PROBLEMA Virus Che Rimanda Ad Altri Siti

Pubblicità
Furiano

Furiano

Utente Attivo
Messaggi
317
Reazioni
26
Punteggio
39
(Scusate ho aperto per sbaglio la discussione su internet e non su sicurezza).

Post da rimuovere: https://www.tomshw.it/forum/threads/virus-che-rimanda-ad-altri-siti.608007/

Ciao! Negli ultimi mesi non ho avuto nessun problema al pc. Ultimamente dopo aver inserito varie chiavette USB il pc è stato infettato. Ho provato con Malwarebytes, Junkware Removal Tool, ADW Cleaner e altri programmi ma non ha trovato nulla. FarBar mi ha invece segnalato un sacco di siti.

Riuscite a indicarmi le voci da rimuovere per liberarmi dall'infezione? Grazie!

FRST

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7745792 2015-11-03] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3787c4a8-bafa-460e-8c9c-f6b325b5de6c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bd0ab91b-649f-497b-bfc0-65c540b10b3c}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: qc7oo66l.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qc7oo66l.default [2016-11-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4149312 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [605336 2016-10-13] (AVG Technologies CZ, s.r.o.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\WINDOWS\System32\drivers\amdide.sys [11944 2015-11-03] (Advanced Micro Devices Inc.)
S0 Avgbootx; C:\WINDOWS\System32\DRIVERS\avgbootx.sys [19584 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [257792 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimw8x.sys [41216 2016-08-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [218880 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\WINDOWS\system32\DRIVERS\avgwfpx.sys [246536 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-11-03] (REALiX(tm))
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_x86_e7d98b48eb17e99e\nvlddmkm.sys [11839032 2016-08-26] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 12:21 - 2016-11-06 12:21 - 00008185 _____ C:\Users\Admin\Desktop\FRST.txt
2016-11-06 12:02 - 2016-11-06 12:13 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-11-05 20:10 - 2009-06-10 22:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161105-201027.backup
2016-11-05 18:47 - 2016-11-05 18:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-05 18:47 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Admin\Documents\Post Win10 Spybot-install.exe
2016-11-05 18:45 - 2016-11-05 18:49 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-11-05 18:45 - 2016-11-05 18:49 - 00002188 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-11-05 18:45 - 2016-11-05 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-11-05 18:45 - 2015-06-16 17:19 - 00018688 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean.exe
2016-11-05 18:27 - 2016-11-05 18:27 - 01631928 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT.exe
2016-11-05 18:20 - 2016-11-05 18:20 - 01759744 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-11-05 18:13 - 2016-11-05 18:13 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-05 18:13 - 2016-11-05 18:13 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-05 18:13 - 2016-11-05 18:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-05 17:55 - 2016-11-05 17:55 - 03910208 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-11-05 17:38 - 2016-11-05 20:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-05 17:38 - 2016-11-05 18:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-11-05 17:36 - 2016-11-05 17:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Admin\Downloads\spybot-2.4.exe
2016-11-01 09:49 - 2016-11-01 09:49 - 00000913 _____ C:\Users\Public\Desktop\AVG.lnk
2016-10-29 11:34 - 2016-10-29 11:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Targem
2016-10-29 01:06 - 2016-10-29 01:07 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Heroes and Generals
2016-10-29 00:56 - 2016-10-29 00:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HeroesAndGeneralsDesktop
2016-10-29 00:56 - 2010-06-02 03:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-10-29 00:56 - 2010-02-04 09:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-10-29 00:56 - 2010-02-04 09:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-10-29 00:56 - 2010-02-04 09:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-10-29 00:56 - 2009-09-04 16:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-10-29 00:56 - 2009-09-04 16:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-10-29 00:56 - 2009-09-04 16:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-10-29 00:56 - 2009-09-04 16:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-10-29 00:56 - 2009-09-04 16:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-10-29 00:56 - 2009-09-04 16:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-10-29 00:56 - 2009-09-04 16:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-10-29 00:56 - 2009-09-04 16:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-10-29 00:56 - 2009-03-16 13:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-10-29 00:56 - 2009-03-16 13:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-10-29 00:56 - 2009-03-16 13:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-10-29 00:56 - 2009-03-09 14:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-10-29 00:56 - 2009-03-09 14:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-10-29 00:56 - 2009-03-09 14:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-10-29 00:56 - 2008-10-27 09:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-10-29 00:56 - 2008-10-27 09:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-10-29 00:56 - 2008-10-27 09:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-10-29 00:56 - 2008-10-27 09:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-10-29 00:56 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-10-29 00:56 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-10-29 00:56 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-10-29 00:56 - 2008-07-31 09:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-10-29 00:56 - 2008-07-31 09:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-10-29 00:56 - 2008-07-31 09:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-10-29 00:56 - 2008-07-10 10:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-10-29 00:56 - 2008-07-10 10:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-10-29 00:56 - 2008-07-10 10:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-10-29 00:56 - 2008-05-30 13:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-10-29 00:56 - 2008-05-30 13:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-10-29 00:56 - 2008-05-30 13:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-10-29 00:56 - 2008-05-30 13:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-10-29 00:56 - 2008-05-30 13:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-10-29 00:56 - 2008-05-30 13:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-10-29 00:56 - 2008-05-30 13:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-10-29 