Malware,Virus che non riesco a debellare. Aiuto !

[Max7]

Salve a tutti e grazie in anticipo del supporto che fornite,<br> <br>durante l’installazione di un programmino per scaricare video da youtube (SongR) probabilmente non ho spuntato un’opzione aggiuntiva ed insieme al software sono state installate una miriade di porcate. Dopo aver utilizzato ADWcleaner il pc è stato riavviato,ma ad una successiva scansione con ADWcleaner mi sono ritrovato le stesse cose infette. Sono passato ad altri programmi consigliati tipo malwarebyte e ccCleaner. Dopo aver aver riscontrato diverse infezioni con tali programmi,sono passato alla pulizia. Ad una successiva scansione con ADWcleaner ho riscontrato voci (infette presumo) nella sezione file registry che dopo ogni scansione,pulizia e riavvio mi ritrovo alla scansione successiva,nonostante il report dell’avvio (di ADW cleaner) mi dica che sono stati eliminati. Ho tentato di ripristinare il sistema ad una data antecedente al problema,ma al riavvio mi dice che è impossibile completare il ripristino. Grossi problemi al pc non ne vedo a parte un po' di lentezza e al fatto che mi è stata cambiato lo sfondo del desktop e i temi delle finestre.In piu google chrome non funzionava piu e l'ho reinstallato.<br>Allego l'ultimo report di ADWcleaner in cui è ritornato tutto e di piu. Al riavvio il report mi dice che è stato eliminato tutto quanto per poi ripresentarsi alla scansione successiva.Spero davvero possiate aiutarmi.


# AdwCleaner v4.202 - Creato file registro eventi 25/07/2015 in 19:28:55
# Aggiornato 23/04/2015 da Xplode
# Database : 2015-07-15.1 [Server]
# Sistema operativo : Windows 7 Home Premium (x64)
# Nome utente : Massimiliano - MASSIMILIANO-HP
# In esecuzione da : C:\Users\Massimiliano\Downloads\adwcleaner_4.202.exe
# Opzione : Pulizia


***** [ Servizi ] *****


Servizio Eliminato : IHProtect Service
[#] Servizio Eliminato : WindowsMangerProtect


***** [ File / Cartelle ] *****


Cartella Eliminato : C:\ProgramData\WindowsMangerProtect
Cartella Eliminato : C:\ProgramData\IHProtectUpDate
Cartella Eliminato : C:\Program Files (x86)\predm
Cartella Eliminato : C:\Program Files (x86)\Swift Record
Cartella Eliminato : C:\Program Files (x86)\miuitab
Cartella Eliminato : C:\Users\MASSIM~1\AppData\Local\Temp\Swift Record
Cartella Eliminato : C:\Users\Massimiliano\AppData\Roaming\Nosibay
Cartella Eliminato : C:\Users\Massimiliano\AppData\Roaming\Store
Cartella Eliminato : C:\Users\Massimiliano\AppData\Roaming\WTools
Cartella Eliminato : C:\Users\Massimiliano\AppData\Roaming\oursurfing
Cartella Eliminato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
File Eliminato : C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\Bubble Dock.boostrap.log
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\Bubble Dock.installation.log
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\Selection Tools.installation.log
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\WindApp.boostrap.log
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\WindApp.installation.log


***** [ Attività pianificate ] *****




***** [ Collegamenti ] *****


Collegamento Disinfettato : C:\Users\Public\Desktop\Google Chrome.lnk
Collegamento Disinfettato : C:\Users\Massimiliano\Desktop\Internet Explorer.lnk
Collegamento Disinfettato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Collegamento Disinfettato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Collegamento Disinfettato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Collegamento Disinfettato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Collegamento Disinfettato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Collegamento Disinfettato : C:\Users\Massimiliano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk


***** [ Registry ] *****


Valore Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Valore Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminato : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Dati Ripristinato : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dati Ripristinato : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chiave Eliminato : HKCU\Software\APN PIP
Chiave Eliminato : HKCU\Software\AskPartnerNetwork
Chiave Eliminato : HKCU\Software\HomeTab
Chiave Eliminato : HKCU\Software\Nosibay
Chiave Eliminato : HKCU\Software\simplytech
Chiave Eliminato : HKCU\Software\Store
Chiave Eliminato : HKCU\Software\TutoTag
Chiave Eliminato : HKCU\Software\WajIEnhance
Chiave Eliminato : HKCU\Software\WTools
Chiave Eliminato : HKCU\Software\TNT2
Chiave Eliminato : HKCU\Software\WajIntEnhance
Chiave Eliminato : HKCU\Software\SearchProtectWS
Chiave Eliminato : HKCU\Software\Linkey
Chiave Eliminato : HKCU\Software\Swift Record
Chiave Eliminato : HKCU\Software\Kromtech
Chiave Eliminato : HKLM\SOFTWARE\AskPartnerNetwork
Chiave Eliminato : HKLM\SOFTWARE\Conduit
Chiave Eliminato : HKLM\SOFTWARE\Iminent
Chiave Eliminato : HKLM\SOFTWARE\SearchProtect
Chiave Eliminato : HKLM\SOFTWARE\SupDp
Chiave Eliminato : HKLM\SOFTWARE\SupTab
Chiave Eliminato : HKLM\SOFTWARE\supWindowsMangerProtect
Chiave Eliminato : HKLM\SOFTWARE\Tutorials
Chiave Eliminato : HKLM\SOFTWARE\IHProtect
Chiave Eliminato : HKLM\SOFTWARE\WajIntEnhance
Chiave Eliminato : HKLM\SOFTWARE\SpeedBit
Chiave Eliminato : HKLM\SOFTWARE\AIM Toolbar
Chiave Eliminato : HKLM\SOFTWARE\Swift Record
Chiave Eliminato : HKLM\SOFTWARE\oursurfingSoftware
Chiave Eliminato : HKLM\SOFTWARE\searchult
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Record
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51640;hxxps=127.0.0.1:51640;
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>


***** [ Browser web ] *****


-\\ Internet Explorer v8.0.7600.17267


Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]


-\\ Mozilla Firefox v




-\\ Google Chrome v43.0.2357.134


[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1425222345&from=smt&uid=HitachiXHDS721050CLA362_JP1570HR1RLT8K1RLT8KX&q={searchTerms}
[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.istartsurf.com/web/?type=dspp&ts=1430056713&from=smt&uid=HitachiXHDS721050CLA362_JP1570HR1RLT8K1RLT8KX&q={searchTerms}
[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.softonic.it/s/{searchTerms}
[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.oursurfing.com/web/?type=ds&ts=1437844497&z=257687324ab94f056798813gdzec4m1bezcz9z6t0q&from=nsbit&uid=HitachiXHDS721050CLA362_JP1570HR1RLT8K1RLT8KX&q={searchTerms}
[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Homepage] : hxxp://www.oursurfing.com/?type=hp&ts=1437844497&z=257687324ab94f056798813gdzec4m1bezcz9z6t0q&from=nsbit&uid=HitachiXHDS721050CLA362_JP1570HR1RLT8K1RLT8KX
[C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Startup_URLs] : 1BC89333222906118585D73F75BEE8387551FC3CBC6223651ABF4B76A14FFD8D"},"software_reporter":{"prompt_reason":"36A51C1A05EDEB52F64C96E161ACBB0A8D5721E3673336404C83B349E0DD2448","prompt_seed":"2E0CDD8E95B7B14830922CC9EDC7F9AFBB8E2E1226B1051B50B64214F4A27C66","prompt_version":"4D08B49D313B6DFAF36F32124089235EDA44DFB95E51B62BE534508EE40A41B3"},"sync":{"remaining_rollback_tries":"B47EC5F0506AFAB57C65512725748B2736FC339B1155BE4B0A90483D77AF442B"}},"super_mac":"82BC8F4EFF44EB81D8E8147464B6326C752179932FEF5721B6910C466DE6DE10"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.oursurfing.com/?type=hp&ts=1437844497&z=257687324ab94f056798813gdzec4m1bezcz9z6t0q&from=nsbit&uid=HitachiXHDS721050CLA362_JP1570HR1RLT8K1RLT8KX


