|
|
|
|
Strumenti |
27-09-2017, 09:31 | #1 |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
Pc probabilmente infetto, mi date una mano?
Buongiorno a tutti.
Scrivo qui perchè ho il serio dubbio che il mio pc sia infetto. Per prima cosa vi spiego il problema: ieri pomeriggio, da un certo momento in poi, ho iniziato ad avere problemi durante la navigazione. Praticamente quando cerco di andare sulla home di google, o su gmail, mi viene riportato l'errore che potete vedere in allegato. Ma questo accade anche su altri siti, magari non all'apertura ma durante la navigazione. Se ci fate caso quel "here" è evidenziato e bisogna cliccarci per arrivare alla pagina richiesta. A me questa cosa sembra poco normale, per questo chiedo a voi se si tratta di virus o altro. Ho provveduto a fare una scansione con MalwareBytes e ad eliminare ciò che ha trovato. Ho anche fatto una scansione con windows defender e applicato le azioni richieste, anche se non del tutto perchè ad un certo punto ci metteva troppo per completare l'operazione e ho chiuso. Mi sapete dare qualche consiglio? Vi ringrazio in anticipo http://it.tinypic.com/view.php?pic=14u8kdk&s=9 http://it.tinypic.com/view.php?pic=107tklk&s=9 |
27-09-2017, 10:55 | #2 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ciao
esegui i software sotto in sequenza come postati ; Malwarebyte antimalware se lo hai eseguito posta il log generato Se no rieseguilo... Poi scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/ tasto dx sopra eseguibile avvia comeamministratore e fai la scansione elimina quello che trova e posta il log poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/dow...-removal-tool/ disattiva antivirus metti l eseguibile sul desktop tasto dx sopra ed apri come amministratore dai invio quando richiesto attendi la fine della scansione riattiva antivirus posta il log scaturito(lotrovi sul desktop) Infine scarica frst da qui https://www.bleepingcomputer.com/dow...ery-scan-tool/ scarica la versione adatta al tuo sistema operativo 32 o 64 bit posiziona l eseguibile sul desktop tasto dx sopra eseguibile--apri come amministratore una volta aperto clicca su scan postare log frst.txt e addition.txt Non preoccuparti le scansioni sono quasi tutte relativamente veloci... |
27-09-2017, 11:28 | #3 | |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
Quote:
Edit: Ti posto i log, anche se quello di JRT me l'aveva dato vuoto la prima volta, non so perchè, quindi quello che allego non ha trovato nulla MALWAREBYTES (Ti posto quello della prima scansione, perchè quello di oggi è pulito.) Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 26/09/17 Ora scansione: 15:06 File di log: 846c0626-a2bb-11e7-84ef-00ffe59e53ed.json Amministratore: Sì -Informazioni software- Versione: 3.2.2.2018 Versione componenti: 1.0.188 Aggiorna versione pacchetto: 1.0.2890 Licenza: Free -Informazioni sistema- SO: Windows 8.1 CPU: x64 File system: NTFS Utente: Famiglia\Family -Riepilogo scansione- Tipo di scansione: Ricerca elementi nocivi Risultati: Completata Elementi analizzati: 355430 Minacce rilevate: 20 Minacce messe in quarantena: 20 Tempo impiegato: 16 min, 44 sec -Opzioni di scansione- Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Disattivata Analisi euristica: Attivata PUP: Rilevare PUM: Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 1 Spyware.Agent.E, HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Traveller, In quarantena, [306], [433872],1.0.2890 Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 19 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage, In quarantena, [259], [240305],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage-journal, In quarantena, [259], [240305],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, In quarantena, [259], [240305],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, In quarantena, [259], [240305],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage, In quarantena, [259], [240306],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage-journal, In quarantena, [259], [240306],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, In quarantena, [259], [240306],1.0.2890 PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, In quarantena, [259], [240306],1.0.2890 Spyware.Agent.E, C:\USERS\FAMILY\APPDATA\ROAMING\JATY\WEBHELPER.EXE, In quarantena, [306], [433872],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG209.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG75.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG731.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG156.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG747.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG521.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG484.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG930.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG264.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG801.TMP, Elimina al riavvio, [8722], [438295],1.0.2890 Settore fisico: 0 (Nessun elemento nocivo rilevato) (end) ADWCLEANER # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 27 10:40:24 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 8.1 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil Deleted: C:\Users\Family\AppData\Local\YSearchUtil Deleted: C:\Users\Family\AppData\Roaming\acestream Deleted: C:\Users\Family\AppData\LocalLow\.acestream Deleted: C:\Users\Family\AppData\Roaming\.acestream Deleted: C:\_acestream_cache_ ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F53E9D08-7347-4EF5-A427-07667A7BA565}C:\users\family\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AFE20F55-DB1C-4D8C-9271-8E6D51D1D457}C:\users\family\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{846BFC5C-C5E5-47C0-8092-8D3DE265C893} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B0AD5503-7BFD-4E4A-985E-C2922D19C1DF} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8598DF96-10B0-4C5E-8C1E-D57DE72E5080}C:\users\family\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5DD30286-5699-4DE1-ABE6-11C8351410DB}C:\users\family\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C Deleted: [Value] - HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceUpdater Deleted: [Value] - HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceWebException Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Amazon Assistant for Chrome - SearchProvider deleted: Ask - ask.com SearchProvider deleted: Ask Search - websearch.ask.com SearchProvider deleted: Nova-IT Customized Web Search - search.conduit.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4445 B] - [2017/9/27 10:33:29] JRT (Penso inutile dato che è vuoto ) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 8.1 Pro x64 Ran by Family (Administrator) on 27/09/2017 at 12:56:07,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27/09/2017 at 12:57:20,75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 Ran by Family (administrator) on FAMIGLIA (27-09-2017 13:02:05) Running from C:\Users\Family\Desktop Loaded Profiles: Family (Available Profiles: Family) Platform: Windows 8.1 Pro (Update) (X64) Language: Italiano (Italia) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (CyberGhost S.R.L) C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Dashlane] => C:\Users\Family\AppData\Roaming\Dashlane\Dashlane.exe [505808 2017-07-13] (Dashlane, Inc.) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [DashlanePlugin] => C:\Users\Family\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-07-13] (Dashlane, Inc.) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [MiPhoneManager] => C:\Users\Family\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [449464 2017-08-27] () HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Spotify Web Helper] => C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Spotify] => C:\Users\Family\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516aa9-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516d00-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1a9ed080-03fd-11e7-8325-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {46e8ebd3-faab-11e6-8324-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {4d386012-4f48-11e6-82d3-001583c4341c} - "J:\autorun.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b51a-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b555-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297c78-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297d18-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {749f6e3f-7c16-11e7-8338-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {8d86910c-b87a-11e6-830d-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-09-04] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Family\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-02-12] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - .lnk [2017-05-15] ShortcutTarget: Monitora avvisi inchiostro - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3050A J611 series (Rete).lnk [2017-09-27] ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3050A J611 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled. Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{78FEF290-ABC0-490E-8B74-9BF41DD0BF16}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{78FEF290-ABC0-490E-8B74-9BF41DD0BF16}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> {7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation) Toolbar: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-06-13] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: miki.bi32@gmail.