NetworkProxy: Mozilla\Firefox\Profiles\f2ikf224.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\f2ikf224.default\Extensions\
abs@avira.com [2015-06-01] [Legacy] [not signed]
FF Extension: (KMPlayer Toolbar) - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\f2ikf224.default\Extensions\
toolbar@ask.com [2012-02-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-08] [Legacy] [not signed]
FF HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://
www.google.com/
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]
CHR Extension: (Documenti) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-18]
CHR Extension: (YouTube) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-18]
CHR Extension: (Google Search) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-18]
CHR Extension: (Sicurezza browser Avira) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-07]
CHR Extension: (Google Documenti offline) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-02]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-23]
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-25]
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2011-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-16] (Avira Operations GmbH & Co. KG)
S2 IKEEXT; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 IKEEXT; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.681\McCHSvc.exe [404376 2018-02-04] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2016-03-16] (Pandora.TV)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 oftzsvc; "C:\ProgramData\Application\Offertz\oftzscv.exe" [X]
S2 oftzupd; "c:\programdata\services\updater\oftzupd.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97312 2011-12-16] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130760 2011-12-16] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-16] (Avira GmbH)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-28] (Malwarebytes)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-28 20:21 - 2018-03-28 20:23 - 000022549 _____ C:\Users\Francesco\Desktop\FRST.txt
2018-03-28 20:21 - 2018-03-28 20:21 - 000000000 ____D C:\FRST
2018-03-28 20:19 - 2018-03-28 20:19 - 002403328 _____ (Farbar) C:\Users\Francesco\Desktop\FRST64.exe
2018-03-28 17:06 - 2018-03-28 17:06 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-28 17:05 - 2018-03-28 17:05 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-28 14:57 - 2018-03-28 20:11 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-28 14:57 - 2018-03-28 17:05 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-28 14:57 - 2018-03-28 14:57 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-28 14:57 - 2018-03-28 14:57 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-28 14:57 - 2018-03-28 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-28 14:57 - 2018-03-28 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-28 14:57 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-28 09:19 - 2018-03-28 09:20 - 000000000 ____D C:\Users\Francesco\AppData\Local\{A7F5D88C-A394-4AA5-84F6-C008D11D12CC}
2018-03-27 18:38 - 2018-03-27 18:48 - 000000000 ____D C:\Users\Francesco\AppData\Local\{1ABD7477-5BDF-4F99-A185-4072B3AA425A}
2018-03-27 17:52 - 2018-03-27 17:52 - 000000000 ____D C:\Users\Francesco\AppData\Local\{100801A7-31B7-41E5-AA83-5949E2097DEB}
2018-03-27 17:25 - 2018-03-27 17:25 - 000000000 ____D C:\Users\Francesco\AppData\Local\{24092D40-5ADA-42E7-AC90-2400D21ADE98}
2018-03-27 15:24 - 2018-03-27 15:24 - 000000000 ____D C:\Users\Francesco\AppData\Local\{42379013-2CD7-4292-8185-2626A8B628EA}
2018-03-27 09:24 - 2018-03-27 09:24 - 000000000 ____D C:\Users\Francesco\AppData\Local\{6F80DA1F-F12C-4405-A87D-8C2627E57264}
2018-03-26 21:23 - 2018-03-26 21:24 - 000000000 ____D C:\Users\Francesco\AppData\Local\{370E8C97-1715-4113-958C-F268565B1C16}
2018-03-26 09:21 - 2018-03-26 09:22 - 000000000 ____D C:\Users\Francesco\AppData\Local\{CFEE42B2-13B3-4182-BACC-7C85E0FAFC7E}
2018-03-25 13:23 - 2018-03-25 13:23 - 000000000 ____D C:\Users\Francesco\AppData\Local\{3B545817-4761-487F-8B4B-647344C3B863}
2018-03-25 13:22 - 2018-03-25 13:22 - 000000000 ____D C:\Users\Francesco\AppData\Local\{A0547962-77BC-47B1-B6FD-6F0C8246555E}
2018-03-25 09:57 - 2018-03-25 09:57 - 000000000 ____D C:\Users\Francesco\AppData\Local\{770A4040-5C14-48C4-8A41-6AA59C3B2C15}
2018-03-24 21:51 - 2018-03-24 21:54 - 000000000 ____D C:\Users\Francesco\AppData\Local\{ECE85731-E657-4444-B7ED-2906F72158F1}
2018-03-24 09:40 - 2018-03-24 09:51 - 000000000 ____D C:\Users\Francesco\AppData\Local\{6BE8B3F0-E100-47BA-B255-3CDD7BC1A70E}
2018-03-23 18:23 - 2018-03-23 18:23 - 000043827 _____ C:\Users\Paola\Downloads\BANDOCONC.n.5.Dirig.Sanit.BIOLOGI.pdf
2018-03-23 13:53 - 2018-03-23 13:53 - 000168933 _____ C:\Users\Francesco\BANDO.pdf