00:56 - 2008-03-05 15:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-10-29 00:56 - 2008-03-05 15:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-10-29 00:56 - 2008-03-05 15:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-10-29 00:56 - 2008-03-05 14:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-10-29 00:56 - 2008-03-05 14:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-10-29 00:56 - 2008-02-05 22:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-10-29 00:56 - 2007-10-22 02:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-10-29 00:56 - 2007-10-22 02:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-10-29 00:56 - 2007-10-12 14:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-10-29 00:56 - 2007-10-12 14:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-10-29 00:56 - 2007-10-02 08:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-10-29 00:56 - 2007-07-19 23:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-10-29 00:56 - 2007-07-19 17:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-10-29 00:56 - 2007-07-19 17:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-10-29 00:56 - 2007-07-19 17:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-10-29 00:56 - 2007-06-20 19:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-10-29 00:56 - 2007-05-16 15:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-10-29 00:56 - 2007-05-16 15:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-10-29 00:56 - 2007-05-16 15:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-10-29 00:56 - 2007-04-04 17:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-10-29 00:56 - 2007-03-15 15:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-10-29 00:56 - 2007-03-12 15:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-10-29 00:56 - 2007-03-12 15:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-10-29 00:56 - 2007-03-05 11:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-10-29 00:56 - 2007-01-24 14:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-10-29 00:56 - 2006-12-08 11:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-10-29 00:56 - 2006-11-29 12:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-10-29 00:56 - 2006-11-29 12:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-10-29 00:56 - 2006-09-28 15:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-10-29 00:56 - 2006-09-28 15:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-10-29 00:56 - 2006-07-28 08:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-10-29 00:56 - 2006-07-28 08:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-10-27 21:23 - 2016-10-15 05:36 - 04970224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 21:23 - 2016-10-15 05:35 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-27 21:23 - 2016-10-15 05:35 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-27 21:23 - 2016-10-15 05:33 - 01073816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-27 21:23 - 2016-10-15 05:33 - 00945760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-27 21:23 - 2016-10-15 05:32 - 01583112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-27 21:23 - 2016-10-15 05:20 - 01898336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 21:23 - 2016-10-15 05:20 - 00550752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 21:23 - 2016-10-15 05:20 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 21:23 - 2016-10-15 05:19 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-27 21:23 - 2016-10-15 05:14 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 21:23 - 2016-10-15 05:14 - 00802600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 21:23 - 2016-10-15 05:14 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 21:23 - 2016-10-15 04:56 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 21:23 - 2016-10-15 04:55 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 21:23 - 2016-10-15 04:54 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 21:23 - 2016-10-15 04:54 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 21:23 - 2016-10-15 04:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 21:23 - 2016-10-15 04:48 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 21:23 - 2016-10-15 04:48 - 00797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 21:23 - 2016-10-15 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-27 21:23 - 2016-10-15 04:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 21:23 - 2016-10-15 04:37 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-27 21:23 - 2016-10-15 04:37 - 01485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 21:23 - 2016-10-15 04:37 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 21:23 - 2016-10-15 04:36 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-27 21:23 - 2016-10-15 04:36 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-27 21:22 - 2016-10-15 06:11 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-27 21:22 - 2016-10-15 06:11 - 00224608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 21:22 - 2016-10-15 05:40 - 01126496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 21:22 - 2016-10-15 05:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 21:22 - 2016-10-15 05:33 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-27 21:22 - 2016-10-15 05:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 21:22 - 2016-10-15 05:32 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-27 21:22 - 2016-10-15 05:31 - 00570720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-10-27 21:22 - 2016-10-15 05:26 - 00055136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 21:22 - 2016-10-15 05:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 00576400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 00458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 21:22 - 2016-10-15 05:18 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 21:22 - 2016-10-15 05:18 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 21:22 - 2016-10-15 05:18 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-10-27 21:22 - 2016-10-15 05:18 - 00067424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 21:22 - 2016-10-15 05:15 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-27 21:22 - 2016-10-15 05:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 21:22 - 2016-10-15 05:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 21:22 - 2016-10-15 05:15 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-27 21:22 - 2016-10-15 05:14 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-27 21:22 - 2016-10-15 05:11 - 01424488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-10-27 21:22 - 2016-10-15 05:11 - 01345504 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 21:22 - 2016-10-15 05:11 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-27 21:22 - 2016-10-15 05:11 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-27 21:22 - 2016-10-15 05:10 - 01968992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 21:22 - 2016-10-15 05:10 - 