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-13] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-06-13] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.it/ CHR StartupUrls: Default -> "hxxp://www.google.it/" CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default [2017-09-27] CHR Extension: (Google Traduttore) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-17] CHR Extension: (Presentazioni Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02] CHR Extension: (Documenti Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02] CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Turn Off the Lights) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-09-18] CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26] CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Tampermonkey) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-07] CHR Extension: (Fogli Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02] CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18] CHR Extension: (Google Documenti offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-21] CHR Extension: (ClixAddon) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2017-09-16] CHR Extension: (ModHeader) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2017-09-15] CHR Extension: (Estensione Google Keep per Chrome) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-06-12] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-07-06] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02] CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26] CHR HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] () R2 CG6Service; C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc) [File not signed] S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.) [File not signed] S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.) [File not signed] S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-27] (Malwarebytes) R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-01-20] (NVIDIA Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC) R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-16] (BigNox Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2016-12-16] (BigNox Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-27 13:02 - 2017-09-27 13:04 - 000021041 _____ C:\Users\Family\Desktop\FRST.txt 2017-09-27 13:01 - 2017-09-27 13:02 - 000000000 ____D C:\FRST 2017-09-27 13:00 - 2017-09-27 13:01 - 002399744 _____ (Farbar) C:\Users\Family\Desktop\FRST64.exe 2017-09-27 12:57 - 2017-09-27 12:57 - 000000548 _____ C:\Users\Family\Desktop\JRT.txt 2017-09-27 12:46 - 2017-09-27 12:46 - 001790024 _____ (Malwarebytes) C:\Users\Family\Desktop\JRT.exe 2017-09-27 12:44 - 2017-09-27 12:44 - 000004081 _____ C:\Users\Family\Desktop\AdwCleaner[C0]2.txt 2017-09-27 12:36 - 2017-09-27 12:36 - 000004445 _____ C:\Users\Family\Desktop\AdwCleaner[S0].txt 2017-09-27 12:31 - 2017-09-27 12:33 - 000000000 ____D C:\AdwCleaner 2017-09-27 12:30 - 2017-09-27 12:31 - 008182736 _____ (Malwarebytes) C:\Users\Family\Desktop\AdwCleaner.exe 2017-09-27 12:27 - 2017-09-27 12:27 - 000004378 _____ C:\Users\Family\Desktop\Malwarebytes 2.txt 2017-09-27 12:24 - 2017-09-27 12:24 - 000001412 _____ C:\Users\Family\Desktop\Malwarebytes.txt 2017-09-27 11:08 - 2017-09-27 11:14 - 3166198758 _____ C:\Users\Family\Desktop\Metodi By Wrongol.rar 2017-09-26 14:26 - 2017-09-26 14:26 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll 2017-09-26 14:26 - 2017-09-26 14:26 - 000018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll 2017-09-26 14:23 - 2017-09-26 14:23 - 000000000 ___HD C:\Users\Family\AppData\Roaming\ScreenShot 2017-09-26 13:40 - 2017-09-26 16:07 - 000000000 ____D C:\Users\Family\AppData\Roaming\Jaty 2017-09-26 11:00 - 2017-09-26 11:00 - 000002050 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk 2017-09-26 10:59 - 2017-09-27 11:50 - 000000000 ____D C:\Users\Family\AppData\Local\CyberGhost 2017-09-26 10:21 - 2017-09-26 10:21 - 000000000 ____D C:\Program Files\TAP-Windows 2017-09-26 10:18 - 2017-09-26 10:24 - 000000000 ____D C:\Program Files (x86)\CyberGhost 2017-09-26 10:18 - 2017-09-26 10:18 - 000001043 _____ C:\Users\Public\Desktop\CyberGhost.lnk 2017-09-26 10:18 - 2017-09-26 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2017-09-26 10:07 - 2017-09-26 10:08 - 015882333 _____ (CyberGhost Windows Client ) C:\Users\Family\Downloads\CyberGhost VPN 6.0.2.exe 2017-09-26 10:05 - 2017-09-26 10:05 - 000272597 _____ C:\Users\Family\Downloads\Proxy Shark 2016 v1.6 (Vip Pro Edition).rar 2017-09-24 20:07 - 2017-09-24 20:07 - 000000000 ___RD C:\Sandbox 2017-09-24 20:05 - 2017-09-25 21:35 - 000001636 _____ C:\Windows\Sandboxie.ini 2017-09-24 20:05 - 2017-09-24 20:04 - 000000918 _____ C:\Users\Family\Desktop\Browser Web nell'area virtuale.lnk 2017-09-24 20:04 - 2017-09-24 20:04 - 008981640 _____ (Sandboxie Holdings, LLC) C:\Users\Family\Downloads\SandboxieInstall.exe 2017-09-24 20:04 - 2017-09-24 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2017-09-24 20:04 - 2017-09-24 20:04 - 000000000 ____D C:\Program Files\Sandboxie 2017-09-17 11:02 - 2017-09-17 11:47 - 000000000 ____D C:\Users\Family\Desktop\TFA KWUAIT 2016 2017-09-16 09:24 - 2017-09-16 10:29 - 2156519026 ____R C:\Users\Family\Downloads\Transformers.L.Ultimo.Cavaliere.2017.iTALiAN.LD.WEBDL.XviD-CriMiNaL.avi 2017-09-15 17:56 - 2017-09-15 17:56 - 000066786 _____ C:\Users\Family\Downloads\contratto.pdf 2017-09-15 11:04 - 2017-09-15 11:33 - 1697259220 ____R C:\Users\Family\Downloads\Baywatch.2017.iTALiAN.EXTENDED.BDRip.XviD-DDNCREW.avi 2017-09-14 21:49 - 2017-09-26 10:17 - 000000000 ____D C:\Users\Family\Downloads\Baywatch.EXTENDED.2017.iTALiAN.BDRip.XviD-CYBER 2017-09-14 14:17 - 2017-09-14 14:23 - 000001274 _____ C:\Users\Family\Desktop\nativelog.txt 2017-09-14 13:24 - 2017-09-14 13:26 - 000000000 ____D C:\Program Files (x86)\Minecraft 2017-09-14 13:24 - 2017-09-14 13:24 - 000000973 _____ C:\Users\Public\Desktop\Minecraft.lnk 2017-09-14 13:24 - 2017-09-14 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-09-14 11:15 - 2017-09-14 11:18 - 000000000 ____D C:\Users\Family\AppData\Local\Spotify 2017-09-14 11:15 - 2017-09-14 11:15 - 000001856 _____ C:\Users\Family\Desktop\Spotify.lnk 2017-09-14 11:15 - 2017-09-14 11:15 - 000001842 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2017-09-14 11:14 - 2017-09-20 13:53 - 000000000 ____D C:\Users\Family\AppData\Roaming\Spotify 2017-09-13 11:08 - 2017-08-18 00:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-09-13 11:08 - 2017-08-18 00:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-09-13 11:08 - 2017-08-18 00:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-09-13 11:08 - 2017-08-18 00:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-09-13 11:08 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-09-13 11:08 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-09-13 11:08 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-09-13 11:08 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-09-13 11:08 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-09-13 11:08 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-09-13 11:08 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-09-13 11:08 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-09-13 11:08 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-09-13 11:08 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-09-13 11:08 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-09-13 11:08 - 2017-08-13 18:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2017-09-13 11:08 - 2017-08-13 18:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-09-13 11:08 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-09-13 11:08 - 2017-08-13 17:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2017-09-13 11:08 - 2017-08-13 17:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-09-13 11:08 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-09-13 11:08 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-09-13 11:08 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-09-13 11:08 - 2017-08-13 17:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-09-13 11:08 - 2017-08-13 17:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-09-13 11:08 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-09-13 11:08 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-09-13 11:08 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-09-13 11:08 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-09-13 11:08 - 2017-08-12 11:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-09-13 11:08 - 2017-08-12 11:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-09-13 11:08 - 2017-08-12 01:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-09-13 11:08 - 2017-08-12 01:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-09-13 11:08 - 2017-08-12 01:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-09-13 11:08 - 2017-08-11 05:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-09-13 11:08 - 2017-08-11 03:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-09-13 11:08 - 2017-08-06 23:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2017-09-13 11:08 - 2017-08-06 09:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2017-09-13 11:08 - 2017-07-21 15:40 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll 2017-09-13 11:08 - 2017-07-21 15:40 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2017-09-13 11:08 - 2017-07-14 22:08 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2017-09-13 11:08 - 2017-07-14 20:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2017-09-13 11:08 - 2017-07-08 20:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-09-13 11:08 - 2017-07-08 19:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-09-13 11:08 - 2017-07-08 19:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-09-13 11:08 - 2017-07-08 05:16 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2017-09-13 11:08 - 2017-07-01 15:47 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2017-09-13 11:08 - 2017-07-01 15:47 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2017-09-13 11:08 - 2017-07-01 15:47 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2017-09-13 11:08 - 2017-07-01 15:47 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2017-09-13 11:08 - 2017-07-01 15:47 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-09-13 11:08 - 2017-06-13 19:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-09-13 11:08 - 2017-06-13 16:17 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2017-09-13 11:08 - 2017-06-13 16:16 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2017-09-13 11:08 - 2017-06-12 02:14 - 000276320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2017-09-13 11:08 - 2017-06-08 03:48 - 002457936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-09-13 11:07 - 2017-08-19 19:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2017-09-13 11:07 - 2017-08-19 18:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2017-09-13 11:07 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-09-13 11:07 - 2017-08-15 16:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2017-09-13 11:07 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-09-13 11:07 - 2017-08-13 19:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2017-09-13 11:07 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-09-13 11:07 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-09-13 11:07 - 2017-08-13 18:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2017-09-13 11:07 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-09-13 11:07 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-09-13 11:07 - 2017-08-13 18:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-09-13 11:07 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-09-13 11:07 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-09-13 11:07 - 2017-08-13 17:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll 2017-09-13 11:07 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-09-13 11:07 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-09-13 11:07 - 2017-08-13 17:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-09-13 11:07 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-09-13 11:07 - 2017-08-12 02:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-09-13 11:07 - 2017-08-11 22:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll 2017-09-13 11:07 - 2017-08-11 22:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll 2017-09-13 11:07 - 2017-08-11 22:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-09-13 11:07 - 2017-08-11 05:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2017-09-13 11:07 - 2017-08-11 05:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-09-13 11:07 - 2017-08-11 05:27 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys 2017-09-13 11:07 - 2017-08-11 04:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-09-13 11:07 - 2017-08-11 04:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-09-13 11:07 - 2017-08-11 04:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2017-09-13 11:07 - 2017-08-11 04:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-09-13 11:07 - 2017-08-11 03:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-09-13 11:07 - 2017-08-11 03:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2017-09-13 11:07 - 2017-08-11 03:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-09-13 11:07 - 2017-08-11 03:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2017-09-13 11:07 - 2017-08-02 05:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-09-13 11:07 - 2017-07-22 20:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll 2017-09-13 11:07 - 2017-07-22 19:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll 2017-09-13 11:07 - 2017-07-17 21:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-09-13 11:07 - 2017-07-17 01:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-09-13 11:07 - 2017-07-14 01:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-09-13 11:07 - 2017-07-12 22:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2017-09-13 11:07 - 2017-07-12 22:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-09-13 11:07 - 2017-07-12 22:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll 2017-09-13 11:07 - 2017-07-12 22:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-09-13 11:07 - 2017-07-08 22:14 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2017-09-13 11:07 - 2017-07-08 21:10 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys 2017-09-13 11:07 - 2017-07-08 21:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-09-13 11:07 - 2017-07-08 20:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-09-13 11:07 - 2017-07-08 20:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-09-13 11:07 - 2017-07-08 19:29 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\vid.dll 2017-09-13 11:07 - 2017-07-08 19:05 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-09-13 11:07 - 2017-07-08 18:23 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-09-13 11:07 - 2017-07-08 05:46 - 000377688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2017-09-13 11:07 - 2017-07-08 05:16 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-09-13 11:07 - 2017-07-08 05:16 - 001534072 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2017-09-13 11:07 - 2017-07-08 05:16 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-09-13 11:07 - 2017-07-08 05:16 - 001370328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2017-09-13 11:07 - 2017-07-08 05:14 - 000100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2017-09-13 11:07 - 2017-07-01 15:47 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2017-09-13 11:07 - 2017-07-01 15:47 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2017-09-13 11:07 - 2017-06-24 18:46 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2017-09-13 11:07 - 2017-06-24 18:16 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll 2017-09-13 11:07 - 2017-06-15 16:17 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-09-13 11:07 - 2017-06-15 16:16 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-09-13 11:07 - 2017-06-15 16:14 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2017-09-13 11:07 - 2017-06-15 16:14 - 000580608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll 2017-09-13 11:07 - 2017-06-13 19:19 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2017-09-13 11:07 - 2017-06-13 19:16 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll 2017-09-13 11:07 - 2017-06-13 19:11 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2017-09-13 11:07 - 2017-06-13 19:07 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2017-09-13 11:07 - 2017-06-13 11:47 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-09-13 11:07 - 2017-06-13 10:16 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-09-13 11:07 - 2017-06-13 10:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll 2017-09-13 11:07 - 2017-06-13 10:07 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2017-09-13 11:07 - 2017-06-13 10:03 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2017-09-13 11:07 - 2017-06-13 09:54 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2017-09-13 11:07 - 2017-06-13 09:50 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2017-09-13 11:07 - 2017-06-11 22:13 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll 2017-09-13 11:07 - 2017-06-11 22:11 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2017-09-13 11:07 - 2017-06-11 22:02 - 002778112 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2017-09-13 11:07 - 2017-06-11 22:02 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2017-09-13 11:07 - 2017-06-11 21:52 - 002463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2017-09-13 11:07 - 2017-06-09 15:47 - 000448629 _____ C:\Windows\system32\ApnDatabase.xml 2017-09-13 11:07 - 2017-06-07 06:25 - 000428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-09-13 11:07 - 2017-05-27 18:42 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2017-09-13 11:07 - 2017-05-27 18:38 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll 2017-09-12 11:31 - 2017-09-12 13:53 - 000000000 ____D C:\Users\Family\Documents\Stronghold 2017-09-12 11:29 - 2017-09-12 11:29 - 000001248 _____ C:\Users\Public\Desktop\Stronghold HD.lnk 2017-09-12 11:29 - 2017-09-12 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios 2017-09-12 11:26 - 2017-09-12 11:26 - 000000000 ____D C:\Program Files (x86)\Firefly Studios 2017-09-12 10:21 - 2017-09-15 11:04 - 1997252524 ____R C:\Users\Family\Downloads\Wonder.Woman.2017.iTALiAN.BDRip.XviD-CYBER.avi 2017-09-12 10:21 - 2017-09-12 10:22 - 000000000 ____D C:\Users\Family\Downloads\Wonder Woman (2017).720p.H264.ita.eng.sub.ita.NUita.Eng.iCV-MIRCrew 2017-09-10 20:01 - 2017-09-10 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi 2017-09-10 20:00 - 2017-09-10 20:01 - 000000000 ____D C:\Program Files (x86)\Kodi 2017-09-10 17:57 - 2017-09-12 11:08 - 000000000 ____D C:\Users\Family\Downloads\Stronghold.HD.MULTi8-PROPHET 2017-09-10 17:32 - 2017-09-10 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-09-09 13:26 - 2017-09-24 18:41 - 000000000 ____D C:\Users\Family\Downloads\Telegram Desktop 2017-09-09 13:19 - 2017-09-10 17:56 - 000000000 ____D C:\Users\Family\Downloads\Stronghold HD [English][PC][TiNYiSO][WwW.GamesTorrents.CoM] 2017-09-09 12:25 - 2017-09-09 12:30 - 000000000 ____D C:\Users\Family\Downloads\4x06-10 2017-09-09 10:29 - 2017-09-09 13:36 - 000000000 ____D C:\Users\Family\Downloads\Codice Unlocked Londra sotto attacco (2017).Ita.Eng.sub.ita.eng-iCV-MIRCrew 2017-09-04 17:19 - 2017-09-04 17:19 - 000002241 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\FantaBook.lnk 2017-09-04 17:19 - 2017-09-04 17:19 - 000002217 _____ C:\Users\Family\Desktop\FantaBook.lnk 2017-09-04 17:18 - 2017-09-04 