*************************


AdwCleaner[R0].txt - [23260 byte] - [06/01/2014 19:49:18]
AdwCleaner[R1].txt - [1484 byte] - [06/01/2014 19:57:10]
AdwCleaner[R2].txt - [1042 byte] - [06/01/2014 20:00:54]
AdwCleaner[R3].txt - [17710 byte] - [02/01/2015 19:48:56]
AdwCleaner[R4].txt - [1504 byte] - [05/01/2015 16:15:56]
AdwCleaner[R5].txt - [1940 byte] - [05/01/2015 21:29:39]
AdwCleaner[R6].txt - [7745 byte] - [09/03/2015 21:46:20]
AdwCleaner[R7].txt - [10605 byte] - [26/04/2015 16:49:55]
AdwCleaner[R8].txt - [15102 byte] - [25/07/2015 19:27:24]
AdwCleaner[S0].txt - [20737 byte] - [06/01/2014 19:50:01]
AdwCleaner[S1].txt - [1567 byte] - [06/01/2014 19:57:39]
AdwCleaner[S2].txt - [16105 byte] - [02/01/2015 19:50:29]
AdwCleaner[S3].txt - [1679 byte] - [05/01/2015 16:20:56]
AdwCleaner[S4].txt - [2006 byte] - [05/01/2015 22:26:09]
AdwCleaner[S5].txt - [6459 byte] - [09/03/2015 21:48:27]
AdwCleaner[S6].txt - [8073 byte] - [26/04/2015 16:53:15]
AdwCleaner[S7].txt - [11647 byte] - [25/07/2015 19:28:55]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [11706 byte] ##########
# AdwCleaner v4.208 - Creato file registro eventi 27/07/2015 in 19:54:22
# Aggiornato 09/07/2015 da Xplode
# Database : 2015-07-26.2 [Server]
# Sistema operativo : Windows 7 Home Premium (x64)
# Nome utente : Massimiliano - MASSIMILIANO-HP
# In esecuzione da : C:\Users\Massimiliano\Desktop\AdwCleaner.exe
# Opzione : Pulizia


***** [ Servizi ] *****


[#] Servizio Eliminato : Util Swift Record


***** [ File / Cartelle ] *****


Cartella Eliminato : C:\Program Files (x86)\Swift Record
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\FPFSGGU.exe


***** [ Attività pianificate ] *****




***** [ Collegamenti ] *****




***** [ Registry ] *****


Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{0759D61F-3673-416F-85D2-58B847E78DDF}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0759D61F-3673-416F-85D2-58B847E78DDF}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0759D61F-3673-416F-85D2-58B847E78DDF}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0759D61F-3673-416F-85D2-58B847E78DDF}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminato : HKCU\Software\Swift Record
Chiave Eliminato : HKCU\Software\Kromtech
Chiave Eliminato : HKLM\SOFTWARE\AIM Toolbar
Chiave Eliminato : HKLM\SOFTWARE\Swift Record
Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Record
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51640;hxxps=127.0.0.1:51640;
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>


***** [ Browser web ] *****


-\\ Internet Explorer v8.0.7600.17267




-\\ Mozilla Firefox v




-\\ Google Chrome v43.0.2357.134




*************************


AdwCleaner[R0].txt - [23260 byte] - [06/01/2014 19:49:18]
AdwCleaner[R10].txt - [2678 byte] - [26/07/2015 16:33:47]
AdwCleaner[R11].txt - [2737 byte] - [26/07/2015 16:36:35]
AdwCleaner[R12].txt - [2854 byte] - [26/07/2015 16:41:54]
AdwCleaner[R13].txt - [3825 byte] - [26/07/2015 16:50:28]
AdwCleaner[R14].txt - [3884 byte] - [26/07/2015 16:58:54]
AdwCleaner[R15].txt - [3292 byte] - [26/07/2015 17:03:46]
AdwCleaner[R16].txt - [3351 byte] - [26/07/2015 19:19:32]
AdwCleaner[R17].txt - [3469 byte] - [26/07/2015 19:22:24]
AdwCleaner[R18].txt - [3386 byte] - [27/07/2015 19:01:48]
AdwCleaner[R19].txt - [3504 byte] - [27/07/2015 19:09:40]
AdwCleaner[R1].txt - [1484 byte] - [06/01/2014 19:57:10]
AdwCleaner[R20].txt - [3563 byte] - [27/07/2015 19:34:36]
AdwCleaner[R2].txt - [1042 byte] - [06/01/2014 20:00:54]
AdwCleaner[R3].txt - [17710 byte] - [02/01/2015 19:48:56]
AdwCleaner[R4].txt - [1504 byte] - [05/01/2015 16:15:56]
AdwCleaner[R5].txt - [1940 byte] - [05/01/2015 21:29:39]
AdwCleaner[R6].txt - [7745 byte] - [09/03/2015 21:46:20]
AdwCleaner[R7].txt - [10605 byte] - [26/04/2015 16:49:55]
AdwCleaner[R8].txt - [19899 byte] - [25/07/2015 19:27:24]
AdwCleaner[R9].txt - [3232 byte] - [25/07/2015 19:56:43]
AdwCleaner[S0].txt - [20737 byte] - [06/01/2014 19:50:01]
AdwCleaner[S10].txt - [3742 byte] - [26/07/2015 17:00:44]
AdwCleaner[S11].txt - [3191 byte] - [26/07/2015 19:20:52]
AdwCleaner[S12].txt - [3224 byte] - [27/07/2015 19:03:39]
AdwCleaner[S1].txt - [1567 byte] - [06/01/2014 19:57:39]
AdwCleaner[S2].txt - [16105 byte] - [02/01/2015 19:50:29]
AdwCleaner[S3].txt - [1679 byte] - [05/01/2015 16:20:56]
AdwCleaner[S4].txt - [2006 byte] - [05/01/2015 22:26:09]
AdwCleaner[S5].txt - [6459 byte] - [09/03/2015 21:48:27]
AdwCleaner[S6].txt - [8073 byte] - [26/04/2015 16:53:15]
AdwCleaner[S7].txt - [16059 byte] - [25/07/2015 19:28:55]
AdwCleaner[S8].txt - [2991 byte] - [25/07/2015 20:03:02]
AdwCleaner[S9].txt - [2571 byte] - [26/07/2015 16:39:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [16234 byte] ##########
# AdwCleaner v4.208 - Creato file registro eventi 28/07/2015 in 19:45:55
# Aggiornato 09/07/2015 da Xplode
# Database : 2015-07-26.2 [Server]
# Sistema operativo : Windows 7 Home Premium (x64)
# Nome utente : Massimiliano - MASSIMILIANO-HP
# In esecuzione da : C:\Users\Massimiliano\Desktop\adwcleaner_4.208.exe
# Opzione : Pulizia