00781664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 21:22 - 2016-10-15 05:10 - 00482656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 21:22 - 2016-10-15 05:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 21:22 - 2016-10-15 05:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 21:22 - 2016-10-15 05:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 21:22 - 2016-10-15 05:00 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 21:22 - 2016-10-15 05:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 21:22 - 2016-10-15 04:59 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 21:22 - 2016-10-15 04:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 21:22 - 2016-10-15 04:58 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 21:22 - 2016-10-15 04:58 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 21:22 - 2016-10-15 04:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-10-27 21:22 - 2016-10-15 04:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 21:22 - 2016-10-15 04:57 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-27 21:22 - 2016-10-15 04:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 21:22 - 2016-10-15 04:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 21:22 - 2016-10-15 04:56 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 21:22 - 2016-10-15 04:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 21:22 - 2016-10-15 04:55 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-27 21:22 - 2016-10-15 04:55 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 21:22 - 2016-10-15 04:55 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 21:22 - 2016-10-15 04:54 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-27 21:22 - 2016-10-15 04:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 21:22 - 2016-10-15 04:54 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-27 21:22 - 2016-10-15 04:54 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 21:22 - 2016-10-15 04:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 21:22 - 2016-10-15 04:54 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 21:22 - 2016-10-15 04:53 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-10-27 21:22 - 2016-10-15 04:53 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-10-27 21:22 - 2016-10-15 04:52 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-27 21:22 - 2016-10-15 04:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-27 21:22 - 2016-10-15 04:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 21:22 - 2016-10-15 04:51 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-27 21:22 - 2016-10-15 04:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-10-27 21:22 - 2016-10-15 04:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 21:22 - 2016-10-15 04:51 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 21:22 - 2016-10-15 04:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 21:22 - 2016-10-15 04:50 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 21:22 - 2016-10-15 04:50 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 21:22 - 2016-10-15 04:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 21:22 - 2016-10-15 04:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-27 21:22 - 2016-10-15 04:49 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-10-27 21:22 - 2016-10-15 04:49 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-10-27 21:22 - 2016-10-15 04:49 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 21:22 - 2016-10-15 04:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 21:22 - 2016-10-15 04:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 21:22 - 2016-10-15 04:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 21:22 - 2016-10-15 04:48 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 21:22 - 2016-10-15 04:47 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-27 21:22 - 2016-10-15 04:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 21:22 - 2016-10-15 04:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 21:22 - 2016-10-15 04:47 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 21:22 - 2016-10-15 04:46 - 19418112 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-27 21:22 - 2016-10-15 04:46 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-27 21:22 - 2016-10-15 04:46 - 01375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-27 21:22 - 2016-10-15 04:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 21:22 - 2016-10-15 04:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 21:22 - 2016-10-15 04:44 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-10-27 21:22 - 2016-10-15 04:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 21:22 - 2016-10-15 04:43 - 01406976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 21:22 - 2016-10-15 04:43 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-27 21:22 - 2016-10-15 04:43 - 00500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 21:22 - 2016-10-15 04:42 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-27 21:22 - 2016-10-15 04:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 21:22 - 2016-10-15 04:42 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-27 21:22 - 2016-10-15 04:42 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-10-27 21:22 - 2016-10-15 04:41 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-27 21:22 - 2016-10-15 04:41 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 21:22 - 2016-10-15 04:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 21:22 - 2016-10-15 04:40 - 01135616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 21:22 - 2016-10-15 04:40 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-27 21:22 - 2016-10-15 04:39 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-27 21:22 - 2016-10-15 04:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 21:22 - 2016-10-15 04:39 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-10-27 21:22 - 2016-10-15 04:38 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-27 21:22 - 2016-10-15 04:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 21:22 - 2016-10-15 04:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 01940992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 01523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 01123328 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 21:22 - 2016-10-15 04:36 - 00528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 21:22 - 2016-10-15 04:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 02999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-27 21:22 - 2016-10-15 04:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 01026400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00496992 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00486752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 21:21 - 2016-10-15 06:11 - 00069472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 21:21 - 2016-10-15 05:27 - 00421216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 21:21 - 2016-10-15 05:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 21:21 - 2016-10-15 05:15 