2018-03-23 10:23 - 2018-03-23 10:37 - 000000000 ____D C:\Users\Francesco\AppData\Local\{1F959F11-A6CD-434B-9088-91A7B77F302B}
2018-03-22 13:03 - 2018-03-22 13:12 - 000000000 ____D C:\Users\Francesco\AppData\Local\{DB006445-9EF0-4A12-9305-D444C035BB7E}
2018-03-22 11:08 - 2018-03-22 11:08 - 000000000 ____D C:\Users\Francesco\AppData\Local\{9B382A50-85FE-4BFF-87B7-BEBAE59F65AA}
2018-03-22 10:45 - 2018-03-22 10:45 - 000000000 ____D C:\Users\Francesco\AppData\Local\{212610D8-3CDB-447A-AA48-E27A29B1BE03}
2018-03-22 10:13 - 2018-03-22 10:13 - 000000000 ____D C:\Users\Francesco\AppData\Local\{B9D24257-805E-451D-B9E3-A36D1D09951D}
2018-03-21 17:12 - 2018-03-21 17:12 - 000000000 ____D C:\Users\Paola\Desktop\Nuova cartella (2)
2018-03-21 15:03 - 2018-03-21 15:03 - 000000000 ____D C:\Users\Francesco\AppData\Local\{CBAB6E55-6FF5-4A5B-B0BC-90E1497BAC4E}
2018-03-21 13:06 - 2018-03-21 13:06 - 000000000 ____D C:\Users\Francesco\AppData\Local\{D08A1B37-E915-4DB2-92F6-4926F5DCDD24}
2018-03-21 12:28 - 2018-03-21 12:28 - 000000000 ____D C:\Users\Francesco\AppData\Local\{FE813865-1640-4358-A540-3CC2CCC11784}
2018-03-21 00:13 - 2018-03-21 00:22 - 000000000 ____D C:\Users\Francesco\AppData\Local\{5CCCC858-80BF-4CB7-8DCC-E0345EE2EC89}
2018-03-20 11:57 - 2018-03-20 11:59 - 000000000 ____D C:\Users\Francesco\AppData\Local\{E6F8EF1A-A021-4BE2-BDF2-6A8C90FCB3D4}
2018-03-20 11:43 - 2018-03-20 11:43 - 000000000 ____D C:\Users\Francesco\AppData\Local\{B2C6DCCB-8454-4707-9162-31074C091EB6}
2018-03-20 11:24 - 2018-03-20 11:24 - 000000000 ____D C:\Users\Francesco\AppData\Local\{AD3E22AD-DF7A-47D8-B4AA-2CCE6D7BB2CF}
2018-03-20 11:18 - 2018-03-20 11:18 - 000000000 ____D C:\Users\Francesco\AppData\Local\{86C054CE-C71A-4AA7-8EC2-28385830EDFB}
2018-03-19 11:54 - 2018-03-19 11:54 - 000000000 ____D C:\Users\Francesco\AppData\Local\{0AEFD3F6-5667-4596-BE92-6FF6E686F2FF}
2018-03-18 13:36 - 2018-03-18 13:45 - 000000000 ____D C:\Users\Francesco\AppData\Local\{1D033228-8552-418E-9D38-2DEE5C596904}
2018-03-17 18:29 - 2018-03-17 18:29 - 000000000 ____D C:\Users\Paola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-17 12:02 - 2018-03-17 12:12 - 000000000 ____D C:\Users\Francesco\AppData\Local\{1343A769-8B14-4AAE-A121-59FF1E981DC3}
2018-03-17 11:26 - 2018-03-17 11:26 - 000000000 ____D C:\Users\Francesco\AppData\Local\{8E4CB832-0077-48ED-9A62-6605C7E87822}
2018-03-16 17:27 - 2018-03-16 17:27 - 000000000 ____D C:\Users\Francesco\AppData\Local\{CB10B6A0-8CE9-4714-B0F4-5721710D710F}
2018-03-15 23:19 - 2018-03-15 23:19 - 000000000 ____D C:\Users\Francesco\AppData\Local\{55749B4F-01CB-441C-BF5E-B7B593DA930A}
2018-03-15 17:25 - 2018-03-15 23:05 - 000002576 _____ C:\Users\Francesco\AppData\Roaming\cookies.sqlite-journal
2018-03-15 15:46 - 2018-03-15 15:46 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-15 14:35 - 2018-03-15 23:05 - 012492800 _____ C:\Users\Francesco\AppData\Roaming\cookies.sqlite
2018-03-15 14:35 - 2018-03-15 23:03 - 000000000 _____ C:\ProgramData\{d781e3a1-e512-422f-aa6c-27428437cbc4}.lock
2018-03-15 13:15 - 2018-03-28 20:20 - 000000000 ____D C:\Users\Francesco\Desktop\virus
2018-03-15 11:56 - 2018-03-15 11:56 - 000000000 ____D C:\Users\Francesco\AppData\Local\{8AB7FD5E-BC46-4C2C-81DC-0F7B18AAD26F}
2018-03-15 11:14 - 2018-03-15 11:14 - 000000000 ____D C:\Users\Francesco\Desktop\roi
2018-03-14 16:21 - 2018-03-14 16:22 - 000000000 ____D C:\Users\Francesco\AppData\Local\{58150DFA-4A58-484F-BA0E-F8FC70C7DD70}
2018-03-14 12:49 - 2018-03-14 12:49 - 000438518 _____ C:\Users\Francesco\Desktop\Informativa Inps_IT.pdf
2018-03-13 23:09 - 2018-03-13 23:10 - 000000000 ____D C:\Users\Francesco\AppData\Local\{82E5ADCF-456E-49D3-B3D0-90862EE24898}
2018-03-13 09:07 - 2018-03-13 09:08 - 000000000 ____D C:\Users\Francesco\AppData\Local\{24FC2F7A-72D7-4613-91E4-DEEA3F1AB1AB}
2018-03-12 11:33 - 2018-03-12 11:41 - 000000000 ____D C:\Users\Francesco\AppData\Local\{49ABE00C-D708-4A6D-98F7-64CF69878EC1}
2018-03-12 10:36 - 2018-03-12 10:36 - 000000000 ____D C:\Users\Francesco\AppData\Local\{133B3F62-3043-4524-A868-14770A71AF32}
2018-03-11 15:35 - 2018-03-11 15:35 - 000000000 ____D C:\Users\Francesco\AppData\Local\{AA8A1FCF-A9A3-4859-9602-006579DD98F9}
2018-03-10 09:51 - 2018-03-10 09:52 - 000000000 ____D C:\Users\Francesco\AppData\Local\{98AF2433-1E96-47BA-A872-C19AFAC2CDC0}
2018-03-09 20:39 - 2018-03-15 13:55 - 000000000 ____D C:\Users\Francesco\Desktop\roman
2018-03-09 10:55 - 2018-03-09 10:55 - 000000000 ____D C:\Users\Francesco\AppData\Local\{F4CD9E3F-E8A7-4006-B370-912067B3FC6E}
2018-03-08 22:54 - 2018-03-08 22:55 - 000000000 ____D C:\Users\Francesco\AppData\Local\{5B8C1634-4710-4E5B-8EA8-3765891BCAC1}
2018-03-08 17:58 - 2018-03-08 17:58 - 000270361 _____ C:\Users\Paola\Downloads\263-02-2018.pdf
2018-03-08 10:46 - 2018-03-08 10:54 - 000000000 ____D C:\Users\Francesco\AppData\Local\{DBA736CA-A270-42FE-9C6E-A92FADB990A6}