17:18 - 000001213 _____ C:\Users\Family\Desktop\Facebook Gameroom.lnk 2017-09-04 17:18 - 2017-09-04 17:18 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook 2017-09-04 17:18 - 2017-09-04 17:18 - 000000000 ____D C:\Users\Family\AppData\Local\Facebook 2017-09-02 11:27 - 2017-09-27 12:42 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-02 11:27 - 2017-09-09 11:07 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-02 11:27 - 2017-09-07 11:52 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-02 11:27 - 2017-09-02 12:25 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-02 11:27 - 2017-09-02 12:25 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-02 11:27 - 2017-09-02 11:27 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\Program Files\Malwarebytes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-27 12:56 - 2015-05-02 10:59 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-27 12:44 - 2015-06-02 15:37 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS 2017-09-27 12:41 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-27 11:06 - 2017-01-14 11:30 - 000000000 ____D C:\Users\Family\AppData\Roaming\Telegram Desktop 2017-09-27 10:52 - 2016-12-16 11:44 - 000000000 ____D C:\Users\Family\.BigNox 2017-09-27 10:52 - 2016-07-20 23:38 - 000000000 ____D C:\Users\Family\vmlogs 2017-09-27 10:52 - 2016-07-20 21:41 - 000000000 ____D C:\Users\Family\AppData\Local\Nox 2017-09-27 10:52 - 2016-03-13 21:16 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps 2017-09-27 10:52 - 2015-05-13 11:23 - 000000000 ____D C:\Users\Family\.android 2017-09-27 10:46 - 2017-02-12 13:42 - 000000000 ___RD C:\Users\Family\Documents\MEGA 2017-09-27 10:27 - 2015-05-10 12:19 - 002395648 ___SH C:\Users\Family\Desktop\Thumbs.db 2017-09-27 10:16 - 2015-05-02 10:54 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D549027-8071-415A-B6CA-4004F85E0170} 2017-09-26 20:46 - 2015-05-02 10:49 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-765619463-2455679133-4176694875-1001 2017-09-26 14:33 - 2014-11-21 04:26 - 000803220 _____ C:\Windows\system32\perfh010.dat 2017-09-26 14:33 - 2014-11-21 04:26 - 000156820 _____ C:\Windows\system32\perfc010.dat 2017-09-26 14:29 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2017-09-26 14:27 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2017-09-26 14:01 - 2017-02-15 14:08 - 000000000 ____D C:\Users\Family\AppData\Roaming\Kodi 2017-09-26 13:59 - 2013-08-22 16:44 - 000488016 _____ C:\Windows\system32\FNTCACHE.DAT 2017-09-26 13:56 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-09-26 13:54 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData 2017-09-26 13:47 - 2015-06-02 17:03 - 000000000 ____D C:\Windows\system32\MRT 2017-09-26 13:45 - 2015-06-02 17:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-09-26 09:52 - 2015-05-02 11:11 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-25 10:40 - 2017-06-12 10:37 - 000003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFamily 2017-09-25 10:40 - 2017-06-12 10:37 - 000000354 _____ C:\Windows\Tasks\HPCeeScheduleForFamily.job 2017-09-24 19:18 - 2017-06-09 11:59 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-22 11:13 - 2015-05-02 10:44 - 000000000 ____D C:\Users\Family\AppData\Local\Packages 2017-09-22 10:05 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness 2017-09-22 10:04 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-20 20:46 - 2015-08-20 17:36 - 000000000 ____D C:\Users\Family\AppData\Roaming\Dashlane 2017-09-20 19:39 - 2016-11-08 13:09 - 000000426 ____H C:\Users\Family\.swfinfo 2017-09-17 11:37 - 2017-05-13 17:51 - 000000000 ____D C:\Users\Family\Desktop\DOC PER PAOLO 2017-09-17 11:36 - 2015-06-09 16:55 - 000000000 ____D C:\Users\Family\Desktop\Songr 2017-09-17 11:13 - 2017-07-23 16:55 - 000000000 ____D C:\Users\Family\Desktop\Foto Famiglia 2017-09-17 10:57 - 2017-04-15 12:16 - 000000000 ____D C:\Users\Family\Desktop\DOCUMENTI 2017-09-16 13:57 - 2015-05-03 10:40 - 000000000 ____D C:\Users\Family\AppData\Roaming\uTorrent 2017-09-16 13:31 - 2015-08-21 10:59 - 000000000 ____D C:\Users\Family\Desktop\Film 2017-09-14 18:45 - 2017-02-13 14:16 - 000000000 ____D C:\Users\Family\AppData\Roaming\Tunngle 2017-09-14 18:09 - 2017-07-18 13:02 - 000000000 ____D C:\ProgramData\Tunngle 2017-09-14 14:22 - 2015-05-02 12:39 - 000000000 ____D C:\Users\Family\AppData\Roaming\.minecraft 2017-09-13 14:27 - 2015-08-20 18:11 - 000001960 _____ C:\Users\Family\Desktop\Dashlane.lnk 2017-09-13 14:27 - 2015-08-20 18:10 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane 2017-09-12 11:19 - 2017-08-08 17:37 - 000000000 ____D C:\Users\Family\AppData\Local\ElevatedDiagnostics 2017-09-10 18:48 - 2016-06-18 12:59 - 000256000 ___SH C:\Users\Family\Documents\Thumbs.db 2017-09-10 17:32 - 2017-07-17 18:08 - 000000000 ____D C:\GOG Games 2017-09-10 12:47 - 2017-02-17 14:27 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-09-10 12:47 - 2017-02-17 14:27 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-09-09 18:01 - 2017-06-30 18:25 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk 2017-09-09 18:01 - 2016-06-23 20:27 - 000003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1466706460 2017-09-09 18:01 - 2016-06-23 20:26 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-06 13:44 - 2015-05-02 10:44 - 000000000 ____D C:\Users\Family 2017-09-02 18:24 - 2017-07-05 13:42 - 000000000 ____D C:\Users\Family\Desktop\ClickersMulticlicker 2017-09-02 12:13 - 2016-04-20 11:31 - 000000000 ____D C:\Program Files (x86)\Amazon 2017-09-02 11:24 - 2017-02-17 18:48 - 000000000 ____D C:\Users\Family\Heaven 2017-09-02 01:54 - 2015-07-07 14:20 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-02 01:54 - 2015-07-07 14:20 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-29 11:10 - 2015-05-02 16:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2017-02-17 18:48 - 2017-02-18 12:03 - 001307648 _____ () C:\Users\Family\AppData\Local\file__0.localstorage 2017-09-27 10:52 - 2017-09-27 10:52 - 000000831 _____ () C:\Users\Family\AppData\Local\Nox_crash.log 2015-11-05 18:17 - 2017-01-03 18:26 - 000007598 _____ () C:\Users\Family\AppData\Local\Resmon.ResmonCfg 2016-01-30 17:17 - 2016-01-30 17:17 - 000000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== 2017-09-22 16:59 - 2014-11-21 05:49 - 001040384 _____ (Microsoft Corporation) C:\Users\Family\AppData\Local\Temp\kernel32.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-26 10:49 ==================== End of FRST.txt ============================ ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 Ran by Family (27-09-2017 13:05:47) Running from C:\Users\Family\Desktop Windows 8.1 Pro (Update) (X64) (2015-05-02 08:44:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-765619463-2455679133-4176694875-500 - Administrator - Disabled) Family (S-1-5-21-765619463-2455679133-4176694875-1001 - Administrator - Enabled) => C:\Users\Family Guest (S-1-5-21-765619463-2455679133-4176694875-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-765619463-2455679133-4176694875-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) 3DMark (HKLM\...\{F611E93B-8EC1-4662-BDFF-6909DB820862}) (Version: 2.2.3509.0 - Futuremark) Hidden 3DMark (HKLM-x32\...\{4bf26510-8c4e-447c-b819-2967aeca2839}) (Version: 2.2.3509.0 - Futuremark) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated) Aggiornamenti NVIDIA 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation) Hidden Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform) Championify versione 1.2.7 (HKLM-x32\...\{1AE5DA33-DB00-453C-9190-FB14C0BBDBE7}_is1) (Version: 1.2.7 - Dustin Blackman) CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberGhost version 6.0.2.1985 (HKLM-x32\...\CyberGhost_is1) (Version: 6.0.2.1985 - CyberGhost Windows Client) Dashlane (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Dashlane) (Version: 4.8.3.33472 - Dashlane, Inc.) Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HP Deskjet 3050A J611 series ? (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Deskjet 3050A J611 series Software di base dispositivo (HKLM\...\{A9CD1B52-1548-4A2B-88E9-5BEFEFE74665}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Studio per il miglioramento dei prodotti HP (HKLM\...\{20A6F401-C36E-46CE-8EC5-FAD601F622E0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{1DAF8EEB-5935-437D-ABC1-80897D352FA7}) (Version: 12.7.27.15 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden HWiNFO64 Version 5.44 (HKLM\...\HWiNFO64_is1) (Version: 5.44 - Martin Malík - REALiX) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) Kodi (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Kodi) (Version: - XBMC-Foundation) League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics) Malwarebytes versione 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) MEmu (HKLM-x32\...\MEmu) (Version: 2.9.1.1 - Microvirt) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.6.1 - Duodian Technology Co. Ltd.) NVIDIA Driver 3D Vision 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation) NVIDIA Driver audio HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA Driver del controller 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA Driver grafico 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation) NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Opera Stable 47.0.2631.80 (HKLM-x32\...\Opera 47.0.2631.80) (Version: 47.0.2631.80 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pannello di controllo NVIDIA 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 384.94 - NVIDIA Corporation) Hidden PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden Songr (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Songr) (Version: 2.1 - Xamasoft) SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com) Spotify (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com) Stronghold HD (HKLM-x32\...