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-27 21:21 - 2016-10-15 05:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 21:21 - 2016-10-15 05:15 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-27 21:21 - 2016-10-15 05:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 21:21 - 2016-10-15 04:56 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-10-27 21:21 - 2016-10-15 04:55 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 21:21 - 2016-10-15 04:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 21:21 - 2016-10-15 04:54 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 21:21 - 2016-10-15 04:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 21:21 - 2016-10-15 04:53 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 21:21 - 2016-10-15 04:53 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-10-27 21:21 - 2016-10-15 04:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-27 21:21 - 2016-10-15 04:52 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-10-27 21:21 - 2016-10-15 04:52 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-10-27 21:21 - 2016-10-15 04:52 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 21:21 - 2016-10-15 04:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2016-10-27 21:21 - 2016-10-15 04:51 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2016-10-27 21:21 - 2016-10-15 04:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-10-27 21:21 - 2016-10-15 04:50 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-10-27 21:21 - 2016-10-15 04:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 21:21 - 2016-10-15 04:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 21:21 - 2016-10-15 04:46 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-10-27 21:21 - 2016-10-15 04:44 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-27 21:21 - 2016-10-15 04:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 21:21 - 2016-10-15 04:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 21:21 - 2016-10-15 04:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 21:21 - 2016-10-15 04:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 21:21 - 2016-10-15 04:39 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-10-27 21:21 - 2016-10-15 04:38 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-10-27 21:21 - 2016-10-15 04:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 21:21 - 2016-10-15 04:37 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 21:21 - 2016-10-15 04:36 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-10-27 21:21 - 2016-10-15 04:36 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-10-27 21:21 - 2016-10-15 04:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-27 21:21 - 2016-10-15 04:36 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-10-27 21:21 - 2016-10-15 04:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-10-27 21:21 - 2016-10-15 04:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-27 21:21 - 2016-10-15 04:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-27 21:21 - 2016-10-15 04:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-10-27 21:21 - 2016-10-15 04:33 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-21 11:12 - 2016-10-29 11:34 - 00000000 ____D C:\Users\Admin\Documents\My Games
2016-10-21 11:12 - 2016-10-21 11:12 - 00000000 ____D C:\Users\Admin\AppData\Local\HirezLauncherUI
2016-10-21 11:06 - 2016-10-21 11:18 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-10-21 11:06 - 2016-10-21 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-10-21 11:05 - 2016-11-06 12:18 - 00000000 ____D C:\Program Files\Hi-Rez Studios
2016-10-21 11:05 - 2016-10-21 11:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-21 09:58 - 2016-10-29 12:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-21 09:58 - 2016-10-21 09:58 - 00000216 _____ C:\Users\Admin\Desktop\Paladins.url
2016-10-21 09:42 - 2016-10-21 09:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Steam
2016-10-21 09:37 - 2016-11-05 17:29 - 00000000 ____D C:\Program Files\Steam
2016-10-21 09:37 - 2016-10-21 09:48 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-10-21 09:37 - 2016-10-21 09:37 - 01446792 _____ C:\Users\Admin\Downloads\SteamSetup.exe
2016-10-21 09:37 - 2016-10-21 09:37 - 00000990 _____ C:\Users\Public\Desktop\Steam.lnk
2016-10-21 09:37 - 2016-10-21 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-21 09:27 - 2016-10-29 09:02 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-20 23:10 - 2016-11-05 18:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-12 13:30 - 2016-10-05 11:03 - 01724584 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 13:30 - 2016-10-05 10:59 - 00949600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 13:30 - 2016-10-05 10:54 - 01097568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 13:30 - 2016-10-05 10:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 13:30 - 2016-10-05 10:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 13:30 - 2016-10-05 10:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 13:30 - 2016-10-05 10:46 - 00056672 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 13:30 - 2016-10-05 10:45 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 13:30 - 2016-10-05 10:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 13:30 - 2016-10-05 10:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 13:30 - 2016-10-05 10:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 13:30 - 2016-10-05 10:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 13:30 - 2016-10-05 10:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 13:30 - 2016-10-05 10:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 13:30 - 2016-10-05 10:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 13:30 - 2016-10-05 10:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-12 13:30 - 2016-10-05 10:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 13:30 - 2016-10-05 10:25 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 13:30 - 2016-10-05 10:25 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-10-12 13:30 - 2016-10-05 10:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 13:30 - 2016-10-05 10:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 13:30 - 2016-10-05 10:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 13:30 - 2016-10-05 10:23 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 13:30 - 2016-10-05 10:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-10-12 13:30 - 2016-10-05 10:22 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 13:30 - 2016-10-05 10:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 13:30 - 2016-10-05 10:21 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 13:30 - 2016-10-05 10:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 13:30 - 2016-10-05 10:20 - 00303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 13:30 - 2016-10-05 10:18 - 01283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 13:30 - 2016-10-05 10:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 13:30 - 2016-10-05 10:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 