2018-03-08 09:03 - 2018-03-08 09:03 - 000000000 ____D C:\Users\Francesco\AppData\Local\{BC280A83-6139-4FF3-908C-6D2EEA7851A3}
2018-03-07 18:15 - 2018-03-07 18:25 - 000000000 ____D C:\Users\Francesco\AppData\Local\{434DE9F9-C7C4-4E65-8310-5372CCA170E9}
2018-03-07 17:55 - 2018-03-07 17:55 - 002450158 _____ C:\Users\Paola\Downloads\266-03-2018 V2 all. A.pdf
2018-03-07 09:25 - 2018-03-07 09:25 - 000000000 ____D C:\Users\Francesco\AppData\Local\{6C418422-4492-4804-BEB8-F99FE969D0F5}
2018-03-07 09:06 - 2018-03-07 09:06 - 000000000 ____D C:\Users\Francesco\AppData\Local\{DADE18D2-9A61-44B1-9AC5-F0CD95077F35}
2018-03-06 10:56 - 2018-03-06 11:04 - 000000000 ____D C:\Users\Francesco\AppData\Local\{C7C25387-4BFD-4460-A807-CFE576558314}
2018-03-05 22:23 - 2018-03-05 22:30 - 000000000 ____D C:\Users\Francesco\AppData\Local\{3DFE42DA-A159-4D4E-BDCA-EEF1E502A866}
2018-03-05 19:06 - 2018-03-05 19:06 - 000021669 _____ C:\Users\Paola\Downloads\ELENCO.pdf
2018-03-05 18:22 - 2018-03-05 18:22 - 000475453 _____ C:\Users\Paola\Downloads\8045576BANDOforno.pdf
2018-03-04 18:05 - 2018-03-04 18:05 - 000000000 ____D C:\Users\Francesco\AppData\Local\{F624274A-B42D-43F5-BF07-49B58CE40C11}
2018-03-03 20:48 - 2018-03-03 20:48 - 000000000 ____D C:\Users\Francesco\Desktop\Funzionario
2018-03-03 14:12 - 2018-03-03 14:20 - 000000000 ____D C:\Users\Francesco\AppData\Local\{F8C74D9A-AA57-43DA-AF13-FA74CB05C8FD}
2018-03-02 13:10 - 2018-03-02 13:15 - 000000000 ____D C:\Users\Francesco\AppData\Local\{B8533C89-AF54-4453-A4A8-07F9AC433909}
2018-03-01 12:19 - 2018-03-01 12:25 - 000000000 ____D C:\Users\Francesco\AppData\Local\{EFCE4ED2-EA06-4778-8F5F-233B0B12FCD6}
2018-03-01 10:38 - 2018-03-01 10:38 - 000000000 ____D C:\Users\Francesco\AppData\Local\{0574F2AB-A01E-465F-958A-06E540A6546E}
2018-02-28 21:10 - 2018-02-28 21:10 - 000000000 ____D C:\Users\Francesco\Desktop\Paola-ricevute
2018-02-27 10:19 - 2018-02-27 10:24 - 000000000 ____D C:\Users\Francesco\AppData\Local\{F39D2444-0133-41A3-969E-14B14240D467}
2018-02-27 09:26 - 2018-02-27 09:26 - 000000000 ____D C:\Users\Francesco\AppData\Local\{9A61ED4D-8B2B-4A97-9288-BDA0391E32AB}
2018-02-26 17:49 - 2018-02-26 17:50 - 000236314 _____ C:\Users\Paola\Downloads\222-03-2018.pdf
2018-02-26 14:39 - 2018-02-26 14:44 - 000000000 ____D C:\Users\Francesco\AppData\Local\{88E3A52D-86F2-4D78-9443-17AD759EAD9A}
2018-02-26 10:39 - 2018-02-26 10:39 - 000000000 ____D C:\Users\Francesco\AppData\Local\{D0075616-EC82-4077-813D-B4EB7BE9B95F}
2018-02-26 10:11 - 2018-02-26 10:11 - 000000000 ____D C:\Users\Francesco\AppData\Local\{14295A50-EE0B-4ED7-9C68-8B8D5775A509}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-28 19:44 - 2015-06-03 08:38 - 000001134 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001UA.job
2018-03-28 17:13 - 2009-07-14 06:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-28 17:13 - 2009-07-14 06:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-28 17:09 - 2010-10-06 09:24 - 000757734 _____ C:\Windows\system32\perfh010.dat
2018-03-28 17:09 - 2010-10-06 09:24 - 000153394 _____ C:\Windows\system32\perfc010.dat
2018-03-28 17:09 - 2009-07-14 07:13 - 001696320 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-28 17:09 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-03-28 17:07 - 2015-08-19 15:16 - 000003486 _____ C:\Windows\System32\Tasks\AutoKMS
2018-03-28 17:05 - 2017-11-22 10:56 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-28 17:05 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-28 14:18 - 2018-02-06 11:31 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-03-28 14:18 - 2015-08-19 15:16 - 000000000 ____D C:\Windows\AutoKMS
2018-03-28 14:18 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-03-28 12:44 - 2014-06-12 19:54 - 000000000 ____D C:\Users\Francesco\Desktop\Fra-libri
2018-03-28 09:44 - 2015-06-03 08:38 - 000001082 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001Core.job
2018-03-23 13:53 - 2011-04-04 23:25 - 000000000 ____D C:\Users\Francesco
2018-03-21 17:11 - 2011-04-24 18:47 - 000000000 ____D C:\Users\Paola\Desktop\lavori
2018-03-19 00:10 - 2012-06-22 12:18 - 000000000 ____D C:\Users\Francesco\Documents\Biblioteca di calibre
2018-03-17 18:29 - 2014-11-28 18:32 - 000000000 ____D C:\Users\Paola\AppData\Roaming\Dropbox
2018-03-16 10:08 - 2017-07-21 23:43 - 000002168 _____ C:\Users\Paola\Desktop\Controlli 2017.lnk
2018-03-16 10:07 - 2013-07-27 13:23 - 000000000 ____D C:\Users\Francesco\AppData\Roaming\BabSolution
2018-03-16 10:03 - 2014-08-14 13:08 - 000000000 ____D C:\Users\Francesco\AppData\Local\ICSharpCode.net
2018-03-16 10:03 - 2013-07-27 13:23 - 000000000 ____D C:\Program Files (x86)\Delta
2018-03-16 08:43 - 2014-08-15 10:40 - 000000000 ____D C:\Program Files (x86)\ABBYY FineReader 11
2018-03-15 23:12 - 2017-07-21 18:34 - 000000000 ____D C:\Users\Paola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unica