***** [ Servizi ] *****


[#] Servizio Eliminato : Util Swift Record


***** [ File / Cartelle ] *****


File Eliminato : C:\Users\Massimiliano\AppData\Roaming\FPFSGGU.exe
File Eliminato : C:\Users\Massimiliano\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js


***** [ Attività pianificate ] *****




***** [ Collegamenti ] *****




***** [ Registry ] *****


Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminato : HKCU\Software\Kromtech
Chiave Eliminato : HKLM\SOFTWARE\AIM Toolbar
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51640;hxxps=127.0.0.1:51640;
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>


***** [ Browser web ] *****


-\\ Internet Explorer v8.0.7600.17267




-\\ Mozilla Firefox v




-\\ Google Chrome v44.0.2403.107




*************************


AdwCleaner[R0].txt - [23260 byte] - [06/01/2014 19:49:18]
AdwCleaner[R10].txt - [2678 byte] - [26/07/2015 16:33:47]
AdwCleaner[R11].txt - [2737 byte] - [26/07/2015 16:36:35]
AdwCleaner[R12].txt - [2854 byte] - [26/07/2015 16:41:54]
AdwCleaner[R13].txt - [3825 byte] - [26/07/2015 16:50:28]
AdwCleaner[R14].txt - [3884 byte] - [26/07/2015 16:58:54]
AdwCleaner[R15].txt - [3292 byte] - [26/07/2015 17:03:46]
AdwCleaner[R16].txt - [3351 byte] - [26/07/2015 19:19:32]
AdwCleaner[R17].txt - [3469 byte] - [26/07/2015 19:22:24]
AdwCleaner[R18].txt - [3386 byte] - [27/07/2015 19:01:48]
AdwCleaner[R19].txt - [3504 byte] - [27/07/2015 19:09:40]
AdwCleaner[R1].txt - [1484 byte] - [06/01/2014 19:57:10]
AdwCleaner[R20].txt - [3563 byte] - [27/07/2015 19:34:36]
AdwCleaner[R2].txt - [1042 byte] - [06/01/2014 20:00:54]
AdwCleaner[R3].txt - [17710 byte] - [02/01/2015 19:48:56]
AdwCleaner[R4].txt - [1504 byte] - [05/01/2015 16:15:56]
AdwCleaner[R5].txt - [1940 byte] - [05/01/2015 21:29:39]
AdwCleaner[R6].txt - [7745 byte] - [09/03/2015 21:46:20]
AdwCleaner[R7].txt - [10605 byte] - [26/04/2015 16:49:55]
AdwCleaner[R8].txt - [23881 byte] - [25/07/2015 19:27:24]
AdwCleaner[R9].txt - [6788 byte] - [25/07/2015 19:56:43]
AdwCleaner[S0].txt - [20737 byte] - [06/01/2014 19:50:01]
AdwCleaner[S10].txt - [3742 byte] - [26/07/2015 17:00:44]
AdwCleaner[S11].txt - [3191 byte] - [26/07/2015 19:20:52]
AdwCleaner[S12].txt - [3224 byte] - [27/07/2015 19:03:39]
AdwCleaner[S1].txt - [1567 byte] - [06/01/2014 19:57:39]
AdwCleaner[S2].txt - [16105 byte] - [02/01/2015 19:50:29]
AdwCleaner[S3].txt - [1679 byte] - [05/01/2015 16:20:56]
AdwCleaner[S4].txt - [2006 byte] - [05/01/2015 22:26:09]
AdwCleaner[S5].txt - [6459 byte] - [09/03/2015 21:48:27]
AdwCleaner[S6].txt - [8073 byte] - [26/04/2015 16:53:15]
AdwCleaner[S7].txt - [19797 byte] - [25/07/2015 19:28:55]
AdwCleaner[S8].txt - [2991 byte] - [25/07/2015 20:03:02]
AdwCleaner[S9].txt - [2571 byte] - [26/07/2015 16:39:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [19972 byte] ##########

 

[Lele1990]

andiamo per ordine, vai in modalità provvisoria e avvia questi programmi:

- adwcleaner https://toolslib.net/downloads/finish/1/
- Junkware removal tool Downloading Junkware Removal Tool
- malwarebytes (ricordati di attivare la ricerca rootkit) https://it.malwarebytes.org/mwb-download

dovresti risolvere così, fai sapere

 

[Max7]

Grazie 1000,ci provo. I software elencati li scarico prima della modalità provvisoria vero ? Scusa le banali domande ma sono un utilizzatore medio/basso :-)

 

[Lele1990]

si se già li hai rimuovili e installa e/o avvia quelli che ti ho elencato

 

[Max7]

Ciao Lele,

scaricati dai tuoi link e fatti girare in modalità provvisoria.Tutto regolare tranne un messaggio iniziale di JRT che mi diceva di non essere riuscito a creare un punto di ripristio.Poi ha continuato il suo check normalmente. Una volta rientrato in modalità normale ho lanciato ADWcleaner e nella sezione Registry ancora gli stessi rilevamenti. Riavviato e di seguito il report:


# AdwCleaner v4.202 - Creato file registro eventi 26/07/2015 in 17:00:44
# Aggiornato 23/04/2015 da Xplode
# Database : 2015-07-26.2 [Server]
# Sistema operativo : Windows 7 Home Premium (x64)
# Nome utente : Massimiliano - MASSIMILIANO-HP
# In esecuzione da : C:\Users\Massimiliano\Desktop\adwcleaner_4.202.exe
# Opzione : Pulizia


***** [ Servizi ] *****


[#] Servizio Eliminato : Util Swift Record


***** [ File / Cartelle ] *****


File Eliminato : C:\Users\Massimiliano\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo


***** [ Attività pianificate ] *****




***** [ Collegamenti ] *****




***** [ Registry ] *****


Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0759D61F-3673-416F-85D2-58B847E78DDF}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51640;hxxps=127.0.0.1:51640;
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>