13:30 - 2016-10-05 10:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 13:30 - 2016-10-05 10:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 13:30 - 2016-10-05 10:10 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 13:30 - 2016-10-05 10:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 13:30 - 2016-10-05 10:09 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 13:30 - 2016-10-05 10:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 13:30 - 2016-10-05 10:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 13:30 - 2016-10-05 10:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 13:30 - 2016-10-05 10:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 13:30 - 2016-10-05 10:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 13:30 - 2016-10-05 10:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 13:30 - 2016-10-05 10:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 13:30 - 2016-10-05 10:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 13:30 - 2016-10-05 10:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 13:30 - 2016-10-05 10:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-10-12 13:30 - 2016-10-05 10:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 13:30 - 2016-09-23 04:59 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 13:30 - 2016-09-07 06:18 - 00290264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-12 13:29 - 2016-10-05 11:10 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 13:29 - 2016-10-05 11:05 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 13:29 - 2016-10-05 10:53 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 13:29 - 2016-10-05 10:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 13:29 - 2016-10-05 10:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-10-12 13:29 - 2016-10-05 10:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 13:29 - 2016-10-05 10:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2016-10-12 13:29 - 2016-10-05 10:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 13:29 - 2016-10-05 10:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-10-12 13:29 - 2016-10-05 10:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 13:29 - 2016-10-05 10:24 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 13:29 - 2016-10-05 10:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 13:29 - 2016-10-05 10:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 13:29 - 2016-10-05 10:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 13:29 - 2016-10-05 10:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 13:29 - 2016-10-05 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 13:29 - 2016-10-05 10:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 13:29 - 2016-10-05 10:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 13:29 - 2016-10-05 10:11 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 13:29 - 2016-10-05 10:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 13:29 - 2016-10-05 10:09 - 01700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 13:29 - 2016-10-05 10:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 13:29 - 2016-10-05 10:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 13:29 - 2016-10-05 10:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 12:21 - 2016-01-11 18:53 - 00000000 ____D C:\FRST
2016-11-06 12:18 - 2016-09-23 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-06 12:18 - 2015-11-03 17:39 - 00000000 ____D C:\ProgramData\MFAData
2016-11-06 12:17 - 2016-07-16 03:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-06 12:16 - 2016-03-31 09:01 - 00000000 ____D C:\AdwCleaner
2016-11-06 11:43 - 2016-09-23 14:46 - 03647690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-06 11:43 - 2016-07-16 18:24 - 01582410 _____ C:\WINDOWS\system32\perfh010.dat
2016-11-06 11:43 - 2016-07-16 18:24 - 00434968 _____ C:\WINDOWS\system32\perfc010.dat
2016-11-06 11:38 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-05 20:16 - 2016-01-12 17:56 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 20:14 - 2016-01-31 12:16 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-05 17:51 - 2016-07-16 09:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-05 17:51 - 2015-12-07 15:39 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-11-05 10:55 - 2016-07-16 03:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-04 21:41 - 2015-12-07 19:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Battle.net
2016-11-04 20:29 - 2016-09-23 14:47 - 00000000 ____D C:\Users\Admin
2016-11-04 20:27 - 2015-12-07 19:33 - 00000000 ____D C:\Program Files\Battle.net
2016-11-04 20:07 - 2016-09-23 14:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-03 12:00 - 2015-11-04 20:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 09:49 - 2016-09-24 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-10-29 15:05 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\rescache
2016-10-29 12:11 - 2016-07-16 09:28 - 00000000 ____D C:\WINDOWS\INF
2016-10-29 01:13 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-27 22:28 - 2015-12-07 15:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-27 22:27 - 2016-09-23 14:39 - 00224024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-27 22:25 - 2016-07-16 09:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-27 22:25 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-27 22:25 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-27 22:25 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-27 22:24 - 2016-07-16 09:30 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-27 22:23 - 2016-07-16 09:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-25 00:30 - 2016-07-16 09:31 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-25 00:30 - 2016-07-16 09:31 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-22 19:28 - 2015-12-07 19:36 - 00000000 ____D C:\Program Files\Hearthstone
2016-10-21 11:07 - 2015-11-22 09:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-21 09:28 - 2015-11-03 18:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-10-19 17:38 - 2016-09-24 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-15 10:01 - 2015-11-03 16:50 - 00389400 __RSH C:\bootmgr
2016-10-13 12:29 - 2016-07-16 09:29 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-13 12:29 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-13 12:29 - 2016-07-16 09:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-13 12:29 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-13 11:48 - 2015-11-14 14:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 11:45 - 2015-11-14 14:41 - 141042968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 16:57 - 2015-11-04 20:21 - 136215256 _____ C:\Users\Admin\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_it(1).exe
2016-10-12 13:03 - 2016-07-16 09:25 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-10 21:08 - 2016-08-04 22:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2016-09-23 14:42 - 2016-09-23 14:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
Ultima modifica:
Addition:

==================== Accounts: =============================

Admin (S-1-5-21-1684796492-860333601-2249642120-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1684796492-860333601-2249642120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1684796492-860333601-2249642120-503 - Limited - Disabled)
Guest (S-1-5-21-1684796492-860333601-2249642120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1684796492-860333601-2249642120-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies)
AVG (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Canon MX370 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Epic Games Launcher Prerequisites (x86) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 it) (HKLM\...\Mozilla Firefox 49.0.2 (x86 it)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2 - Mozilla)
OpenOffice 4.1.2 (HKLM\...\{DD985E2D-C2D5-4ECB-A3DF-3FC1A20F6830}) (Version: 4.12.9782 - Apache Software Foundation)
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
Pannello di controllo NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1684796492-860333601-2249642120-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04AA34CA-1FA3-493D-81A7-C2B366CF8CF5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A5B62A6-E18C-4015-9E0E-FAEB87DE56C8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3791FC34-950B-453E-9DAF-E778B092DA16} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3DB8807A-1F7D-4FE4-B4B4-731A04030EAC} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {404DADAF-91B4-407B-B864-E28D7B5CE592} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42CF1B5D-6F47-48F0-A2FD-C217FEA83BAE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4DA875D3-5917-48C1-90F0-95774EFBB4D4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {555D6C3A-2D35-48D1-BC35-EE5A93179094} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {61956055-65D3-4AD9-9B22-67C341DE9C8A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {63C3E308-DCEB-458A-B850-BFAA554E2EAB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6651C601-1F91-4EDD-932E-4A827CF6DC8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {6FE7B5FC-0158-436B-91FF-11F9521FBC64} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {72606A59-E696-41E4-86F9-0B055F1880A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79DBE4E8-0868-4AD4-A6F7-D778FD4EC6BC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7A28E340-FA17-472C-9E24-AC130D52E482} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7AE4F645-515C-464E-94BD-E6B65E471E7E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {835FE4F4-D870-481A-AAD8-F75320887400} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {929A76BB-D170-4D33-B352-FBA2FA64CC4A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {95189D8F-DAEE-44BE-AF4A-08EBC25EB9E1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {983F6B09-3EAB-4A30-90D6-4FF62EF9FC82} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A32DD793-96DA-4ED6-8078-7C914B87548E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-13] (Microsoft Corporation)
Task: {ABBDB709-6CEF-4034-B70A-6D648964BE72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AEFEAFFB-2622-4CC7-B5CC-C17BE5E88B13} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
Task: {B0D4C7F8-9327-4067-8EA7-B365B863063F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {CBD47A0D-C86B-4188-9E53-6EE11BE2705E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DDE921FA-997C-4EE9-91C3-491F1946B1AB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF6E71C3-A447-487C-A481-357079D862F4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5F263C9-02F7-45C8-950A-A3F013013EE6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FE7DAC8B-4C3D-4D5D-B4C3-9E697DA6DD6D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE8CD318-A872-4F8D-996D-3632EF099D3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:25 - 2016-07-16 09:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 09:34 - 2016-09-15 18:32 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-23 14:41 - 2016-08-01 13:34 - 00123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-11-05 18:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-05 18:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-05 18:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-05 18:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-30 09:34 - 2016-09-15 18:32 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 15:15 - 2016-09-23 15:15 - 01383616 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-07-16 09:25 - 2016-07-16 09:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-23 15:33 - 2016-09-23 15:33 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 21:22 - 2016-10-15 04:39 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 01149440 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-23 15:33 - 2016-09-23 15:33 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-27 21:22 - 2016-10-15 04:35 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 21:22 - 2016-10-15 04:37 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-23 15:33 - 2016-09-23 15:33 - 00093184 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-09-24 10:08 - 2016-09-24 10:07 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2016-09-28 17:26 - 2016-09-28 17:26 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2016-09-23 15:15 - 2016-09-23 15:15 - 00118976 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-10-25 11:05 - 2016-10-25 11:06 - 00829440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1609.2843.0_x86__8wekyb3d8bbwe\TimeBackground.dll
2016-11-03 11:16 - 2016-11-03 11:17 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x86__8wekyb3d8bbwe\WinStoreTasksWrapper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1684796492-860333601-2249642120-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-11-05 20:10 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1684796492-860333601-2249642120-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Viewer\Sfondo del Visualizzatore foto di Windows.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{F9F7E293-8EA7-437A-B246-AC6A6A933B51}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{2019B8C9-44F9-480B-83D6-FB46067AC918}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{C97CE928-C433-4909-B2CD-9B0622161060}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7E85F6E5-37B3-4A98-93F4-E272804D4B13}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E68AD137-8F38-4635-8142-779821DAA39C}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{85055BF2-D892-4E7A-8B7C-3F2EDDF94107}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{F4AC239F-AF50-40B7-B67B-6631A4AB36FE}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{3480553D-6835-4EA4-87F9-BFC1A3B1EEE3}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{013D1306-F0F8-4622-AD74-F1F84FA744C2}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{EBB8F01D-88AB-462C-BE9C-3E190F5131A1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C0FBE9C7-238A-44DB-8261-D6864CB54BB2}] => (Allow) C:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B50E65DD-6D71-43CA-B2AF-E0C72FCE19C3}] => (Allow) C:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{269FAACD-C410-46E9-98B6-11A2611D2211}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{8AB8DDCE-B483-4AD2-8354-A920C7DDC6E0}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{5C6D4FEA-1DAD-4A53-B559-47AE7D1632F4}C:\program files\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{4AF01F14-D4EB-4798-9F0B-B60D8DC86BF8}C:\program files\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{1679E298-1872-45D1-A536-9D2FC7215BCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9BE7E57D-27F8-4498-8948-7E7936DBE3FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-10-2016 09:26:04 JRT Pre-Junkware Removal
05-11-2016 18:38:08 JRT Pre-Junkware Removal
05-11-2016 20:56:51 JRT Pre-Junkware Removal
06-11-2016 11:41:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 12:14:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner (3972) testing: Si è verificato l'errore -1032 (0xfffffbf8) durante l'apertura del file di log C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (11/06/2016 12:14:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner (3972) testing: Un tentativo di apertura del file "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" per l'accesso in sola lettura non è riuscito con l'errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura del file non verrà eseguita con l'errore -1032 (0xfffffbf8).