\Stronghold HD_is1) (Version: - ) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamSpeak 3 Client (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Telegram Desktop version 1.1.23 (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP) Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version: - ) Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH) Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft) VIA Manager Piattaforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) 小米助手 (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MiPhoneManager) (Version: - 小米移动软件有限公司) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] () ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-03-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06A11862-9C1E-4EE7-8A01-2FA55D0012F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.) Task: {0DAA5557-0F6B-45D9-B413-8124D542EA8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {16F9C27A-D78F-4233-9B5B-6E43AB1CD78F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {1AD3E82E-6529-4C9C-8D58-8C94F6BC4D35} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {20A2D439-92BC-4AFD-9F4B-690CE3B51CE7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {2585DC24-F604-4718-BF53-45EB8B259F91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {2CAD8658-B244-41EF-8B1A-6B135B32F187} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {2D01D8C7-8C51-45D8-B3C9-CA26A1132D8B} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {2FE317A4-01F1-4E4F-8039-3DDD613CA3AB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.) Task: {30916A8B-328B-4B40-B742-EE92B4E88E01} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG) Task: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {3C9BD689-837C-4B4F-8F77-FDEB044B8715} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {40B62F76-D341-46AB-8FB1-AE289CDB0342} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {44EDE845-8969-4722-A52B-0A583DCC8D65} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {4A245252-C77B-46AF-A5B0-79CD6E34FA00} - System32\Tasks\Opera scheduled Autoupdate 1466706460 => C:\Program Files (x86)\Opera\launcher.exe [2017-09-06] (Opera Software) Task: {4A9E3B89-0743-4BF4-84E0-8A1035844C80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {4CDC2FC1-15D6-462D-95DF-E80DFCEB1BDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {54C519EE-67DD-4A04-9183-A6370F377E51} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation) Task: {5902FF1E-ABB9-44C6-9CB4-62AF149C172C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {68EF2CA4-3A4B-4E31-81FA-F8144564DB37} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation) Task: {70FB6E0F-B3A3-4611-9E5C-88061F4FB14C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {7215C26E-DC37-46D0-B0DC-A337A791BDE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {7C96C114-3F45-4DEB-95A9-04AA210133D7} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {85F5334D-B7AD-4A3F-8B94-8375EB8C6C81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.) Task: {8938A08E-093D-45F3-969E-3DD22D919C94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-02] () Task: {8DE49A4D-163F-4A96-BF9E-BFF7DBEF72AF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {8EAF128A-772A-426C-8551-89D332F785CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.) Task: {A5882EA7-EFC3-4A93-87D0-F1C1585DFCE5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {B4381149-09F8-4DEC-9BD3-572D4F7F972D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation) Task: {D06659A6-BA65-4DDD-BE2B-80642196B2AF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {D2EB7302-743B-4BE7-A2E4-3003CCB15C58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd) Task: {D67651BE-1427-4FBC-B48C-CE5630BA917A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation) Task: {E67AA67A-1CED-4930-B778-9BAC6EF593A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk -> C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt () <==== Cyrillic Shortcut: C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File) ShortcutWithArgument: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ==================== Loaded Modules (Whitelisted) ============== 2016-11-25 08:16 - 2016-11-25 08:16 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2016-10-31 21:45 - 2017-06-23 10:41 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2017-06-18 23:44 - 2017-06-18 23:44 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2017-02-15 18:10 - 2017-06-21 09:07 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-26 09:52 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-26 09:52 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll 2017-02-15 18:10 - 2017-06-21 09:07 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\amazon.it -> hxxps://amazon.it ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-06-11 17:34 - 000000822 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdPlusAndroidSvc => 3 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "MK LOL" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "DashlanePlugin" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "MiPhoneManager" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FB7B0037-E65C-4441-B2CB-5277EC1A2224}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DD91BEB2-BE11-475A-A4F7-06F49FCD51C9}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{31E2FE81-BC16-4F38-B416-73E3AA7A7E72}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AFE6FFE3-E6BC-48F1-91E6-862AF9D8AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{61983152-C112-48A8-BC64-78CC9835E628}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{081F375C-2F63-4003-AF44-1E988274A7A1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{204D6D94-C34F-40AD-9A4F-49DE379606AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{7D5212B0-8BD9-429E-AFD4-EB391A09E5C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{18522D4F-5AB1-493B-9412-F25102B1FB81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5C799020-B063-48C4-ACD7-3B8350E76023}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{4F1B0EB0-6B36-48C1-8E0C-9FE541846099}C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [UDP Query User{B817C0B5-CECF-450D-9249-9CEF96F21E08}C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [{4D782D10-C717-4E7A-8223-B6E0160134A4}] => (Block) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [{2AA8443B-62EF-44FA-8DEF-279B938399F4}] => (Block) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [TCP Query User{804C5800-6594-4F61-B94D-9FC9CA79374B}C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe] => (Allow) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe FirewallRules: [UDP Query User{9D8EC560-4756-4E4E-8823-EF1D841F73DE}C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe] => (Allow) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe FirewallRules: [{D12C6AAA-1730-4C01-8986-9F609B5098F6}] => (Block) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe FirewallRules: [{69B3839C-05F4-4E84-86B5-D4D99024FA27}] => (Block) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe FirewallRules: [{CDFA3205-B86D-485D-AD5C-FFD7660F57EC}] => (Allow) LPort=80 FirewallRules: [{731DAE6E-FA18-44DB-82CE-32555ED28BDF}] => (Allow) LPort=443 FirewallRules: [{980334CF-942F-4CE7-9CDF-4E29A33BE9FA}] => (Allow) LPort=20010 FirewallRules: [{0DBF7E89-A835-440E-882D-B0EC32420630}] => (Allow) LPort=3478 FirewallRules: [{313D14B8-E4DE-49E5-834A-83CCF25EE213}] => (Allow) LPort=7850 FirewallRules: [{CD034DE1-FE5E-4F64-B176-FF28584741BE}] => (Allow) LPort=7852 FirewallRules: [{B4B2A9E6-C3C2-41EC-AC16-5857A0C970FB}] => (Allow) LPort=7853 FirewallRules: [{9EC66787-6C17-4C3E-96A6-2629097D620A}] => (Allow) LPort=27022 FirewallRules: [{FEB7C062-9821-44CD-8704-D116568FF149}] => (Allow) LPort=6881 FirewallRules: [{C15DEFB2-1F21-4C87-9DE9-2E50FB858203}] => (Allow) LPort=33333 FirewallRules: [{C3AE48C9-A854-4FFA-B192-BF009B60B5AE}] => (Allow) LPort=20443 FirewallRules: [{6F000C14-F494-401C-A27F-D9536F10A9E2}] => (Allow) LPort=8090 FirewallRules: [{97C1CA4B-F030-40E4-8589-D919098741FB}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe FirewallRules: [{ABA6107A-C085-4D88-9AC2-64382DDEB3ED}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{ED7BC393-726E-49A7-95E2-D6CAB04E5A4C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{7ED9B658-A517-40AD-B219-C325082B66D8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{283742EE-6FC6-4AA4-B54B-71AEBD4CE772}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{966B5A11-EC60-480D-A41D-C8544E4F2C9A}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{1E1D0541-529D-4DE9-BA89-910EB745ED8E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{C591F641-30C4-4972-8717-A64238CF2A15}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{9F4DBDEE-1283-438A-8E1B-B97E9B4E26FE}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [TCP Query User{98E81A8F-998F-4618-95D5-B514444E1727}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{F52F4886-7348-4E75-9AC9-FE505F09CC11}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{81010EEF-6D22-490D-93A1-D97BE06643F5}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe FirewallRules: [{1026EB6F-40C4-4828-9FF5-4C0B1A6627F0}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe FirewallRules: [{165D1ADD-AF1B-4062-89A2-074F55281C43}] => (Allow) C:\Users\Family\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe FirewallRules: [{DC888424-8C3F-4A9A-A156-11DB4EC2550E}] => (Allow) C:\Users\Family\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe FirewallRules: [{87A659C7-CD6D-4DC6-8AE2-C9A2E98097AE}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{E5A3BAF2-EC96-44A0-8FD1-FB730AB4F24F}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{4B3857B9-13A8-4297-85F5-8E699D3D859D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{D01A12C6-A6CA-4CED-B412-84576059322F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [TCP Query User{262275F4-B8EE-4583-9B63-7B97419F0A12}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{9D133308-895A-4F15-82AB-53F9249FF368}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{416AE572-9737-452A-B00C-41DCD8F505AF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{9862B4A5-E0B1-4C8C-8B65-0F54548FA421}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{E9C38E9C-5081-4A46-ACC5-809C1532E2DE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{0A3732D8-4110-4358-9AAC-772E3755DF9F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [TCP Query User{3C4E6533-6BA8-4715-9DF6-65D4A23D18FA}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{92935EA0-C120-4FCF-8B86-887D25679B76}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{47AD7919-B072-47AA-A06E-043B24BAB035}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{6E8317BC-0D7A-44B2-86E1-4274E88A62DE}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [TCP Query User{A18A3843-06A3-4979-B8F1-9CD1C424E8D2}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe FirewallRules: [UDP Query User{E6F42C16-0AD0-4956-A726-62F1AA62008C}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe FirewallRules: [{5AEC63AD-4128-4119-92F1-A66BD3A6DDCD}] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe FirewallRules: [{E0E440E9-1938-46E8-8227-65D6BCCCC16D}] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe FirewallRules: [TCP Query User{F117029A-B8B0-4F78-8A38-4911A6BFB5C8}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [UDP Query User{C0887D99-AFD1-4EC2-B82E-6E6800921419}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [{89C0E421-411A-4084-BF09-90DA6C5989DF}] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [{DC5350B6-C2C2-4ABB-9C77-F10C2365CF0F}] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [TCP Query User{E5B22BB9-F6DF-4311-A7E9-58A39107CB1E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{21406FD4-6280-4867-8CF3-8DC62226F9E0}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{D911F201-1737-4DDC-A479-18ED67B55CAC}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{257423DE-738A-4ECC-A723-CF0A7AB0C8AB}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [TCP Query User{C63FA5CF-05DE-4A89-B4BB-EA4798AC9258}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{B0E6C28D-6FEB-41DC-A9E5-B151F95BB0A3}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{2F671A0A-0782-4FA9-A24C-4DE239D4EA13}] => (Block) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{ECAC49FD-BABD-49DE-A66E-7D2BCE67B09E}] => (Block) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{603EC5F7-1877-4B55-95E4-44AE20AACEE9}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe FirewallRules: [{F46D1371-718B-4572-85AF-ABCB6FB0CD82}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe FirewallRules: [{ADF420BD-1998-4FE2-8969-35AD129DA3E2}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\ITA_ita\S.K.I.L.L\Binaries\Win32\sf2.exe FirewallRules: [{B25D0B0D-BCDA-4523-B5FF-6E22AD20EFC3}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\ITA_ita\S.K.I.L.L\Binaries\Win32\sf2.exe FirewallRules: [TCP Query User{DF1B07EB-BDAF-4F98-B702-8592ACD602D5}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{E8FDA2F2-7733-4E02-9407-06FE7077DBF6}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{2AAB2C83-2EE5-4CC9-AAB2-48B2A518CF25}] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{7FC69171-F2F5-4995-9573-BFC6232791B5}] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [TCP Query User{E4F8BFE6-19EB-4583-827A-10E30783F6C1}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{BB7AFC0C-6226-4060-9468-A769DA3489EA}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [{350E3E4E-BF57-4900-829F-33ACC3504E50}] => (Block) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [{EB663D56-365C-4B18-BAF5-126B028BE374}] => (Block) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [TCP Query User{21536A45-19C3-4F4D-B8A6-5F08A06FFB1B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{3A5185A4-8FCD-4E09-8432-5F93D2809F1F}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{EF244DCB-13CD-4D0B-9907-E0375EBADE94}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{85EB4EBD-2D73-4E93-8951-8740A3633194}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{9C446134-C9FB-4C16-82C2-211A3AD7A6DD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{4AB5EC88-9488-4D42-BEC7-C781882955C2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{F477CBDD-A81D-4556-A8C9-F89BC69EAA88}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{43678EC5-3436-4362-94E3-57F71134AC6B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [TCP Query User{8E2464B1-AEAD-41BD-A301-5224D7876690}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [UDP Query User{9DAB3C0E-DCBA-4B08-B6DB-A0BB8FAB7E21}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [{C313559A-7419-4799-966D-884B7C89B48E}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [{6FB50232-1445-4C7F-81A5-D46D066EF502}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [{E1F83E18-D32F-4EBC-ADD3-DB47810CAEF7}] => (Allow) C:\WarThunder\bpreport.exe FirewallRules: [{643180EC-0A7E-484E-868C-296F0335CF19}] => (Allow) C:\WarThunder\bpreport.exe FirewallRules: [TCP Query User{F150A2E7-2C91-4D6F-A632-55AA379DF3F7}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe FirewallRules: [UDP Query User{21DE7B20-66A5-4E0E-9894-B5E4AC59AFC6}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe FirewallRules: [{51813490-2508-4EEF-BE0F-C3F1E49AED0A}] => (Block) C:\warthunder\aces.exe FirewallRules: [{8C495DB5-EA91-4631-809F-53C437BA4B51}] => (Block) C:\warthunder\aces.exe FirewallRules: [TCP Query User{23AC2331-20B8-41DA-9D86-49F088D39D05}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{8E31D7C0-5472-4918-BECB-A18041E00E4E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{BB7332DD-2640-4DF3-82B7-BC89148B03C2}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe FirewallRules: [UDP Query User{8F2612A0-1BDF-4203-97C9-8561619CC482}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe FirewallRules: [{B87A4A47-555B-4881-B7CD-0ACA30740251}] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe FirewallRules: [{541EB8CA-85A0-48D0-9D90-4890C729D6EE}] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe FirewallRules: [TCP Query User{B2D04C80-A02A-41EC-A31A-95E53BC2E50E}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{69557955-8BB1-4D92-B6E7-E39DFE6FB2F0}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{CC73424D-48CD-4D4C-A0A6-14A7085A5D0F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{4B155C57-81F2-4F0E-9121-C7DF0C65209F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{E191B3DE-B258-4EC1-AFF3-801DA29C0C98}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{4161CEBE-40F6-4BCB-9C3D-9800816AE95E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{F57C2C15-0055-4EB2-A9CF-815C0ECCFDDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [TCP Query User{FA6B9906-D973-4C72-B635-1323AD910D5B}C:\games\tom clancys rainbow six siege\rainbowsixgame.exe] => (Block) C:\games\tom clancys rainbow six siege\rainbowsixgame.exe FirewallRules: [UDP Query User{44124ED1-3149-4CE5-B3AA-27C78F9E8931}C:\games\tom clancys rainbow six siege\rainbowsixgame.exe] => (Block) C:\games\tom clancys rainbow six siege\rainbowsixgame.exe FirewallRules: [TCP Query User{FDD63012-604D-4165-A502-25C2B4B540FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{BCCAF2E7-6C4E-47F0-A3F3-48A2888DF4A6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{516AC1B1-2114-455C-BA11-8BBF9D09F44F}C:\games\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\games\tom clancys rainbow six siege\rainbowsix.exe FirewallRules: [UDP Query User{B19E8447-45E2-4813-8C61-1FF26951BC3F}C:\games\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\games\tom clancys rainbow six siege\rainbowsix.exe FirewallRules: [{CB1B9894-A41E-4377-B7DF-4AE6CB57AEC4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8F6A10FA-509B-4570-BC67-8363054E1D95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6AD2320E-DB45-4C60-A78E-0D85C50F1397}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{FCB541CD-707E-4E52-8306-A612771D673E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{4DBF2B10-3CD3-4E21-947D-5C3EA6D9FEBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F972239D-CBF9-4F39-85A6-E1270660970A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [TCP Query User{1D4D4308-A152-4742-95BF-552D8C257633}C:\programdata\oracle\java\javapath_target_670570828\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_670570828\java.exe FirewallRules: [UDP Query User{B861E5FD-3870-4096-AF7D-92CB7E185194}C:\programdata\oracle\java\javapath_target_670570828\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_670570828\java.exe FirewallRules: [{0281B987-C171-43DA-BAFD-6C4A0AB4BC88}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D5877936-D71A-4CCE-A30E-B023ADEBD463}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{924F33A9-D010-43BC-97C2-41C765748323}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{78F9CD25-DDCF-414B-BF3C-5658A7CD6A39}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{9DFBAF6D-FFE4-4935-BD03-E80B95D1B462}C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe FirewallRules: [UDP Query User{1D051D65-B72D-4251-B0BA-47ECFE300D87}C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe FirewallRules: [TCP Query User{EDC53283-5FC9-4CD9-9151-56F6B81F07D5}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{4208840A-E40A-4A00-AD4F-CC2EB9C45509}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{5C2487D1-3A8B-4E9E-8F57-15FC3C17AA16}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe FirewallRules: [{228DC351-9910-49DA-889D-8578E6D53690}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe FirewallRules: [{1FCCBA26-CED4-4AE7-909A-DB3F680EEFDF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe FirewallRules: [{F033629F-5B9B-4A79-AEE4-93DA39A8CAFC}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe FirewallRules: [TCP Query User{8E9BBA83-1704-49AA-9171-3CECC656A273}C:\programdata\oracle\java\javapath_target_100913625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_100913625\java.exe FirewallRules: [UDP Query User{B99ADD53-1689-4293-A74E-3A3F95485FC0}C:\programdata\oracle\java\javapath_target_100913625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_100913625\java.exe FirewallRules: [TCP Query User{ACB98BDF-1976-4596-A4F8-0EF4B06D89FF}C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe FirewallRules: [UDP Query User{8D13966B-C0A2-4165-BCDA-827665828F45}C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe FirewallRules: [{668D9F87-3692-44DE-B2CB-9E2DAFF1CBA3}] => (Allow) C:\Users\Family\AppData\Local\MiPhoneManager\main\MiPhoneManager.exe FirewallRules: [{ECCDF29C-0646-47A0-A325-63E088282D76}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe FirewallRules: [{538B45A7-7A19-4D97-9C36-F166D01D4780}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe FirewallRules: [TCP Query User{F8C5DD73-EDF3-4661-B635-571E1A62DBA6}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{409F4685-67F3-4343-8E79-5815E582B1B3}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{D462427F-6FB8-49B9-9F69-4D35E7084195}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{9E926A74-2F12-4140-BAE6-0755A244A93F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{6443DEB5-25AE-4ACC-8390-846ACBB16A71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-09-2017 14:06:18 Punto di controllo pianificato 26-09-2017 13:41:15 Windows Update 26-09-2017 14:21:58 Programma di installazione dei moduli di Windows 27-09-2017 12:50:09 JRT Pre-Junkware Removal 27-09-2017 12:56:07 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2017 12:56:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Accesso negato. . Error: (09/27/2017 12:50:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Accesso negato. . Error: (09/27/2017 10:52:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: Nox.exe, versione: 3.7.6.1, timestamp: 0x02b29be8 Nome del modulo che ha generato l'errore: Nox.exe, versione: 3.7.6.1, timestamp: 0x02b29be8 Codice eccezione: 0xc0000005 Offset errore 0x0019a517 ID processo che ha generato l'errore: 0x1b7c Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3376df5641485 Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Nox\bin\Nox.exe Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Nox\bin\Nox.exe ID segnalazione: 39e6d83e-a361-11e7-8341-60a44c3d1aa4 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (09/26/2017 05:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma WinRAR.exe versione 5.21.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo. ID processo: 1ce8 Ora di avvio: 01d336d9d5ff80bb Ora di chiusura: 0 Percorso applicazione: C:\Program Files\WinRAR\WinRAR.exe ID segnalazione: 88ed7bbb-a2d2-11e7-8340-60a44c3d1aa4 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (09/26/2017 02:18:39 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Famiglia) Description: Impossibile arrestare l'applicazione o il servizio 'Tracking'. Error: (09/26/2017 02:18:39 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Famiglia) Description: Impossibile arrestare l'applicazione o il servizio 'Tracking'. Error: (09/26/2017 01:41:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Accesso negato. . Error: (09/24/2017 06:07:32 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma kodi.exe versione 17.4.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo. ID processo: 2714 Ora di avvio: 01d3354e60399a4e Ora di chiusura: 58 Percorso applicazione: C:\Program Files (x86)\Kodi\kodi.exe ID segnalazione: 746dd2e1-a142-11e7-833d-60a44c3d1aa4 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (09/24/2017 01:42:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: kodi.exe, versione: 17.4.0.0, timestamp: 0x599be633 Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.3.9600.18696, timestamp: 0x5915ecd6 Codice eccezione: 0xc0000005 Offset errore 0x00040e92 ID processo che ha generato l'errore: 0x1838 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d335229dde647d Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Kodi\kodi.exe Percorso del modulo che ha generato l'errore: C:\Windows\SYSTEM32\ntdll.dll ID segnalazione: 6eaed449-a11d-11e7-833d-60a44c3d1aa4 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (09/23/2017 10:53:49 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: La procedura Open per il servizio "WmiApRpl" nella DLL "C:\Windows\system32\wbem\wmiaprpl.dll" non è riuscita. I dati delle prestazioni per questo servizio non saranno disponibili. I primi quattro byte (DWORD) della sezione Data contengono il codice di errore. System errors: ============= Error: (09/27/2017 12:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:51:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:51:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Sandboxie Service. Questo evento si è già verificato 1 volta(e). Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio HuaweiHiSuiteService64.exe. Questo evento si è già verificato 1 volta(e). Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:37:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA Telemetry Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio. Error: (09/27/2017 12:37:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio CyberGhost 6 Service. Questo evento si è già verificato 1 volta(e). CodeIntegrity: =================================== Date: 2017-09-26 13:29:03.080 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 13:28:56.615 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 13:28:29.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 13:28:20.558 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:44.894 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:38.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:33.050 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:31.219 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:30.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-26 11:54:28.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Percentage of memory in use: 26% Total physical RAM: 8142.36 MB Available physical RAM: 6012.02 MB Total Virtual: 9422.36 MB Available Virtual: 7799.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:814.23 GB) (Free:421.77 GB) NTFS Drive d: (Dati) (Fixed) (Total:117.19 GB) (Free:13.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E9297D9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=814.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Spero di non aver sbagliato nulla, ti ringrazio ancora Ultima modifica di MicheleFG : 27-09-2017 alle 12:33. |
|
27-09-2017, 16:37 | #4 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ciao
allora .. usi per caso un proxy per collegarti a internet???: ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled. posiziona frst sul desktop assieme al file allegato fixlist.txt tasto dx sopra frst--->esegui come amministratore clicca su fix attendi la fine delle operazioni e che il pc si riavvii (se non lo fa fallo te) posta il fixlog resetta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser dovrai reinpostare anche la pagina iniziale fai pulizia con ccleaner sia sistema che registro.. fa sapere come va il pc .... Ciao |
28-09-2017, 09:37 | #5 |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
Che io sappia non sto usando proxy
Nei giorni scorsi ho usato dei programmi per i quali ho dovuto usare dei proxy, ma la cosa è finita lì. Poi, sempre nei giorni scorsi, ho usato anche Cyberghost VPN, però disconnettendomi sempre, quindi mi sembra strana la cosa. In ogni caso ho fatto tutto quello che mi hai detto, e a dirti la verità sembra non mi dia più il problema che avevo descritto all'inizio. Ti posto il log del fix: Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01 Ran by Family (28-09-2017 10:01:06) Run:1 Running from C:\Users\Family\Desktop Loaded Profiles: Family (Available Profiles: Family) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516aa9-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516d00-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1a9ed080-03fd-11e7-8325-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {46e8ebd3-faab-11e6-8324-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {4d386012-4f48-11e6-82d3-001583c4341c} - "J:\autorun.