***** [ Browser web ] *****


-\\ Internet Explorer v8.0.7600.17267




-\\ Mozilla Firefox v




-\\ Google Chrome v43.0.2357.134




*************************


AdwCleaner[R0].txt - [23260 byte] - [06/01/2014 19:49:18]
AdwCleaner[R10].txt - [2678 byte] - [26/07/2015 16:33:47]
AdwCleaner[R11].txt - [2737 byte] - [26/07/2015 16:36:35]
AdwCleaner[R12].txt - [2854 byte] - [26/07/2015 16:41:54]
AdwCleaner[R13].txt - [3825 byte] - [26/07/2015 16:50:28]
AdwCleaner[R14].txt - [3884 byte] - [26/07/2015 16:58:54]
AdwCleaner[R1].txt - [1484 byte] - [06/01/2014 19:57:10]
AdwCleaner[R2].txt - [1042 byte] - [06/01/2014 20:00:54]
AdwCleaner[R3].txt - [17710 byte] - [02/01/2015 19:48:56]
AdwCleaner[R4].txt - [1504 byte] - [05/01/2015 16:15:56]
AdwCleaner[R5].txt - [1940 byte] - [05/01/2015 21:29:39]
AdwCleaner[R6].txt - [7745 byte] - [09/03/2015 21:46:20]
AdwCleaner[R7].txt - [10605 byte] - [26/04/2015 16:49:55]
AdwCleaner[R8].txt - [15102 byte] - [25/07/2015 19:27:24]
AdwCleaner[R9].txt - [3232 byte] - [25/07/2015 19:56:43]
AdwCleaner[S0].txt - [20737 byte] - [06/01/2014 19:50:01]
AdwCleaner[S10].txt - [3079 byte] - [26/07/2015 17:00:44]
AdwCleaner[S1].txt - [1567 byte] - [06/01/2014 19:57:39]
AdwCleaner[S2].txt - [16105 byte] - [02/01/2015 19:50:29]
AdwCleaner[S3].txt - [1679 byte] - [05/01/2015 16:20:56]
AdwCleaner[S4].txt - [2006 byte] - [05/01/2015 22:26:09]
AdwCleaner[S5].txt - [6459 byte] - [09/03/2015 21:48:27]
AdwCleaner[S6].txt - [8073 byte] - [26/04/2015 16:53:15]
AdwCleaner[S7].txt - [11810 byte] - [25/07/2015 19:28:55]
AdwCleaner[S8].txt - [2991 byte] - [25/07/2015 20:03:02]
AdwCleaner[S9].txt - [2571 byte] - [26/07/2015 16:39:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [3662 byte] ##########
# AdwCleaner v4.208 - Creato file registro eventi 28/07/2015 in 21:08:51
# Aggiornato 09/07/2015 da Xplode
# Database : 2015-07-26.2 [Server]
# Sistema operativo : Windows 7 Home Premium (x64)
# Nome utente : Massimiliano - MASSIMILIANO-HP
# In esecuzione da : C:\Users\Massimiliano\Desktop\adwcleaner_4.208.exe
# Opzione : Pulizia


***** [ Servizi ] *****




***** [ File / Cartelle ] *****




***** [ Attività pianificate ] *****




***** [ Collegamenti ] *****




***** [ Registry ] *****


Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51640;hxxps=127.0.0.1:51640;
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>


***** [ Browser web ] *****


-\\ Internet Explorer v8.0.7600.17267




-\\ Mozilla Firefox v




-\\ Google Chrome v44.0.2403.107




*************************


AdwCleaner[R0].txt - [23260 byte] - [06/01/2014 19:49:18]
AdwCleaner[R10].txt - [6242 byte] - [26/07/2015 16:33:47]
AdwCleaner[R11].txt - [6301 byte] - [26/07/2015 16:36:35]
AdwCleaner[R12].txt - [6418 byte] - [26/07/2015 16:41:54]
AdwCleaner[R13].txt - [3825 byte] - [26/07/2015 16:50:28]
AdwCleaner[R14].txt - [3884 byte] - [26/07/2015 16:58:54]
AdwCleaner[R15].txt - [3292 byte] - [26/07/2015 17:03:46]
AdwCleaner[R16].txt - [3351 byte] - [26/07/2015 19:19:32]
AdwCleaner[R17].txt - [3469 byte] - [26/07/2015 19:22:24]
AdwCleaner[R18].txt - [3386 byte] - [27/07/2015 19:01:48]
AdwCleaner[R19].txt - [3504 byte] - [27/07/2015 19:09:40]
AdwCleaner[R1].txt - [1484 byte] - [06/01/2014 19:57:10]
AdwCleaner[R20].txt - [3563 byte] - [27/07/2015 19:34:36]
AdwCleaner[R2].txt - [1042 byte] - [06/01/2014 20:00:54]
AdwCleaner[R3].txt - [17710 byte] - [02/01/2015 19:48:56]
AdwCleaner[R4].txt - [1504 byte] - [05/01/2015 16:15:56]
AdwCleaner[R5].txt - [1940 byte] - [05/01/2015 21:29:39]
AdwCleaner[R6].txt - [7745 byte] - [09/03/2015 21:46:20]
AdwCleaner[R7].txt - [10605 byte] - [26/04/2015 16:49:55]
AdwCleaner[R8].txt - [23881 byte] - [25/07/2015 19:27:24]
AdwCleaner[R9].txt - [10351 byte] - [25/07/2015 19:56:43]
AdwCleaner[S0].txt - [20737 byte] - [06/01/2014 19:50:01]
AdwCleaner[S10].txt - [6304 byte] - [26/07/2015 17:00:44]
AdwCleaner[S11].txt - [3191 byte] - [26/07/2015 19:20:52]
AdwCleaner[S12].txt - [3224 byte] - [27/07/2015 19:03:39]
AdwCleaner[S1].txt - [1567 byte] - [06/01/2014 19:57:39]
AdwCleaner[S2].txt - [16105 byte] - [02/01/2015 19:50:29]
AdwCleaner[S3].txt - [1679 byte] - [05/01/2015 16:20:56]
AdwCleaner[S4].txt - [2006 byte] - [05/01/2015 22:26:09]
AdwCleaner[S5].txt - [6459 byte] - [09/03/2015 21:48:27]
AdwCleaner[S6].txt - [8073 byte] - [26/04/2015 16:53:15]
AdwCleaner[S7].txt - [20052 byte] - [25/07/2015 19:28:55]
AdwCleaner[S8].txt - [6333 byte] - [25/07/2015 20:03:02]
AdwCleaner[S9].txt - [5913 byte] - [26/07/2015 16:39:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [7005 byte] ##########

 

[Lele1990]

da dove l'hai scaricato songr? da softonic? i programmi vanno sempre scaricati dai lori siti ufficiali sennò poi succedono queste cose.
Prova questi due:
- hitmanpro (scegli quello adatto al tuo s.o.) Downloads - SurfRight
- emsisoft Scarica Emsisoft Emergency Kit

fai sapere

P.s mancano gli altri 2 log, che s.o hai?

 

[Max7]

Buongiorno Lele,

Songr francamente non ricordo da dove l'ho scaricato..ma è probabile che sia stato da softonic; il mio s.o. è WINDOWS 7. Perdonami l'ignoranza in materia..per "altri 2 log" cosa intendi ? i report degli altri due software ?

 

[deleted_271768]

Evita sempre Softonic, è un sito pieno di me*de. Prova:
- Spybot - Search & Destroy
- Dr. Web CureIt!
- Roguekiller
- Kaspersky TDSS Killer
:ok:

 

[Lele1990]

esttamente, i due report. Io farei anche una scansione con Downloading ComboFix (ricordarti prima di avviarlo di metterlo su desktop e di disabilitare o chiudere tutti i tuoi programmi per la sicurezza perchè altrmenti potrebbe andare in conflitto.

Attendo anche il suo report.

P.s. una volta avviato non toccare niente farà tutto da solo fino al riascio del report.

 

[Max7]

Ciao Ragazzi e grazie dei suggerimenti.Ho appena lanciato malwarebytes (mi ero dimenticato di selezionare anche i rootkit). Riporto di seguito il report di JRT : p.s. ho tolto un po delle voci centrali (succesfully deleted) che erano infinite lasciando l'inizio e la fine del report.
Ma questi programmi che mi suggerite,devo lanciarli sempre in modalità provvisoria ?