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDWinLogon.dll". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDWinLogon.dll", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\System32\sdnclean.exe". Errore nel file manifesto o dei criteri "C:\Windows\System32\sdnclean.exe", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDScanLibrary.dll". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDScanLibrary.dll", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDFileScanHelper.exe". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDFileScanHelper.exe", riga 2.
L'elemento radice del file manifesto deve essere un assembly.

Error: (11/06/2016 12:14:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files\Spybot - Search & Destroy 2\SDEvents.dll". Errore nel file manifesto o dei criteri "C:\Program Files\Spybot - Search & Destroy 2\SDEvents.dll", riga 2.
L'elemento radice del file manifesto deve essere un assembly.


System errors:
=============
Error: (11/06/2016 12:20:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Servizio piattaforma dispositivi connessi terminato con l'errore:
Errore non specificato.

Error: (11/06/2016 12:18:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: La chiamata ScRegSetValueExW per FailureActions non è riuscita con l'errore
Accesso negato.
.

Error: (11/06/2016 12:18:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (11/06/2016 12:18:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: La chiamata ScRegSetValueExW per FailureActions non è riuscita con l'errore
Accesso negato.
.

Error: (11/06/2016 12:18:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio NetTcpActivator dipende dal servizio NetTcpPortSharing che non è stato avviato per il seguente errore:
Impossibile avviare il servizio. Il servizio è disabilitato oppure non è associato ad alcun dispositivo attivo.

Error: (11/06/2016 12:16:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
Un'istanza del servizio è già in esecuzione.

Error: (11/06/2016 12:16:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: La chiamata ScRegSetValueExW per FailureActions non è riuscita con l'errore
Accesso negato.
.

Error: (11/06/2016 12:16:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spybot-S&D 2 Security Center Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (11/06/2016 12:16:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spybot-S&D 2 Updating Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (11/06/2016 12:16:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Accodamento messaggi è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 36%
Total physical RAM: 3582.18 MB
Available physical RAM: 2286.9 MB
Total Virtual: 7166.18 MB
Available Virtual: 5677.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.51 GB) (Free:108.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
L'esperto che sa usare farbar arriverà quando ha tempo . Ti invito ad attendere la fine del suo lavoro prima di formattare ( o se vuoi formattare , avvisalo prima ).

Inoltre i log vanno inseriti come allegati! Per evitare papiri.