2018-03-15 23:12 - 2011-04-24 18:26 - 000000000 ____D C:\Users\Paola
2018-03-15 23:10 - 2011-04-06 13:07 - 000000000 __RHD C:\MSOCache
2018-03-11 11:42 - 2011-04-05 10:08 - 000000000 ____D C:\Users\Francesco\AppData\Local\ElevatedDiagnostics
2018-03-04 00:49 - 2016-09-13 09:07 - 000000000 ____D C:\Users\Francesco\Desktop\MALOLI
2018-03-02 10:56 - 2011-04-24 18:47 - 000000000 ____D C:\Users\Paola\Desktop\documenti Paola
2018-02-26 17:43 - 2017-10-09 08:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-26 10:01 - 2017-10-09 08:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2018-03-15 14:35 - 2018-03-15 23:05 - 012492800 _____ () C:\Users\Francesco\AppData\Roaming\cookies.sqlite
2018-03-15 17:25 - 2018-03-15 23:05 - 000002576 _____ () C:\Users\Francesco\AppData\Roaming\cookies.sqlite-journal
2012-10-22 12:57 - 2015-05-10 09:37 - 000005120 _____ () C:\Users\Francesco\AppData\Roaming\mainhst.zgh
2017-11-29 16:52 - 2017-11-29 16:52 - 000000000 _____ () C:\Users\Francesco\AppData\Roaming\Microsoft\884A.tmp
2013-07-27 13:14 - 2017-12-19 20:49 - 000007606 _____ () C:\Users\Francesco\AppData\Local\Resmon.ResmonCfg
2014-08-22 11:49 - 2014-08-22 11:49 - 000000000 _____ () C:\Users\Francesco\AppData\Local\{08D5909F-CC14-4A00-A9E1-CA5F1A067EE9}
2014-08-22 11:49 - 2014-08-22 11:49 - 000000000 _____ () C:\Users\Francesco\AppData\Local\{4E120EF8-1365-4FD4-9329-3EB6927CF3DB}
Some files in TEMP:
====================
2013-01-29 00:20 - 2013-01-29 00:20 - 000248008 _____ (Ask.com) C:\Users\Francesco\AppData\Local\Temp\AskSLib.dll
2013-11-27 22:26 - 2018-03-15 23:12 - 000000000 ____D () C:\Users\Francesco\AppData\Local\Temp\avgnt.exe
2017-10-09 08:42 - 2017-10-09 08:42 - 000290304 _____ (Microsoft Corporation) C:\Users\Francesco\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2013-08-18 19:48 - 2013-08-18 19:48 - 000000000 _____ () C:\Users\Francesco\AppData\Local\Temp\fm0-ghex.dll
2012-01-12 22:16 - 2012-01-12 22:16 - 003763360 _____ (Adobe Systems, Inc.) C:\Users\Francesco\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2015-07-05 18:32 - 2015-07-05 19:23 - 024775152 _____ (Ellora Assets Corporation ) C:\Users\Francesco\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2018-02-07 18:01 - 2018-02-07 18:01 - 001864256 _____ (Oracle Corporation) C:\Users\Francesco\AppData\Local\Temp\jre-8u161-windows-au.exe
2012-09-28 13:16 - 2012-09-28 13:16 - 000064000 _____ () C:\Users\Francesco\AppData\Local\Temp\KMP_3.3.0.33.exe
2016-12-31 15:34 - 2016-12-31 15:35 - 017280000 _____ (PandoraTV) C:\Users\Francesco\AppData\Local\Temp\KMP_4.1.5.3.exe
2017-02-03 21:39 - 2017-03-12 21:47 - 001344000 _____ (PandoraTV) C:\Users\Francesco\AppData\Local\Temp\KMP_4.1.5.8.exe
2017-12-24 22:49 - 2017-12-24 22:49 - 007680000 _____ (PandoraTV) C:\Users\Francesco\AppData\Local\Temp\KMP_4.2.2.5.exe
2018-02-11 16:27 - 2018-02-11 16:28 - 008576000 _____ (PandoraTV) C:\Users\Francesco\AppData\Local\Temp\KMP_4.2.2.7.exe
2018-03-28 14:54 - 2018-03-28 14:47 - 068724528 _____ (Malwarebytes ) C:\Users\Francesco\AppData\Local\Temp\mb3-setup-35891.35891-3.4.4.2398-1.0.322-1.0.4190.exe
2014-08-14 12:30 - 2014-08-14 12:31 - 004600128 _____ (Offertz.com ) C:\Users\Francesco\AppData\Local\Temp\OffertzSetup.exe
2015-08-19 14:34 - 2016-07-10 18:33 - 001082880 _____ (Microsoft Corporation) C:\Users\Francesco\AppData\Local\Temp\pidgenx.dll
2014-03-21 11:31 - 2014-03-21 11:32 - 028430448 _____ () C:\Users\Francesco\AppData\Local\Temp\Softonic_IT_1-5-9_IT-Production_10_CleanRelease.exe
2012-06-19 11:20 - 2012-06-19 11:20 - 000077824 _____ (Eclipse Foundation) C:\Users\Francesco\AppData\Local\Temp\swt-gdip-win32-3452.dll
2012-06-19 11:19 - 2012-06-19 11:19 - 000335872 _____ (Eclipse Foundation) C:\Users\Francesco\AppData\Local\Temp\swt-win32-3452.dll
2012-08-10 00:12 - 2012-08-25 21:18 - 000248008 _____ (Ask.com) C:\Users\Paola\AppData\Local\Temp\AskSLib.dll
2013-11-27 21:43 - 2015-08-15 18:01 - 000000000 ____D () C:\Users\Paola\AppData\Local\Temp\avgnt.exe
2015-07-10 18:17 - 2015-07-10 18:17 - 000043008 _____ () C:\Users\Paola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphh2vtm.dll
2017-01-04 18:40 - 2017-01-04 18:40 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUR250C.exe
2015-07-08 20:17 - 2015-07-08 20:17 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUR3A12.exe
2018-02-06 17:23 - 2018-02-06 17:23 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUR53CA.exe
2017-12-03 09:39 - 2017-12-03 09:39 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUR76C5.exe
2017-12-23 19:00 - 2017-12-23 19:00 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUR9D86.exe
2017-05-08 09:44 - 2017-05-08 09:44 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GURE6E8.exe
