Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina Pc probabilmente infetto, mi date una mano?

Appian: non solo low code. La missione è l’ottimizzazione dei processi con l'IA
Appian: non solo low code. La missione è l’ottimizzazione dei processi con l'IA
Abbiamo partecipato ad Appian World 2024, evento dedicato a partner e clienti che si è svolto recentemente nei pressi di Washington DC, vicino alla sede storica dell’azienda. Nel festeggiare il 25mo anniversario, Appian ha annunciato diverse novità in ambito intelligenza artificiale
Lenovo ThinkVision 3D 27, la steroscopia senza occhialini
Lenovo ThinkVision 3D 27, la steroscopia senza occhialini
Primo contatto con il monitor Lenovo ThinkVision 3D 27 che grazie a particolari accorgimenti tecnici riesce a ricreare l'illusione della spazialità tridimensionale senza che sia necessario utilizzare occhialini
La Formula E può correre su un tracciato vero? Reportage da Misano con Jaguar TCS Racing
La Formula E può correre su un tracciato vero? Reportage da Misano con Jaguar TCS Racing
Abbiamo visto ancora una volta la Formula E da vicino, ospiti di Jaguar TCS Racing. In questa occasione però curve e rettilinei erano quelli di un circuito permanente, molto diverso dagli stretti passaggi delle strade di Roma
Il 5 maggio torna la Maratona Fotografica di Bergamo, arrivata alla nona edizione
Teatro dei Vitellini - Regia di Gian Paolo Barbieri, la nuova mostra alla Leica Galerie Milano
Phi-3 Mini, il modello IA di Microsoft che può funzionare sugli smartphone
D-Wave annuncia la disponibilità della ricottura quantistica veloce, per calcoli ancora più rapidi
AWS aggiorna Amazon Bedrock con nuove funzionalità
Sonos: in arrivo un restyling completo per l'app
La Russia ha condannato il direttore delle comunicazioni di Meta a 6 anni di reclusione per 'terrorismo'
Dead Island 2 arriva finalmente su Steam: approfittate dello sconto lancio del 50%
Era già il tablet più conveniente su Amazon, e ora si abbassa ancora di prezzo: 10,4'' 2000x1200 pixel, 8GB/128GB, LTE, batteria 7200mAh a soli 119€
Razer Viper V3 Pro: il mouse da gaming wireless per il massimo delle prestazioni
Noctua NH-L12Sx77: il dissipatore per build SFF da gioco potenti e silenziose
Tutti gli articoli Tutte le news

Vai al Forum
Rispondi
 
Strumenti
Old 27-09-2017, 09:31   #1
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Pc probabilmente infetto, mi date una mano?
Buongiorno a tutti.
Scrivo qui perchè ho il serio dubbio che il mio pc sia infetto. Per prima cosa vi spiego il problema: ieri pomeriggio, da un certo momento in poi, ho iniziato ad avere problemi durante la navigazione. Praticamente quando cerco di andare sulla home di google, o su gmail, mi viene riportato l'errore che potete vedere in allegato. Ma questo accade anche su altri siti, magari non all'apertura ma durante la navigazione. Se ci fate caso quel "here" è evidenziato e bisogna cliccarci per arrivare alla pagina richiesta. A me questa cosa sembra poco normale, per questo chiedo a voi se si tratta di virus o altro. Ho provveduto a fare una scansione con MalwareBytes e ad eliminare ciò che ha trovato. Ho anche fatto una scansione con windows defender e applicato le azioni richieste, anche se non del tutto perchè ad un certo punto ci metteva troppo per completare l'operazione e ho chiuso.
Mi sapete dare qualche consiglio? Vi ringrazio in anticipo http://it.tinypic.com/view.php?pic=14u8kdk&s=9
http://it.tinypic.com/view.php?pic=107tklk&s=9
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 27-09-2017, 10:55   #2
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
Ciao
esegui i software sotto in sequenza come postati ;

Malwarebyte antimalware se lo hai eseguito
posta il log generato
Se no rieseguilo...