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Massimiliano on 28/07/2015 at 20:44:41,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Tasks


Successfully deleted: [Task] C:\Windows\system32\tasks\0






~~~ Registry Values






~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Swift Record






~~~ Files






~~~ Folders


Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0016619E-29D7-4F0F-89F1-FF48C7573B45}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00446570-FD6A-4072-8E57-8D37A1CF65F2}


Users\Massimiliano\Appdata\Local\{FE74F192-22EB-4442-94D5-7F9A411904CC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FE80EAFA-2038-4779-AD01-0F7033702922}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FE830C92-8149-428C-8F12-D0C7EF0DE96A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FE884D96-990A-4039-A023-9BEBED0F7DFD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FE91462A-0EBE-4CEE-A01F-ADD8A7E61910}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FED6F302-80B6-41FC-979F-01E4B2D3E0E4}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FED75A16-292A-4BBD-B3C7-54E73FA2ADA5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FEFDB655-695A-4C75-9D7C-35127E175BCB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF03B080-3020-4F77-B466-4AD23C4078D5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF0FB665-D48A-4915-8CF1-6E9CA2C6B89B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF26D3DB-DA01-46AA-A8E4-CC0AC1540828}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF545CB6-D6CA-4B36-999D-967B9A80E388}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF6073B6-7BB7-4B08-AF93-1E0BC8039864}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF62118A-216C-41F5-BC49-18A6CE4F11F0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF979101-9B3A-4996-BC76-553E186C29FA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FFEE126A-77AE-4520-B39A-4C97D5E7D236}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FFF879EA-AD07-4202-8D38-2A0F84745DA0}
Successfully deleted: [Folder] C:\Users\Massimiliano\Appdata\Local\installer






~~~ Chrome




[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/07/2015 at 20:47:58,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Massimiliano on 28/07/2015 at 20:44:41,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Tasks


Successfully deleted: [Task] C:\Windows\system32\tasks\0






~~~ Registry Values






~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Swift Record