Buon proseguimento :)
 
tanto per cominciare devo ringraziare cecchino Jackson per la cortesia che offre a me e agli utenti

per quanto riguarda te Furiano il problema e' sicuramente dovuto a qualche programma che hai installato ultimamente, come per esempio questo dovresti rimuoverlo al piu' presto per la sicurezza del tuo pc

inoltre hai il file hosts infettato sicuramente dallo stesso programma fake per cui ti consiglio di procedere in questo modo

scarica HostsXpert


Scompattalo.
Doppio click su HostsXpert - clicca su Make it readable - successivamente clicca su Restore MS Hosts File -
Conferma.
Esci dal programma

appena terminato riavvia il pc se non lo fa in automatico e fammi questa scansione

scarica sul desktop RougeKiller
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita le pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, troverai il log sul desktop.
Postalo qui.

NON CANCELLARE NESSUNA VOCE DOPO LA SCANSIONE
Furiano una cortesia, allega i log come da regolamento, non copiarli

Grazie
 
Ho scaricato HostXpert però quando clicco su Restore MS Host file mi compare questa scritta: Cannot create file C: /WINDOWS/system32/ DRIVERS/ETC/Hosts

Ho eliminato Plumbytes con Ccleaner. Può bastare?

Cliccando sul tuo link di RogueKiller mi apre una pagina bianca.

Ho scaricato il programma da qui: http://www.bleepingcomputer.com/download/roguekiller/

Ha trovato una minaccia. Per praticità ho piazzato tutto qui senza allegati. Secondo te si può risolvere tutto rimuovendo determinate voci? Oppure è meglio formattare?

RogueKiller V12.7.5.0 [Oct 31 2016] (Gratuito) di Adlice Software

posta : http://www.adlice.com/contact/

Commenti : http://forum.adlice.com

Sito Web : http://www.adlice.com/download/roguekiller/

Discussione : http://www.adlice.com


Sistema Operativo : Windows 10 (10.0.14393) 32 bits version

Iniziato in : Modalità Normale

Utente : Admin [Amministratore]

Iniziato da : C:\Program Files\RogueKiller\RogueKiller.exe

Modalità : Scansione -- Data : 11/07/2016 09:35:33 (Duration : 00:35:19)

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 1 ¤¤¤

[Hidden.ADS][] C::Win32App_1 -> Trovato

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3160215AS +++++

--- User ---

[MBR] 91e0c42ae75a874676c26d5855f281b1

[BSP] b54b03e864b7e0dae5baf4245478a354 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152075 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311656448 | Size: 450 MB

User = LL1 ... OK

User = LL2 ... OK


@menatwork
 
Ultima modifica:
Furiano il link a me funziona evidentemente c'e' qualcosa che non va nel tuo pc

per favore l'ho anche scritto, a me serve ill log cpmpleto di Rogue killler senza che cancelli nessuna voce
 
Ho fatto salva in formato txt. Dimmi se ti serve altro perché al momento non vedo altre voci da riportare!

@menatwork
 

Allegati

  • rk.txt
    rk.txt
    2.4 KB · Visualizzazioni: 110
Ultima modifica:
non hai usato bene il programmino per pulire il file hosts, prova cosi'



scarica questo file zip
disconnetti il pc, estrai sul desktop dal file zip solo il file Hosts, selezionalo, tasto destro del mouse, copia, poi apri la cartella C:\Windows\System32\drivers\etc\ in un punto libero fai incolla, accetta la sostituzione del file hosts esistente, potrebbe darti errori non preoccuparti, riavvia il pc.

una volta finito scarica hijacktis da qui
scompattalo in una cartella(ad es. documenti) avvialo e seleziona la voce" do a system scan and save a logfile". allega il log creato al prossimo post seguendo le regole
 
Ok, fatto tutto. Quando ho lanciato Hijacktis è comparso un messaggio relativo al file Hosts. Io ho chiuso semplicemente la finistra. Ecco qui il log (lo copio perché non mi fa piazzare l'allegato).

C'è per caso una fascia oraria in cui di solito sei online?

@menatwork

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:16:45, on 07/11/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 49.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Admin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost #[IPv6]
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=av
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgwdsvcx.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4732 bytes
 
Ultima modifica:
apri nuovamente hijackthis e clicca su Open the Misc Tools section e poi su “Misc Tools”

ora nella finestra che si apre clicca Open hosts file manager

vai in basso dove trovi ''open in notepad''

si aprira' un file di testo, allegalo come gli altri

fatto questo scarica l'allegato sul desktop dove deve trovarsi anche il programma FRST, avvialo e clicca una sola volta fix, al termine allega il file fixlog.txt e dimmi se il problema e' risolto
 

Allegati

Pubblicità
Pubblicità
Indietro
Top