Poi scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia comeamministratore e fai la scansione elimina quello che trova e posta il log

poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/dow...-removal-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra ed apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log scaturito(lotrovi sul desktop)

Infine scarica frst da qui https://www.bleepingcomputer.com/dow...ery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

Non preoccuparti le scansioni sono quasi tutte relativamente veloci...
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
Old 27-09-2017, 11:28   #3
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Quote:
Originariamente inviato da Dan1979 Guarda i messaggi
Ciao
esegui i software sotto in sequenza come postati ;

Malwarebyte antimalware se lo hai eseguito
posta il log generato
Se no rieseguilo...

Poi scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia comeamministratore e fai la scansione elimina quello che trova e posta il log

poi prova jrt scaricalo da qui https://www.bleepingcomputer.com/dow...-removal-tool/
disattiva antivirus
metti l eseguibile sul desktop
tasto dx sopra ed apri come amministratore
dai invio quando richiesto
attendi la fine della scansione
riattiva antivirus
posta il log scaturito(lotrovi sul desktop)

Infine scarica frst da qui https://www.bleepingcomputer.com/dow...ery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

Non preoccuparti le scansioni sono quasi tutte relativamente veloci...
Grazie mille, provvedo a fare ciò che mi hai detto e posto tutto

Edit:
Ti posto i log, anche se quello di JRT me l'aveva dato vuoto la prima volta, non so perchè, quindi quello che allego non ha trovato nulla
MALWAREBYTES (Ti posto quello della prima scansione, perchè quello di oggi è pulito.) Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 26/09/17
Ora scansione: 15:06
File di log: 846c0626-a2bb-11e7-84ef-00ffe59e53ed.json
Amministratore: Sì

-Informazioni software-
Versione: 3.2.2.2018
Versione componenti: 1.0.188
Aggiorna versione pacchetto: 1.0.2890
Licenza: Free

-Informazioni sistema-
SO: Windows 8.1
CPU: x64
File system: NTFS
Utente: Famiglia\Family

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 355430
Minacce rilevate: 20
Minacce messe in quarantena: 20
Tempo impiegato: 16 min, 44 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 1
Spyware.Agent.E, HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Traveller, In quarantena, [306], [433872],1.0.2890

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 19
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage, In quarantena, [259], [240305],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage-journal, In quarantena, [259], [240305],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, In quarantena, [259], [240305],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, In quarantena, [259], [240305],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage, In quarantena, [259], [240306],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage-journal, In quarantena, [259], [240306],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, In quarantena, [259], [240306],1.0.2890
PUP.Optional.MindSpark, C:\USERS\FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, In quarantena, [259], [240306],1.0.2890
Spyware.Agent.E, C:\USERS\FAMILY\APPDATA\ROAMING\JATY\WEBHELPER.EXE, In quarantena, [306], [433872],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG209.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG75.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG731.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG156.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG747.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG521.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG484.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG930.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG264.TMP, Elimina al riavvio, [8722], [438295],1.0.2890
Spyware.PasswordStealer.Generic, C:\USERS\FAMILY\APPDATA\LOCAL\TEMP\TMPG801.TMP, Elimina al riavvio, [8722], [438295],1.0.2890

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)

ADWCLEANER
# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 27 10:40:24 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 8.1 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Users\Family\AppData\Local\YSearchUtil
Deleted: C:\Users\Family\AppData\Roaming\acestream
Deleted: C:\Users\Family\AppData\LocalLow\.acestream
Deleted: C:\Users\Family\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F53E9D08-7347-4EF5-A427-07667A7BA565}C:\users\family\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AFE20F55-DB1C-4D8C-9271-8E6D51D1D457}C:\users\family\appdata\roaming\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{846BFC5C-C5E5-47C0-8092-8D3DE265C893}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B0AD5503-7BFD-4E4A-985E-C2922D19C1DF}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8598DF96-10B0-4C5E-8C1E-D57DE72E5080}C:\users\family\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5DD30286-5699-4DE1-ABE6-11C8351410DB}C:\users\family\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted: [Value] - HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceUpdater
Deleted: [Value] - HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceWebException
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Amazon Assistant for Chrome -
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask Search - websearch.ask.com
SearchProvider deleted: Nova-IT Customized Web Search - search.conduit.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4445 B] - [2017/9/27 10:33:29]