~~~ Files






~~~ Folders


Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0016619E-29D7-4F0F-89F1-FF48C7573B45}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00446570-FD6A-4072-8E57-8D37A1CF65F2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{006333E1-0847-4F9B-ADBC-2886C5DEE987}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0075BFEE-982B-426C-8C42-BFBC083B921C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00846B1D-D36F-48EC-B53E-757972D74F86}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00A7EE0D-FB16-48B2-A0F5-8494BAFB00B2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00B136EC-DAB8-4730-B2C9-4EAFDC63C17B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{00FFEA7E-E0EF-44A4-97B7-EE7B295DE208}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0120BA94-8B91-45D3-9D1A-DC23774C0B0D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0166C4C8-FF50-44CF-A7BA-2D588EB8FAE9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{018AC40F-6D63-407D-81B7-EC9049F6FFD8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{019E834C-4E27-49C9-AB87-0E6FCAAF4E1D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{01F9AEBC-7E68-49E3-ABAE-FD41E48EF471}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0202D68B-E2B8-4EBA-A42A-0FB4E2A31395}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{021929BF-3D7B-473A-B58D-C20ECAAB3BC0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{023DD83C-DB47-42F1-B591-4B8F4D5D801A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{02750DE3-912F-4470-9E0C-3B051C4E9C32}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{02964D4A-DDCB-4220-B8F8-E54B5C47DB39}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{02F2D2D8-3C25-4EF3-AA07-0B9139DECF19}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{02F3F0EF-B152-40CF-961A-B252D9A08EC1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{02FDEAB7-E621-4E57-B711-69860005EAE4}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{03181E39-6AEE-4DCC-8B04-64FB8E83D97B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{03CCF8E7-CCA9-4601-B61E-444BBB1A67B6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{03D66AA9-184B-4FC1-8E53-6097B2D23196}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{041B9757-A934-41A4-B48D-DD2A8EAAC864}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{042450A1-3B4A-4F7A-AF53-0089AB1E0ECE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0438F59E-0F76-434C-95E7-7A5F419E31AF}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0439A4CF-D9BE-4F50-B121-EA52421008AE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{04C8604A-9980-4EE1-A796-E7691E129178}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{052611A5-E05A-4F31-AACC-DB72AF4EE7A1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{05338938-EB1D-41E9-BC98-2F03F8601F15}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0536B83E-C907-493A-BDDB-93740E32BC7D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{058649BD-2A34-41C6-AA9B-8531D64FACB9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{05CE2CDE-A8CE-46CC-B755-C90AEEE22961}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{06403D0B-BE91-48DC-BB75-9A3F8F8EC22A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{065D8A2F-12AB-4F1A-81FE-19B0ED97BB81}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{069A2E8D-3AD9-4934-8E01-A617AAC57482}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{06A1D467-9B12-4BB8-9ED2-A8D138A7FA33}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{06A2971F-4BFA-40B1-9F9A-BA59E660F370}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{06A9FC33-031C-4B40-B957-9BE9DDB9E9EB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{06E92022-D607-46EA-AF11-0F2F34C1D553}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0703275C-2055-4DFA-8960-E29126F07040}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{070B7C9E-8378-421F-809C-08B98ADF4CC1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{070C8B9A-DE5E-4E0C-ADBB-41E3456A85D5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{073E5218-2B60-4291-B061-31CF002D00CC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{07AD4B0D-233D-4423-9B27-01328FFFAF74}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{081EA096-884D-4B1C-A834-C40B5AB5F8C8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{08324528-91B5-4375-9ED0-5BC0B5A27223}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{08893B86-E3C4-4BB5-97EC-0358BBA7C02B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{08B41CF1-2435-471E-8A71-D50016376D39}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{08CB137E-C35E-4036-B163-91A42DB14531}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{08FD61E6-878E-4F38-AC7E-83993837EEEC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{091D51FF-7A8A-4FD2-8B59-10E779A0462B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{092932F7-2B54-42A3-8E98-EA3245BBDA2E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{093BB60E-1846-4440-B7E0-E4403453D107}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09640C7D-7BBA-4BA0-8B37-F9045390ED3C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0979AFC5-FBB1-4FB2-ADD5-F69AAA644E84}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0993BCF1-B99D-4ADC-91A6-22E339082651}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09B7530F-1342-4F5A-B7F0-08B90F5036E4}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09EC6065-41A4-4AF3-95B9-4E6CBFC606F5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09EDBD40-1DF6-47F7-8B7A-3EAFFBC87939}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09F10C06-DB69-4D3C-9D4F-255B049D1B96}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09F1D011-5CD2-41BD-B5D2-839F62587DAB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{09F796FA-30BB-4F62-A288-0F38DD524B75}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0A2F300C-1426-406F-94B3-D25377A88E54}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0A8C2A0D-DB30-435F-9165-C7344767F6C9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0A9F9A7A-5EE8-4838-89AD-98D83DABBA55}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0A9FA499-74CE-408E-97A9-6744A09E2687}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AB31BB9-430E-4248-8E7A-E23FA72C6E4D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AB42DD8-B6E7-4431-B569-BE3BA5FACD12}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AB8C998-CAC9-42B6-ACC9-3112531E6F3F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AC423FE-2D7F-41CD-88E6-016029482410}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AE45635-CDFF-4244-A734-9C0D8F197027}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0AF7E609-4A77-432B-AA45-72E937F403AC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0B0C564F-F39F-49B6-92CC-BF45F2DC66DD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0B1896BC-5AFD-49E4-9EF9-31BA67480982}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0B6A7548-831C-4049-A4CA-1115107434E6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0B84DA04-4039-4925-A3D5-B10D1431471B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0BCC6AFB-A6E2-4746-8467-8827D7849701}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C212EC9-16E4-4796-93CA-CB9375C2A76A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C305C74-0257-4518-8C14-C4DA9066250D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C458800-854B-46D1-8E8A-16050CCABBCD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C519D3D-237D-4684-90B9-C972B0980066}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C752FD4-2CE6-469F-8C54-D6FEA95FE8D8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C791DF7-A207-49E4-8ABA-41096BFD7F7B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C8939CD-C252-4590-AE7F-EC7157F2CCBF}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0C8F9D9F-EB01-484B-95F3-827E780C90B7}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0CA124D5-FB11-40B0-AE4C-384CDAFD1E6B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0CB065F6-E3B2-460D-AD25-97FEF9087D68}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0CC46DE8-0948-4105-A0C4-CE67A625BA88}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0CCAC249-187B-41D5-B464-B13978EC9D48}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0D3FD911-15AB-4A47-AAB4-0B3E12C677C2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0D85EA22-5D7C-441A-BCB7-AB8DCDAEC125}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0DB2066F-E4A5-4A6B-8544-C902DF23824A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0DCEA2C9-12D4-4FB9-A84F-27A95328337C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0DCECB1A-0DC0-432A-B461-45B5C996C4CA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0DD53787-F79D-4494-9517-B49608571130}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E25DE6F-241A-441C-8AAE-7892A9CD5413}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E26FEA2-F107-4228-8496-158CBEAC3D5A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E4C4AF0-BE4C-49E2-B13D-E32D6A48EE68}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E7A50F8-BBEA-472F-ADF2-698BF08A8289}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E83FD30-5758-4604-BC86-71DCD8C9388F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E8BBAC6-EE9A-412E-980F-FCDC0A4AE76A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E8F5C8E-B5A3-429D-973D-5765B799F08A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0E99D543-F15C-4242-B14E-D5D5FE7CD849}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0EA09854-B269-4F24-B4B0-389049B9C0B3}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0EC654BD-7E69-41F9-A9F1-A8E14F2A8739}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0F2F20B9-30C2-4EAD-BC7E-874CFE6DC1A9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0F3BAC02-DFE5-4D37-85E6-717A07E5A94A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0F84C6EC-E57E-451D-9DFB-50562BA56BC9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0F84F7BE-1896-45B0-B821-A0A5884B3F58}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0F8BA93E-5AFE-44F7-9E9F-9269188AED1C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0FC0AEA9-A54D-451F-997E-BC8636CD6CB5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0FF9D397-8707-4CDF-B661-B42537825631}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{0FFF34F0-7A3A-4243-A650-F069970CF113}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{10143CF0-D668-46F4-878C-6D9F77B75C0C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{102A31F7-A043-484F-BC2D-59506F296F84}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{103F9C65-2704-44A6-B82A-DDF1805F630E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1092D32A-7A9E-4985-B6E3-DFC14D0EECE8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{10B28337-0735-41C5-9067-927F7D54EF1A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{10B7D213-5C1B-4311-8636-2FF1DDB6B5EE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{10D77354-DE13-4D37-A3DE-4CAB310B0905}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{10E1E041-5FE3-403A-8367-7562A6CBE5B5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1104E4C4-A7F5-47AD-B00C-DC3D56739B4B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{111BC558-11C8-4CA7-8B39-CC66D5669AFC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{113437E3-BDF7-49B7-A806-F32929791F9C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{115019E1-273E-407F-8208-FA508016FCE5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1151EE90-AAEC-4B98-A523-4A5ACEFF9898}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{116DFA6C-8709-4B61-B3EA-0F9EFCEB8BD5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{116F723A-BA91-4D0D-9991-493ED37D0D0F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{11E4D035-2483-4E5E-8355-DE29EF3F2FDB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{122FDE20-A612-4228-8C79-7F7382591C64}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1235466B-4651-41A4-8861-C9186FF4B8BD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{123C6C81-6BEE-4553-A380-7E5BCBF6525C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{12C87133-75F3-4824-A7FE-9EFD98018EBA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{12D1B6E8-9795-49E4-91CC-9905B341C11B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{12DF2FF0-46D3-4755-9128-D58DE97CE9AE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{12F4F801-E2EA-4FF2-B787-BD80DF4E4339}