2018-02-25 10:49 - 2018-02-25 10:49 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\GUREF6E.exe
2012-09-19 09:40 - 2012-10-16 13:25 - 000376352 _____ () C:\Users\Paola\AppData\Local\Temp\KMP_3.3.0.33.exe
2012-11-15 19:05 - 2012-11-15 19:05 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\KMP_3.4.0.59.exe
2016-05-06 16:40 - 2016-05-06 16:40 - 000909568 _____ () C:\Users\Paola\AppData\Local\Temp\KMP_4.0.7.1.exe
2015-06-10 13:01 - 2015-06-10 13:11 - 000000000 _____ () C:\Users\Paola\AppData\Local\Temp\{1C6AEFA5-7B28-47A4-9B03-F9F71C4198F0}-43.0.2357.124_43.0.2357.81_chrome_updater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-19 15:11
==================== End of FRST.txt ============================
ADDITION.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Francesco (28-03-2018 20:25:53)
Running from C:\Users\Francesco\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-04 21:25:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-137798577-3675640412-3209826276-500 - Administrator - Disabled)
Francesco (S-1-5-21-137798577-3675640412-3209826276-1000 - Administrator - Enabled) => C:\Users\Francesco
Guest (S-1-5-21-137798577-3675640412-3209826276-501 - Limited - Disabled)
Paola (S-1-5-21-137798577-3675640412-3209826276-1001 - Limited - Enabled) => C:\Users\Paola
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Acer Arcade Deluxe (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Movie (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.0.0.141 - Avira)
Bing Bar Platform (HKLM-x32\...\{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}) (Version: 6.3.2322.0 - Microsoft Corporation) Hidden
Bing Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
calibre (HKLM-x32\...\{D7E16C53-8B27-46FE-9499-E826CBC2E9CE}) (Version: 0.9.11 - Kovid Goyal)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Telematico 1.0.0 (HKLM-x32\...\Desktop Telematico 1.0.0) (Version: 1.0.0.0 - SOGEI)
DesktopTelematico 1.0.0 (HKLM-x32\...\DesktopTelematico) (Version: - )
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMule (HKLM-x32\...\eMule) (Version: - )
EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version: - epubtomobi.com)
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version: - )
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Iminent (HKLM-x32\...\{6421DD1B-F425-487F-945D-381A847D6901}) (Version: 4.10.0.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KindlePreviewer (HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\KindlePreviewer) (Version: 2.4 - Amazon)
KMPlayer Toolbar Updater (HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.06.20130913 - LG Electronics)
LG PhoneManager (HKLM-x32\...\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}) (Version: 1.00.0000 - LGE)
LG SyncManager (HKLM-x32\...\{FFD25152-1916-4744-BAAF-F2D2EBF38284}) (Version: 1.00.0000 - LGE)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes versione 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
MCCI(r)Firmware Update Driver for MTK (HKLM-x32\...\{13E92303-C1AC-4012-9E22-54EACBF54888}) (Version: 1.00.0000 - MCCI)
MediaShow Espresso (HKLM-x32\...\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}) (Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{C7DAD22D-29D4-438F-B986-03B9ED582EA4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINTR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{0506406d-6ba9-41e4-8a8e-8a6f28709256}) (Version: - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.7.1 - )
PDF OCR 4.3.3 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version: - PDF OCR)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Question Writer 4 (HKLM-x32\...\{D6DDBEC7-69DD-4BFB-A1A1-E7CA828856B2}) (Version: 4.0.0 - Question Writer Corporation)
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Supporto applicazioni Apple (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-137798577-3675640412-3209826276-1000_Classes\CLSID\{159E17FF-711E-9A86-A801-DC480DEC4025}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers1-x32: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2011-12-16] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-14] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [ZipGenius 6] -> {DE85006F-2E77-41FA-B8B3-FD9637AEE9A9} => C:\Program Files (x86)\ZipGenius 6\contmenu.dll [2011-03-15] (Wininizio.it Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2010-04-02] (Egis Technology Inc.)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-27] (Egis Technology Inc.)