JRT (Penso inutile dato che è vuoto )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64
Ran by Family (Administrator) on 27/09/2017 at 12:56:07,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/09/2017 at 12:57:20,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017
Ran by Family (administrator) on FAMIGLIA (27-09-2017 13:02:05)
Running from C:\Users\Family\Desktop
Loaded Profiles: Family (Available Profiles: Family)
Platform: Windows 8.1 Pro (Update) (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberGhost S.R.L) C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Dashlane] => C:\Users\Family\AppData\Roaming\Dashlane\Dashlane.exe [505808 2017-07-13] (Dashlane, Inc.)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [DashlanePlugin] => C:\Users\Family\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-07-13] (Dashlane, Inc.)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [MiPhoneManager] => C:\Users\Family\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [449464 2017-08-27] ()
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Spotify Web Helper] => C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [Spotify] => C:\Users\Family\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516aa9-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516d00-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1a9ed080-03fd-11e7-8325-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {46e8ebd3-faab-11e6-8324-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {4d386012-4f48-11e6-82d3-001583c4341c} - "J:\autorun.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b51a-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b555-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297c78-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297d18-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {749f6e3f-7c16-11e7-8338-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {8d86910c-b87a-11e6-830d-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-09-04]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Family\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-02-12]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - .lnk [2017-05-15]
ShortcutTarget: Monitora avvisi inchiostro - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 3050A J611 series (Rete).lnk [2017-09-27]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 3050A J611 series (Rete).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{78FEF290-ABC0-490E-8B74-9BF41DD0BF16}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{78FEF290-ABC0-490E-8B74-9BF41DD0BF16}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> {7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-06-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: miki.bi32@gmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-06-13] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (Google Traduttore) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-17]
CHR Extension: (Presentazioni Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Documenti Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-09-18]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-07]
CHR Extension: (Fogli Google) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18]
CHR Extension: (Google Documenti offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-21]
CHR Extension: (ClixAddon) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2017-09-16]
CHR Extension: (ModHeader) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2017-09-15]
CHR Extension: (Estensione Google Keep per Chrome) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-06-12]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-07-06]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 CG6Service; C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc) [File not signed]
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.) [File not signed]
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.) [File not signed]
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-27] (Malwarebytes)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-01-20] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-16] (BigNox Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2016-12-16] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 13:02 - 2017-09-27 13:04 - 000021041 _____ C:\Users\Family\Desktop\FRST.txt
2017-09-27 13:01 - 2017-09-27 13:02 - 000000000 ____D C:\FRST
2017-09-27 13:00 - 2017-09-27 13:01 - 002399744 _____ (Farbar) C:\Users\Family\Desktop\FRST64.exe
2017-09-27 12:57 - 2017-09-27 12:57 - 000000548 _____ C:\Users\Family\Desktop\JRT.txt
2017-09-27 12:46 - 2017-09-27 12:46 - 001790024 _____ (Malwarebytes) C:\Users\Family\Desktop\JRT.exe
2017-09-27 12:44 - 2017-09-27 12:44 - 000004081 _____ C:\Users\Family\Desktop\AdwCleaner[C0]2.txt
2017-09-27 12:36 - 2017-09-27 12:36 - 000004445 _____ C:\Users\Family\Desktop\AdwCleaner[S0].txt
2017-09-27 12:31 - 2017-09-27 12:33 - 000000000 ____D C:\AdwCleaner
2017-09-27 12:30 - 2017-09-27 12:31 - 008182736 _____ (Malwarebytes) C:\Users\Family\Desktop\AdwCleaner.exe
2017-09-27 12:27 - 2017-09-27 12:27 - 000004378 _____ C:\Users\Family\Desktop\Malwarebytes 2.txt