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{130A8FBA-0F8C-4079-B232-2A70C26F9CCB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{134C736C-5F02-4D91-8912-5112EA835896}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{13863230-5C3D-4443-AC27-0EB37AA4DD7C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{13C877B9-0732-4C59-9890-63966DB5F12C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{13D1029C-D34E-4E57-A1CB-A762AD2B97E8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{13DB8AEE-FDDB-401A-9175-75BDB56A75FE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{13EF52BC-FFAD-4328-ABEC-06A1DF10047F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{14441501-D872-4A33-90D7-194079C595CE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{148B127C-E307-4032-A21F-CD01A39A00A2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{149666F4-5A99-4491-A958-FDDAB05A7A8A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{14D17A81-1D6C-4166-9F39-4F7A58C81088}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{14D5B58F-D5D7-4CE2-8454-B7AD0E8A898D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{14FE5A1C-2144-4116-85D6-EC38BB098E41}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{15011408-5225-4580-8AA5-62837E2DC009}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{15050094-38FF-48AD-A2A5-983BD72C8483}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1522AD4E-3928-4D8B-8958-6954AF5670D0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1533A8DB-D286-4F6E-A1A5-780EEF985D26}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{153DAB40-040E-4DCA-A729-81EA75B1DD6F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{15EB4CE3-2751-4FBA-9DF0-445AA7D718C9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{15FFE785-E8BE-4D4F-923F-61AFFED35062}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{161F68CC-EB01-41F9-BB2C-E96BE5954C57}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{161F9127-D7D1-4958-A994-031F19B867E4}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{162728F8-5160-4453-9A36-F1BF341A12B6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16383220-1514-40A0-9521-2EBFD1EF1EA0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16453DD7-B3DC-4A0E-9DFD-3FFE66383BD1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{167AD966-833A-4F5B-8090-C431C44D47ED}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16A62F0D-4924-49A0-9E8D-06ED65F60B06}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16A7B3A8-8E53-4F09-A7FD-7324ADCC3EDB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16B3AC07-ABB7-4592-91A8-68A2FB051305}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16B3E211-BF0E-460C-B3DE-7D16B33EC97D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16B40E8A-B53F-4DF1-83FE-83B42B3E50AC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16E6646D-469D-4C55-BB0B-B71DC60957C9}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{16F7A094-6A29-43F8-BC70-0B87712A5338}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{17032BAE-1A1B-4F06-9717-CE69FB3B290F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{17176A35-D46B-468B-A27A-0CF534B5A36C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{173B950E-EF69-4AFB-9A56-DF3DF72D01FB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{17512041-6880-4D56-99F2-EC63AE2D7244}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{17CF587C-29CC-43FE-A8B3-FD8B4E70E8C2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{18024C97-6DCF-47AA-9C68-45317C870792}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1825FD10-0215-4899-8256-9EA7AF518921}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{18525368-ABA1-4519-9806-5AA9F4E681B1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1868F779-D7B4-4652-BCF4-AD9FD6197625}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{186A8421-E2D6-4669-A06E-F9E4FA6C8A71}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1893EC6E-15D5-409F-BB5C-46E8C9BED9CF}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{18A62E1E-D98F-4C78-8291-61F3A3FB33F2}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{18B1B0EC-363F-40B9-9BFB-0762AFA4AE30}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{18D61A5D-DF89-4FA7-AA3B-269ABE16569C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{193E8DC4-4EAC-47A7-BA55-EA194C74B8EF}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1944D974-AB54-43E7-AF87-F7134A3FD92E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19505935-F8D7-4B46-B8A4-B30570D0C502}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19632603-6CA5-4316-85C5-60BDFBF1BEB7}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19683252-8B77-49D3-921A-2D82FB194412}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{197C9FA3-46D9-49C8-858E-DE981449E74E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1986F8A1-3882-45EE-836F-8838DFFF04E3}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19913086-65B9-46D4-8837-F116A76BA5F3}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19A178BF-4C0B-4DFD-B6EF-76CF5FADAFD3}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{19A5BB92-910F-41E2-9F74-3132E43A3E56}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1A27BD85-A90F-4B9C-A085-00484D5A235F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1A7FC993-762D-4A88-89BA-F066998DF7DB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1AA5865D-C6D6-4B56-931E-4D0B8E6E4840}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1AC5F03E-5E5C-48CD-B180-3797DF0C3E98}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1AFA1349-9F67-4B25-8F6B-AAB6E8537276}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1B177184-33EF-4164-9244-80725E734FB8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1B189BBD-A6DF-4B0B-9C88-E926DED55312}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1B229918-D1E7-42F0-B8F0-DF955EE722A8}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1BC7C9FD-9EB0-4272-B25B-8A363F26FB6B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1BD1D847-ABCA-48F7-A379-181F381226EB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1BDF5164-2619-46EC-8267-4EBD154E2D27}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C078434-E54A-4744-9187-59E296907838}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C1B3A34-24BA-4BCD-B85A-413140F750CA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C354F88-E0E3-4682-B8DB-141CD57A18FE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C47CD0B-75D2-4D1C-AFBC-D5ED93D5DCD5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C5BEBB5-1A20-4FDF-A1D8-DEBB1FAABD46}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C8AFCBB-435D-4DA1-8BC1-3382C81A8400}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1C9C2C2B-3B38-4F79-8F37-219ACE6809F3}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1CC2D15B-B94E-4D0B-A1BB-58B90B21E0B5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1CC3A0F1-917A-43EF-8D00-1C3BF4DAC0A5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1D07BFEF-7ED2-4995-B918-FF8C3F481FD1}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1D204ED0-579E-4CC3-A278-E06AB0931F9E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1D300315-53EB-4CEE-B434-E9F6CD976B4E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1D8D0317-19C6-4061-A7F0-1D24A0E50640}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1D98FC40-56C1-43F6-B76F-B3D24E166E66}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1DA7AB19-E5A9-4A92-ADAC-186B162C62C6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1DA9E381-163B-44C0-B7B1-A72EF22B0F2A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1DC3C871-F48C-40A7-A13E-E7C5B3A07306}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1E2C71CA-1B75-4B1C-8F77-584DC42A05AA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1E527898-FAA4-46A7-A794-39CA9C471791}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1E7376CE-7037-4691-8143-F261BCFE210D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1E9D4269-D27D-4B1D-A9DF-5E8D26D8CB9F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1EBF0316-2655-4296-9A61-65E2539092DD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1F574D63-0031-41A5-A226-1C998ECB0647}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1F786C00-FA47-42C5-92B4-5388B6F30A7F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1F923031-3CC5-4FA3-9779-FF6BBD765F4A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1FA24E53-7354-493F-AC8A-F0A03F67F9CE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1FA4233F-E787-4D80-AA1D-289705FE011F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{1FD5A681-DA03-4533-B622-9283EF714519}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{200CE883-F4EA-49D2-B52E-1BF82BC36603}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{20475048-3B78-453F-AD95-265CD9B125BE}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{20682F22-7732-45CC-9BA4-F16C58299B10}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2093165A-A3EB-4672-89EB-D0BC7127BA6A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{20AA8FE1-0E6B-484F-9CB6-CDAD7B17D529}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{20FFC9CE-C7B3-4575-8201-7266EDB5432A}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21022A62-B44E-48BD-9EAB-DA0023DD8F8F}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2105D6A7-0871-4A60-B6FB-95FDAF9F9F05}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{211CA2BC-10CE-4B2D-9C66-27F5309982A0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2132650B-387D-4CC6-9FA1-30E1DD2F3823}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2165619E-8EBD-40AA-9491-B9A32600B616}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21709F2F-AE07-4DE9-AAE4-F1256BB5545D}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21A9657B-3AD5-432D-A3D3-29BF38AA9703}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21ACC83D-DEF2-49ED-BEC3-52327C8AE3FB}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21B1EC2F-318F-4FD0-A064-F96410370BB7}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21BAD4BD-17A7-4506-AAFE-F8B85A647290}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21CE9A8D-D98D-49C5-ADD1-261308B7384C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21E2EADD-6739-4495-8114-C184027A6C81}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21F83EF6-EBE3-4891-80C5-D54E864A4D4E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{21FA38B4-C35C-4933-9DD0-8D9B5C69E2B6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2214DCFF-1255-451E-AADA-31A871DEC79C}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{2216C3A2-B39B-42B4-A9F9-D47556AFA9ED}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{223DE704-BD02-45FB-84AE-FC67AADE56A5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22A8B61A-4ED7-4AF4-8D96-0A6B4EC9723B}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22D80EAB-2073-443E-9091-BAC49404CAF6}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22D85B27-3949-424B-BA05-11A43EF90E04}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22D85B3A-DC0C-442F-A875-D39EB3DEF092}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22E627BE-E193-4866-9E05-E905453E4635}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{22E94E3A-3630-49BB-B1D0-F428F934F8FC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23796DF6-47F9-46B8-9255-D69B83765FFD}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23815C97-3431-4E0C-8F1B-5EA9A21DE0F5}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23834748-D81B-4583-948B-6B69BE994D5E}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23A76B30-033F-48E6-99C6-B9A5B96C30CC}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23B89385-F575-41CB-B5C2-497BABC171EF}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23E62D29-78AB-4F5E-8DC9-61778CDE2549}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{23FCFEBB-5225-4799-B3A6-93B871583F3E}


Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF6073B6-7BB7-4B08-AF93-1E0BC8039864}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF62118A-216C-41F5-BC49-18A6CE4F11F0}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FF979101-9B3A-4996-BC76-553E186C29FA}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FFEE126A-77AE-4520-B39A-4C97D5E7D236}
Successfully deleted: [Empty Folder] C:\Users\Massimiliano\Appdata\Local\{FFF879EA-AD07-4202-8D38-2A0F84745DA0}
Successfully deleted: [Folder] C:\Users\Massimiliano\Appdata\Local\installer