ContextMenuHandlers4-x32: [ZipGenius 6] -> {DE85006F-2E77-41FA-B8B3-FD9637AEE9A9} => C:\Program Files (x86)\ZipGenius 6\contmenu.dll [2011-03-15] (Wininizio.it Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2011-12-16] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [ZipGenius 6] -> {DE85006F-2E77-41FA-B8B3-FD9637AEE9A9} => C:\Program Files (x86)\ZipGenius 6\contmenu.dll [2011-03-15] (Wininizio.it Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C6E947E-5A9C-44AB-AC8A-81157AF0AB8D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001UA => C:\Users\Paola\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {3A24F45B-6055-4DF9-85A6-6199AD749C2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {591489AC-3463-4AB2-A3A1-9522CC28A4CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-10] (Adobe Systems Incorporated)
Task: {62E455F1-F1F9-4CAB-93B3-53F80ABDDC20} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6ED1783B-9EF8-4C47-B3CA-4E0641158522} - System32\Tasks\{C6FD0959-26DB-4CB7-ADB6-8D0C482DB2F9} => C:\Windows\system32\pcalua.exe -a C:\Users\Francesco\Desktop\MUTUL\ADE_2.0_Installer.exe -d C:\Users\Francesco\Desktop\MUTUL
Task: {784C6685-D7E1-42A2-853D-4E528ABE1BE1} - System32\Tasks\{A2D040CB-6CF4-41FB-B87B-298F2BB75E1D} => C:\Windows\system32\pcalua.exe -a F:\driver\vista\32bit\setup.exe -d F:\driver\vista\32bit
Task: {935CCEAB-0E91-4FF6-87AE-4980E39540EC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001Core => C:\Users\Paola\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {AA8C3D70-A7E4-4581-8E89-795409EACAA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ADB732F7-ADD8-4EB8-98E9-7293AADAE1FD} - System32\Tasks\GoogleUpdateTaskMachineCore1cec693a93c9a2f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B78CCD25-3EDE-4161-B201-9F438707B44D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-10] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001Core.job => C:\Users\Paola\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-137798577-3675640412-3209826276-1001UA.job => C:\Users\Paola\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Siti Web personali su MSN\target.lnk -> hxxp://
www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-08 23:41 - 2010-05-13 07:23 - 000244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2009-12-14 04:19 - 2009-12-09 11:24 - 000076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2018-03-28 14:57 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-28 14:57 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-08-04 14:40 - 2010-08-04 14:40 - 000611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2018-02-23 11:15 - 2018-02-22 05:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-23 11:15 - 2018-02-22 05:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-10-06 10:16 - 2011-12-16 09:51 - 000398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 001044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 11:47 - 2010-08-04 11:47 - 000144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2011-12-27 21:59 - 2016-03-16 20:04 - 001277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2011-12-27 21:59 - 2011-12-27 21:59 - 002090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2011-12-27 21:59 - 2011-12-27 22:00 - 000133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2012-03-16 14:35 - 2012-03-23 10:41 - 000224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [244]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [282]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [250]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [300]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [284]
AlternateDataStreams: C:\Users\Francesco\Desktop\carta.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Francesco\Desktop\carta.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Francesco\Desktop\elenco.bmp:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Francesco\Desktop\elenco.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Francesco\Desktop\prova d'acquisto.jpg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Francesco\Desktop\prova d'acquisto.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Francesco\Desktop\richiesta disp.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Francesco\Desktop\richiesta disp.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-137798577-3675640412-3209826276-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-10-03 10:31 - 000000853 _____ C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-137798577-3675640412-3209826276-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EFFBFB8F-C9BC-490A-9D73-796E220793E0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A40DB172-041A-49F0-B782-16E0D69C5DB0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F3C426E8-83F4-4776-827B-95A276CFB218}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{8E97A2FB-074F-4ADA-A58F-8D303F88C9A4}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
FirewallRules: [{9CEC96D1-724F-445B-967B-1F0B1374CBB0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\CLMLSvc.exe