2017-09-27 12:24 - 2017-09-27 12:24 - 000001412 _____ C:\Users\Family\Desktop\Malwarebytes.txt
2017-09-27 11:08 - 2017-09-27 11:14 - 3166198758 _____ C:\Users\Family\Desktop\Metodi By Wrongol.rar
2017-09-26 14:26 - 2017-09-26 14:26 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-09-26 14:26 - 2017-09-26 14:26 - 000018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-09-26 14:23 - 2017-09-26 14:23 - 000000000 ___HD C:\Users\Family\AppData\Roaming\ScreenShot
2017-09-26 13:40 - 2017-09-26 16:07 - 000000000 ____D C:\Users\Family\AppData\Roaming\Jaty
2017-09-26 11:00 - 2017-09-26 11:00 - 000002050 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-09-26 10:59 - 2017-09-27 11:50 - 000000000 ____D C:\Users\Family\AppData\Local\CyberGhost
2017-09-26 10:21 - 2017-09-26 10:21 - 000000000 ____D C:\Program Files\TAP-Windows
2017-09-26 10:18 - 2017-09-26 10:24 - 000000000 ____D C:\Program Files (x86)\CyberGhost
2017-09-26 10:18 - 2017-09-26 10:18 - 000001043 _____ C:\Users\Public\Desktop\CyberGhost.lnk
2017-09-26 10:18 - 2017-09-26 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2017-09-26 10:07 - 2017-09-26 10:08 - 015882333 _____ (CyberGhost Windows Client ) C:\Users\Family\Downloads\CyberGhost VPN 6.0.2.exe
2017-09-26 10:05 - 2017-09-26 10:05 - 000272597 _____ C:\Users\Family\Downloads\Proxy Shark 2016 v1.6 (Vip Pro Edition).rar
2017-09-24 20:07 - 2017-09-24 20:07 - 000000000 ___RD C:\Sandbox
2017-09-24 20:05 - 2017-09-25 21:35 - 000001636 _____ C:\Windows\Sandboxie.ini
2017-09-24 20:05 - 2017-09-24 20:04 - 000000918 _____ C:\Users\Family\Desktop\Browser Web nell'area virtuale.lnk
2017-09-24 20:04 - 2017-09-24 20:04 - 008981640 _____ (Sandboxie Holdings, LLC) C:\Users\Family\Downloads\SandboxieInstall.exe
2017-09-24 20:04 - 2017-09-24 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-09-24 20:04 - 2017-09-24 20:04 - 000000000 ____D C:\Program Files\Sandboxie
2017-09-17 11:02 - 2017-09-17 11:47 - 000000000 ____D C:\Users\Family\Desktop\TFA KWUAIT 2016
2017-09-16 09:24 - 2017-09-16 10:29 - 2156519026 ____R C:\Users\Family\Downloads\Transformers.L.Ultimo.Cavaliere.2017.iTALiAN.LD.WEBDL.XviD-CriMiNaL.avi
2017-09-15 17:56 - 2017-09-15 17:56 - 000066786 _____ C:\Users\Family\Downloads\contratto.pdf
2017-09-15 11:04 - 2017-09-15 11:33 - 1697259220 ____R C:\Users\Family\Downloads\Baywatch.2017.iTALiAN.EXTENDED.BDRip.XviD-DDNCREW.avi
2017-09-14 21:49 - 2017-09-26 10:17 - 000000000 ____D C:\Users\Family\Downloads\Baywatch.EXTENDED.2017.iTALiAN.BDRip.XviD-CYBER
2017-09-14 14:17 - 2017-09-14 14:23 - 000001274 _____ C:\Users\Family\Desktop\nativelog.txt
2017-09-14 13:24 - 2017-09-14 13:26 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-14 13:24 - 2017-09-14 13:24 - 000000973 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-09-14 13:24 - 2017-09-14 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-14 11:15 - 2017-09-14 11:18 - 000000000 ____D C:\Users\Family\AppData\Local\Spotify
2017-09-14 11:15 - 2017-09-14 11:15 - 000001856 _____ C:\Users\Family\Desktop\Spotify.lnk
2017-09-14 11:15 - 2017-09-14 11:15 - 000001842 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-09-14 11:14 - 2017-09-20 13:53 - 000000000 ____D C:\Users\Family\AppData\Roaming\Spotify
2017-09-13 11:08 - 2017-08-18 00:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-13 11:08 - 2017-08-18 00:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-13 11:08 - 2017-08-18 00:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-13 11:08 - 2017-08-18 00:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-13 11:08 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 11:08 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 11:08 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 11:08 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 11:08 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 11:08 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 11:08 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 11:08 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 11:08 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 11:08 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 11:08 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 11:08 - 2017-08-13 18:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-13 11:08 - 2017-08-13 18:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-13 11:08 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 11:08 - 2017-08-13 17:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-13 11:08 - 2017-08-13 17:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-13 11:08 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 11:08 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 11:08 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 11:08 - 2017-08-13 17:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-13 11:08 - 2017-08-13 17:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 11:08 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 11:08 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 11:08 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 11:08 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 11:08 - 2017-08-12 11:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 11:08 - 2017-08-12 11:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 