~~~ Chrome




[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/07/2015 at 20:47:58,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- - - Updated - - -

Dunque dunque.. fatto girare ancora malwarebytes ma il file report non ho capito dove lo salva..comunque rispetto a ieri,solo 3 oggetti infetti. Poi ho scaricato combofix e chiuso tutto compreso avast e fatto girare. Allego il report di seguito. Una volta lanciato adwcleaner,mi evidenzia ancora le voci in registry :-( comincio a demoralizzarmi.

- - - Updated - - -

REPORT COMBOFIX


ComboFix 15-07-23.01 - Massimiliano 29/07/2015 19:16:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3767.2289 [GMT 2:00]
Eseguito da: c:\users\Massimiliano\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\c_0_lpt.pad
c:\programdata\ldsw_0paos.pad
c:\users\Massimiliano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Swift Record_iels
c:\users\Massimiliano\eMule0.50a-Installer.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2015-06-28 al 2015-07-29 )))))))))))))))))))))))))))))))))))
.
.
2015-07-29 17:25 . 2015-07-29 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-29 17:18 . 2015-07-29 17:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C68EF78A-A686-4380-8880-2CFCF8B6A639}\offreg.dll
2015-07-28 18:38 . 2015-07-29 17:11 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 17:28 . 2015-07-27 18:07 -------- d-----w- c:\program files\CCleaner
2015-07-27 16:20 . 2015-07-28 18:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 16:20 . 2015-07-27 16:20 -------- d-----w- c:\programdata\Malwarebytes
2015-07-27 16:20 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 16:20 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 16:20 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"SsroService"="c:\users\Public\Documents\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-07-28 1238016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-05 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpSC;LiveUpSC;c:\users\Massimiliano\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\Massimiliano\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SsroService;Ssro Service;c:\users\Massimiliano\AppData\Local\ServiceManager\ssro.exe;c:\users\Massimiliano\AppData\Local\ServiceManager\ssro.exe [x]
R2 SsupdService;Ssupd Service;c:\users\Massimiliano\AppData\Local\ssupd\ssupd.exe;c:\users\Massimiliano\AppData\Local\ssupd\ssupd.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-28 17:34 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001152707-2899450382-3201945822-1000Core.job
- c:\users\Massimiliano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 16:48]
.
2015-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001152707-2899450382-3201945822-1000UA.job
- c:\users\Massimiliano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 16:48]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 13:51]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 13:51]
.
2015-06-14 c:\windows\Tasks\HPCeeScheduleForMASSIMILIANO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-04 12:05 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = https://it.yahoo.com/?fr=hp-avast&type=avastbcl
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{11111111-1111-1111-1111-110611901159} - (no file)
Toolbar-10 - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DenieD: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2015-07-29 19:28:49
ComboFix-quarantined-files.txt 2015-07-29 17:28
.
Pre-Run: 375.258.492.928 byte disponibili
Post-Run: 375.084.924.928 byte disponibili
.
- - End Of File - - 9C9985B8059E7BEEC0E4DA765E01B44A

- - - Updated - - -

REPORT COMBOFIX


ComboFix 15-07-23.01 - Massimiliano 29/07/2015 19:16:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3767.2289 [GMT 2:00]
Eseguito da: c:\users\Massimiliano\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\c_0_lpt.pad
c:\programdata\ldsw_0paos.pad
c:\users\Massimiliano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Swift Record_iels
c:\users\Massimiliano\eMule0.50a-Installer.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2015-06-28 al 2015-07-29 )))))))))))))))))))))))))))))))))))
.
.
2015-07-29 17:25 . 2015-07-29 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-29 17:18 . 2015-07-29 17:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C68EF78A-A686-4380-8880-2CFCF8B6A639}\offreg.dll
2015-07-28 18:38 . 2015-07-29 17:11 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 17:28 . 2015-07-27 18:07 -------- d-----w- c:\program files\CCleaner
2015-07-27 16:20 . 2015-07-28 18:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-27 16:20 . 2015-07-27 16:20 -------- d-----w- c:\programdata\Malwarebytes
2015-07-27 16:20 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 16:20 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 16:20 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"SsroService"="c:\users\Public\Documents\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-07-28 1238016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-05 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpSC;LiveUpSC;c:\users\Massimiliano\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\Massimiliano\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SsroService;Ssro Service;c:\users\Massimiliano\AppData\Local\ServiceManager\ssro.exe;c:\users\Massimiliano\AppData\Local\ServiceManager\ssro.exe [x]
R2 SsupdService;Ssupd Service;c:\users\Massimiliano\AppData\Local\ssupd\ssupd.exe;c:\users\Massimiliano\AppData\Local\ssupd\ssupd.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-28 17:34 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001152707-2899450382-3201945822-1000Core.job
- c:\users\Massimiliano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 16:48]
.
2015-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001152707-2899450382-3201945822-1000UA.job
- c:\users\Massimiliano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 16:48]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 13:51]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 13:51]
.
2015-06-14 c:\windows\Tasks\HPCeeScheduleForMASSIMILIANO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-04 12:05 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = https://it.yahoo.com/?fr=hp-avast&type=avastbcl
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{11111111-1111-1111-1111-110611901159} - (no file)
Toolbar-10 - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DenieD: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2015-07-29 19:28:49
ComboFix-quarantined-files.txt 2015-07-29 17:28
.
Pre-Run: 375.258.492.928 byte disponibili
Post-Run: 375.084.924.928 byte disponibili
.
- - End Of File - - 9C9985B8059E7BEEC0E4DA765E01B44A

 

[Lele1990]

metti il report completo di JRT, per gli altri programmi che ti ho elencato, si sarebbe meglio farli girare in modalità provvisoria.

rimuovi adwcleaner avviandolo e cliccando su "disinstalla£ (in modalità normale) e cancella JRT (basta eliminare l'eseguibile e il suo report).

ti sei dimenticato di mettere il combofix quarantined files, rimuovi combofix con Error - Geeks to Go Forum avvialo e premi su cleanup si riavvierà e combofix sarà rimosso. (Anche questo và fatto in modaità normale)

 

[Max7]

OK,PROVVEDO.

- - - Updated - - -

Cancellato ADWcleaner
Fatto girare nuovamente JRT perchè non trovavo piu il report. Allego quello nuovo di seguito.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Massimiliano on 29/07/2015 at 19:48:57,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Tasks






~~~ Registry Values






~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer






~~~ Files






~~~ Folders






~~~ Chrome




[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


[C:\Users\Massimiliano\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2015 at 19:54:09,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- - - Updated - - -

Ora cosa suggerisci ?

 

[R16]

@Max7:

Segui alla lettera queste indicazioni:

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

KillAll::
Driver::
LiveUpSC
SsroService
SsupdService
File::
c:\users\Public\Documents\Applicati on\CurrentFile\ssadl.exe
c:\user s\Massimiliano\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\Massimiliano\AppData\Local\ServiceManager\ssro.exe
c:\users\Massimiliano\AppData\Local\ssupd\ssupd.exe
Folder::
c:\users\Massimiliano\AppData\Local\SoftwareUpdater
c:\users\Massimiliano\AppData\Local\ssupd
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"SsroService"="-

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Per postare il log usa Wikisend:
Collegati ad internet e vai alla pagina WikiSend:
Wikisend: free file sharing service
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

 

[Max7]

Ciao R16,

ho appena terminato una scansione con malwarebytes e mi dice che non sono stati rilevati elementi infetti. Che fosse colpa davvero di ADWcleaner ? In generale fa piu fede malwarebytes o adwcleaner ?
Detto questo, procedo comunque con quanto mi hai suggerito ?

 

[R16]

Ciao R16,

ho appena terminato una scansione con malwarebytes e mi dice che non sono stati rilevati elementi infetti. Che fosse colpa davvero di ADWcleaner ? In generale fa piu fede malwarebytes o adwcleaner ?
Detto questo, procedo comunque con quanto mi hai suggerito ?

Ciao.
Il pc è infetto da un paio di dirottatori browser.
Di solito sia Adwceaner che Malwarebytes risolvono il problema, ma per essere sicuri, puoi procedere con le indicazioni che ti ho dato.
Il pc si riavvierà in automatico.
Posta il log che rilascerà Combofix.