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b51a-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b555-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297c78-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297d18-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {749f6e3f-7c16-11e7-8338-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {8d86910c-b87a-11e6-830d-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> {7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default Toolbar: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26] CHR HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ask: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {3C9BD689-837C-4B4F-8F77-FDEB044B8715} - \AutoPico Daily Restart -> No File <==== ATTENTION C:\Program Files\Common Files\AV\avast! Antivirus Shortcut: C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk -> C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt () <==== Cyrillic Shortcut: C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File) C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt ShortcutWithArgument: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list Folder: C:\Users\Family\AppData\Roaming\ScreenShot Folder: C:\Users\Family\AppData\Roaming\Jaty HOSTS: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset C:\resettcpip.txt CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" CMD: Bitsadmin /Reset /Allusers EMPTYTEMP: Reboot: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10516aa9-f37c-11e6-8322-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{10516aa9-f37c-11e6-8322-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10516d00-f37c-11e6-8322-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{10516d00-f37c-11e6-8322-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a9ed080-03fd-11e7-8325-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{1a9ed080-03fd-11e7-8325-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46e8ebd3-faab-11e6-8324-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{46e8ebd3-faab-11e6-8324-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d386012-4f48-11e6-82d3-001583c4341c} => key removed successfully HKLM\Software\Classes\CLSID\{4d386012-4f48-11e6-82d3-001583c4341c} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5635b51a-ba11-11e6-830e-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{5635b51a-ba11-11e6-830e-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5635b555-ba11-11e6-830e-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{5635b555-ba11-11e6-830e-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b297c78-6aa8-11e6-82db-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{5b297c78-6aa8-11e6-82db-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b297d18-6aa8-11e6-82db-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{5b297d18-6aa8-11e6-82db-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749f6e3f-7c16-11e7-8338-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{749f6e3f-7c16-11e7-8338-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d86910c-b87a-11e6-830d-60a44c3d1aa4} => key removed successfully HKLM\Software\Classes\CLSID\{8d86910c-b87a-11e6-830d-60a44c3d1aa4} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} => key removed successfully HKLM\Software\Classes\CLSID\{7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} => key not found. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully HKLM\Software\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found. CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18] => Error: No automatic fix found for this entry. CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] => Error: No automatic fix found for this entry. CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26] => Error: No automatic fix found for this entry. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully EagleX64 => service removed successfully HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully xhunter1 => service removed successfully HKLM\System\CurrentControlSet\Services\xspirit => key removed successfully xspirit => service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. ask: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C9BD689-837C-4B4F-8F77-FDEB044B8715} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C9BD689-837C-4B4F-8F77-FDEB044B8715} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully "C:\Program Files\Common Files\AV\avast! Antivirus" => not found. C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk => moved successfully C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk => moved successfully C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt => moved successfully C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk => Shortcut argument removed successfully. C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk => Shortcut argument removed successfully. ========================= Folder: C:\Users\Family\AppData\Roaming\ScreenShot ======================== 2017-09-26 14:23 - 2017-09-26 14:24 - 000075507 _____ () C:\Users\Family\AppData\Roaming\ScreenShot\screen.jpeg ====== End of Folder: ====== ========================= Folder: C:\Users\Family\AppData\Roaming\Jaty ======================== ====== End of Folder: ====== C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= netsh advfirewall reset ========= OK. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= OK. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configurazione IP di Windows Cache del resolver DNS svuotata. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Reimpostazione catalogo Winsock completata. Ô necessario riavviare il computer per completare l'operazione. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Reimpostazione di Globale completata. Reimpostazione di Interfaccia completata. Reimpostazione di Router adiacente completata. Reimpostazione di Percorso completata. Reimpostazione di non riuscita. Accesso negato. Reimpostazione di completata. Riavviare il computer per completare l'azione. ========= End of CMD: ========= ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale. Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {F9A92B1C-99A9-4A65-985E-B0910699197D} canceled. 1 out of 1 jobs canceled. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46137842 B Java, Flash, Steam htmlcache => 61220272 B Windows/system/drivers => -181365510 B Edge => 0 B Chrome => 566442362 B Firefox => 0 B Opera => 63824128 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 235630 B systemprofile32 => 128 B LocalService => 23122 B NetworkService => -658 B Family => 414704114 B RecycleBin => 10455846363 B EmptyTemp: => 10.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:04:06 ==== |
28-09-2017, 11:03 | #6 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ok, quindi togliamo il proxy...
anzitutto se non usi piu Cyberghost VPN disinstallalo da pannello di controllo... poi fai pulizia con ccleaner sia sistema che registro... -cancella il fixlist.txt che ti avevo dato e il fixlog.txt (questo per non sbagliaci con i file) -poi posiziona frst sul desktop assieme al nuovo fixlist.txt in allegato -tasto dx sopra frst--->esegui come amministratore -clicca su FIX -attendi che finisca e che si riavvia il pc (se non si riavvia fallo te) -posta il nuovo fixlog.txt Controlla se tutto va bene e che non riscontri problemi... poi se è tutto ok seguiranno le ultime pulizie dei programmi e log usati per fare scansioni.... |
28-09-2017, 12:38 | #7 | |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
Quote:
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01 Ran by Family (28-09-2017 13:14:59) Run:2 Running from C:\Users\Family\Desktop Loaded Profiles: Family (Available Profiles: Family) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled. HOSTS: Removeproxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns EMPTYTEMP: Reboot: End ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= OK. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= OK. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configurazione IP di Windows Cache del resolver DNS svuotata. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3266018 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => -481259143 B Edge => 0 B Chrome => 263956848 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 2390 B Family => 77164931 B RecycleBin => 16744 B EmptyTemp: => -128463604 byte temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:17:31 ==== Dimenticavo, da quello che vedo i problemi sono stati risolti Ultima modifica di MicheleFG : 28-09-2017 alle 12:42. |
|
28-09-2017, 12:49 | #8 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ok se non ci sono piu problemi ,facciamo pulizia dei programmi installati per fare le scansioni....
Scarica sul desktop delfix da qui https://www.bleepingcomputer.com/download/delfix/ Aprilo e metti la spunta: Activate uac Remove disinfenction tool Create registry beckup Purge system restore Clicca su run e attendi la fine delle operazioni.... Posta il log generato... |
28-09-2017, 16:37 | #9 | |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
Quote:
# DelFix v1.010 - Logfile created 28/09/2017 at 17:33:07 # Updated 26/04/2015 by Xplode # Username : Family - FAMIGLIA # Operating System : Windows 8.1 Pro (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Family\Desktop\FRST-OlderVersion Deleted : C:\Users\Family\Desktop\AdwCleaner.exe Deleted : C:\Users\Family\Desktop\AdwCleaner[C0]2.txt Deleted : C:\Users\Family\Desktop\AdwCleaner[S0].txt Deleted : C:\Users\Family\Desktop\Fixlog.txt Deleted : C:\Users\Family\Desktop\FRST64.exe Deleted : C:\Users\Family\Desktop\JRT.exe Deleted : C:\Users\Family\Desktop\JRT.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #191 [Punto di controllo pianificato | 09/21/2017 12:06:18] Deleted : RP #192 [Windows Update | 09/26/2017 11:41:15] Deleted : RP #193 [Programma di installazione dei moduli di Windows | 09/26/2017 12:21:58] Deleted : RP #194 [JRT Pre-Junkware Removal | 09/27/2017 10:50:09] Deleted : RP #195 [JRT Pre-Junkware Removal | 09/27/2017 10:56:07] Deleted : RP #197 [Restore Point Created by FRST | 09/28/2017 08:01:07] Deleted : RP #199 [Restore Point Created by FRST | 09/28/2017 11:15:16] New restore point created ! ########## - EOF - ########## |
|
28-09-2017, 16:52 | #10 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ok perfetto...
Il pc è ripulito Se non riscontri problemi abbiamo finito.... Per qualsiasi cosa siamo qui... |
28-09-2017, 20:37 | #11 |
Member
Iscritto dal: Jun 2012
Messaggi: 156
|
|
28-09-2017, 20:42 | #12 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
De nada ,è stato un piacere....
Ciao buona serata |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:55.