11:08 - 2017-08-12 01:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 11:08 - 2017-08-12 01:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 11:08 - 2017-08-12 01:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 11:08 - 2017-08-11 05:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 11:08 - 2017-08-11 03:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 11:08 - 2017-08-06 23:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-13 11:08 - 2017-08-06 09:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-13 11:08 - 2017-07-21 15:40 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-09-13 11:08 - 2017-07-21 15:40 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-09-13 11:08 - 2017-07-14 22:08 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-09-13 11:08 - 2017-07-14 20:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-09-13 11:08 - 2017-07-08 20:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 11:08 - 2017-07-08 19:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 11:08 - 2017-07-08 19:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 11:08 - 2017-07-08 05:16 - 000086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-09-13 11:08 - 2017-07-01 15:47 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-09-13 11:08 - 2017-07-01 15:47 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-09-13 11:08 - 2017-07-01 15:47 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-09-13 11:08 - 2017-07-01 15:47 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-09-13 11:08 - 2017-07-01 15:47 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-09-13 11:08 - 2017-06-13 19:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-09-13 11:08 - 2017-06-13 16:17 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-09-13 11:08 - 2017-06-13 16:16 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-09-13 11:08 - 2017-06-12 02:14 - 000276320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-09-13 11:08 - 2017-06-08 03:48 - 002457936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-09-13 11:07 - 2017-08-19 19:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 11:07 - 2017-08-19 18:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 11:07 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 11:07 - 2017-08-15 16:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-13 11:07 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 11:07 - 2017-08-13 19:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 11:07 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 11:07 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 11:07 - 2017-08-13 18:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-13 11:07 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 11:07 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 11:07 - 2017-08-13 18:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 11:07 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 11:07 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 11:07 - 2017-08-13 17:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-13 11:07 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 11:07 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 11:07 - 2017-08-13 17:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 11:07 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 11:07 - 2017-08-12 02:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-13 11:07 - 2017-08-11 22:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-13 11:07 - 2017-08-11 22:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-13 11:07 - 2017-08-11 22:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-13 11:07 - 2017-08-11 05:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 11:07 - 2017-08-11 05:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 11:07 - 2017-08-11 05:27 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-09-13 11:07 - 2017-08-11 04:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-13 11:07 - 2017-08-11 04:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-13 11:07 - 2017-08-11 04:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-13 11:07 - 2017-08-11 04:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-13 11:07 - 2017-08-11 03:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-13 11:07 - 2017-08-11 03:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 11:07 - 2017-08-11 03:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 11:07 - 2017-08-11 03:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 11:07 - 2017-08-02 05:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-09-13 11:07 - 2017-07-22 20:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-09-13 11:07 - 2017-07-22 19:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-09-13 11:07 - 2017-07-17 21:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-13 11:07 - 2017-07-17 01:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 11:07 - 2017-07-14 01:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-13 11:07 - 2017-07-12 22:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2017-09-13 11:07 - 2017-07-12 22:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 11:07 - 2017-07-12 22:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2017-09-13 11:07 - 2017-07-12 22:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 11:07 - 2017-07-08 22:14 - 000376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-09-13 11:07 - 2017-07-08 21:10 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2017-09-13 11:07 - 2017-07-08 21:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 11:07 - 2017-07-08 20:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 11:07 - 2017-07-08 20:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 11:07 - 2017-07-08 19:29 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\vid.dll