FirewallRules: [{9D8FDB28-9CFF-4F18-BDA1-6781FC23189E}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{C4A092FB-CD92-4521-92F7-BD1D09821517}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovie.exe
FirewallRules: [{365CAE2F-97AD-4FA0-AA70-FB3303496427}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovieService.exe
FirewallRules: [{F7AAE34D-C855-413D-B373-37EDEC7D4769}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CC4ACFBD-6E47-435F-911C-6F0ACDBC94B1}] => (Allow) svchost.exe
FirewallRules: [{D09D7622-5C1F-4364-B08E-4EDA96405E02}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B6C9613D-606A-40FB-8AB8-D15D9C541063}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D0E0C4B7-E030-4FF0-B783-9E187206E949}] => (Allow) LPort=2869
FirewallRules: [{251B4985-8E43-4703-A4B5-C26019804E94}] => (Allow) LPort=1900
FirewallRules: [{946FB4A0-5C39-4316-90A9-23F848C6C9BB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{4CF0655F-760E-476F-86A7-C85BB41C5B10}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{8F66E67B-9492-488A-9DB4-1937AD5691A4}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{3A6F247C-0490-4586-98F1-738C48CF3A59}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{BF6A1592-5730-49B7-B8D4-DE3B846CB4DD}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{470156E5-6E44-4447-9AB6-A404A431037D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A4B74283-65E0-4378-91EC-C47A1B123BA7}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{49BFA0F1-C74F-4E62-AD80-D2D931599ED4}] => (Allow) C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
FirewallRules: [{F97F8E6E-D0FB-41D1-8425-D014CA70E211}] => (Allow) C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe
FirewallRules: [{2E8BCBD8-27E2-4CCB-A2FF-2ECB12B38507}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3DE99F6-1B08-498B-83F4-B75A2AC7CC45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EA0039E-2976-4F9A-B07C-EBC53DECB94F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D9078E2-86C9-4956-BF25-525F7DDBFDC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C38CA3B8-F8B0-4078-B788-9207711F5E50}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{85E45CE9-C9DA-44C7-B716-9482FBDE31FF}C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9406F153-840A-4B64-84B9-D6B5F52E3F2D}C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C7FED64C-A343-4610-B910-F04A132D27D8}C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C5044F0F-1F6E-4EA9-BB1E-F59E150EEC3B}C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\Paola\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B4A3BBB0-8BFC-4B20-AC88-5CD5EE8210A3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{77CFA391-C1BF-435D-BB3F-42D4E183E18E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{635B9D98-DB58-4856-A2E2-3AC1619D10C1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{F66E82F3-FD66-41D3-BEE1-35713FF8575F}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{696785ED-A362-4015-8D88-78DD820ED011}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E3286D34-8932-4E74-B009-71B7E595BB12}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{793B51C2-C403-4EE6-816F-1EB3229A5262}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{5C3B42E5-E296-49B7-82FB-95629E7A0FFE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{84EA1A1D-C699-4590-9AA2-6098754AF69A}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C74BCBB5-094A-4A65-B26E-61FACA4352AD}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7734E84F-C099-47DC-970C-3F3D16213BCC}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F48E131D-7B79-48D7-AA9E-A673E0AC5F12}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FC704C6A-570F-4B7D-88F1-DB71B41D0371}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C52423B9-8F26-400D-8A4A-84542F4E5A90}] => (Allow) C:\Users\Francesco\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5C317032-48D3-4ABF-A325-E9195F009B20}C:\desktoptelematico\desktoptelematico\desktoptelematico.exe] => (Allow) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [UDP Query User{D6B6FA4F-D124-45CF-B4C8-D335BD9EE183}C:\desktoptelematico\desktoptelematico\desktoptelematico.exe] => (Allow) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [{3AF88A0D-D118-4899-844F-182BC08FD016}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{348E7558-9D04-4E5A-8977-C84311D004C9}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{555A75DE-2C5E-4D14-9A9D-2F6EB5DB90D0}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0A0F713A-D4AE-481B-8435-3C5F6C68F741}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{864E9715-7CB6-4D85-859D-D4A33B206CAE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
==================== Restore Points =========================
13-03-2018 15:40:03 Punto di controllo pianificato
15-03-2018 22:50:08 Operazione di ripristino
24-03-2018 14:41:40 Punto di controllo pianificato
28-03-2018 13:00:26 Operazione di ripristino
==================== Faulty Device Manager Devices =============
Name: Generic- SM/xD-Picture USB Device
Description: Unità disco
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (unità disco standard)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/28/2018 08:20:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 08:19:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 08:13:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 07:40:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 06:48:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 06:46:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 06:24:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
Error: (03/28/2018 06:11:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Impossibile aggiungere il certificato all'archivio delle Autorità di certificazione radice di terze parti. Errore: Accesso negato.
System errors:
=============
Error: (03/28/2018 06:04:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: Agente proxy DNS: impossibile allocare 0 byte di memoria. Ciò potrebbe indicare una condizione di memoria virtuale insufficiente nel sistema oppure un errore interno rilevato dal gestore della memoria.
Error: (03/28/2018 05:07:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Servizio Google Update (gupdate) non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
Error: (03/28/2018 05:07:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio Google Update (gupdate).
Error: (03/28/2018 05:05:56 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Allocatore DHCP: allocatore disabilitato sull'indirizzo IP 192.168.1.2 perché l'indirizzo IP non rientra nell'ambito 192.168.137.0/255.255.255.0 da cui gli indirizzi vengono allocati ai client DHCP. Per abilitare l'allocatore DHCP su questo indirizzo IP, modificare l'ambito per includere l'indirizzo IP oppure modificare l'indirizzo IP in modo che rientri nell'ambito.
Error: (03/28/2018 05:05:56 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6: impossibile configurare lo stack IPv6.
Error: (03/28/2018 05:05:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Offertz Upd non è stato avviato per il seguente errore:
Impossibile trovare il file specificato.
Error: (03/28/2018 05:05:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Offertz Service non è stato avviato per il seguente errore:
Impossibile trovare il file specificato.
Error: (03/28/2018 05:05:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP terminato con l'errore:
Impossibile trovare il file specificato.
Windows Defender:
===================================
Date: 2017-11-22 09:22:36.406
Description:
Windows Defender: errore durante il tentativo di caricare le firme. Verrà tentato di ripristinare un set di firme valido.
Firme tentate:Corrente
Codice errore:0x80070002
Descrizione errore:Impossibile trovare il file specificato.
Versione firma:0.0.0.0
Versione modulo:0.0.0.0
Date: 2017-11-22 09:22:36.397
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente:
Origine aggiornamento:Cartella aggiornamento firma
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:
Versione modulo precedente:
Codice errore:0x80070002
Descrizione errore:Impossibile trovare il file specificato.
Date: 2016-03-01 13:14:43.734
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente:
Origine aggiornamento:Cartella aggiornamento firma
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:
Versione modulo precedente:
Codice errore:0x80070002
Descrizione errore:Impossibile trovare il file specificato.
Date: 2016-03-01 13:09:43.575
Description:
Windows Defender: errore durante il tentativo di caricare le firme. Verrà tentato di ripristinare un set di firme valido.
Firme tentate:Backup
Codice errore:0x80070714
Descrizione errore:Il file immagine specificato non conteneva una sezione risorse.
Versione firma:0.0.0.0
Versione modulo:0.0.0.0
Date: 2016-03-01 13:09:34.450
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente:
Origine aggiornamento:Cartella aggiornamento firma
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:
Versione modulo precedente:
Codice errore:0x80070002
Descrizione errore:Impossibile trovare il file specificato.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 77%
Total physical RAM: 3959.07 MB
Available physical RAM: 890.5 MB
Total Virtual: 7916.33 MB
Available Virtual: 4430.71 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:290.45 GB) (Free:123.09 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.62 GB) (Free:289.35 GB) NTFS
\\?\Volume{d98f9a4d-d322-11df-94c1-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{d98f9a4c-d322-11df-94c1-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: B969A8D1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