2017-09-13 11:07 - 2017-07-08 19:05 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-09-13 11:07 - 2017-07-08 18:23 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-09-13 11:07 - 2017-07-08 05:46 - 000377688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-09-13 11:07 - 2017-07-08 05:16 - 001674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 11:07 - 2017-07-08 05:16 - 001534072 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-09-13 11:07 - 2017-07-08 05:16 - 001499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 11:07 - 2017-07-08 05:16 - 001370328 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-09-13 11:07 - 2017-07-08 05:14 - 000100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-09-13 11:07 - 2017-07-01 15:47 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-09-13 11:07 - 2017-07-01 15:47 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-09-13 11:07 - 2017-06-24 18:46 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2017-09-13 11:07 - 2017-06-24 18:16 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2017-09-13 11:07 - 2017-06-15 16:17 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-09-13 11:07 - 2017-06-15 16:16 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-09-13 11:07 - 2017-06-15 16:14 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-09-13 11:07 - 2017-06-15 16:14 - 000580608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-09-13 11:07 - 2017-06-13 19:19 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-09-13 11:07 - 2017-06-13 19:16 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2017-09-13 11:07 - 2017-06-13 19:11 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-09-13 11:07 - 2017-06-13 19:07 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-09-13 11:07 - 2017-06-13 11:47 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-09-13 11:07 - 2017-06-13 10:16 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-09-13 11:07 - 2017-06-13 10:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2017-09-13 11:07 - 2017-06-13 10:07 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2017-09-13 11:07 - 2017-06-13 10:03 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-09-13 11:07 - 2017-06-13 09:54 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-09-13 11:07 - 2017-06-13 09:50 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-09-13 11:07 - 2017-06-11 22:13 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-09-13 11:07 - 2017-06-11 22:11 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-09-13 11:07 - 2017-06-11 22:02 - 002778112 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-09-13 11:07 - 2017-06-11 22:02 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-09-13 11:07 - 2017-06-11 21:52 - 002463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-09-13 11:07 - 2017-06-09 15:47 - 000448629 _____ C:\Windows\system32\ApnDatabase.xml
2017-09-13 11:07 - 2017-06-07 06:25 - 000428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-09-13 11:07 - 2017-05-27 18:42 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-09-13 11:07 - 2017-05-27 18:38 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-09-12 11:31 - 2017-09-12 13:53 - 000000000 ____D C:\Users\Family\Documents\Stronghold
2017-09-12 11:29 - 2017-09-12 11:29 - 000001248 _____ C:\Users\Public\Desktop\Stronghold HD.lnk
2017-09-12 11:29 - 2017-09-12 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
2017-09-12 11:26 - 2017-09-12 11:26 - 000000000 ____D C:\Program Files (x86)\Firefly Studios
2017-09-12 10:21 - 2017-09-15 11:04 - 1997252524 ____R C:\Users\Family\Downloads\Wonder.Woman.2017.iTALiAN.BDRip.XviD-CYBER.avi
2017-09-12 10:21 - 2017-09-12 10:22 - 000000000 ____D C:\Users\Family\Downloads\Wonder Woman (2017).720p.H264.ita.eng.sub.ita.NUita.Eng.iCV-MIRCrew
2017-09-10 20:01 - 2017-09-10 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-09-10 20:00 - 2017-09-10 20:01 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-09-10 17:57 - 2017-09-12 11:08 - 000000000 ____D C:\Users\Family\Downloads\Stronghold.HD.MULTi8-PROPHET
2017-09-10 17:32 - 2017-09-10 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-09 13:26 - 2017-09-24 18:41 - 000000000 ____D C:\Users\Family\Downloads\Telegram Desktop
2017-09-09 13:19 - 2017-09-10 17:56 - 000000000 ____D C:\Users\Family\Downloads\Stronghold HD [English][PC][TiNYiSO][WwW.GamesTorrents.CoM]
2017-09-09 12:25 - 2017-09-09 12:30 - 000000000 ____D C:\Users\Family\Downloads\4x06-10
2017-09-09 10:29 - 2017-09-09 13:36 - 000000000 ____D C:\Users\Family\Downloads\Codice Unlocked Londra sotto attacco (2017).Ita.Eng.sub.ita.eng-iCV-MIRCrew
2017-09-04 17:19 - 2017-09-04 17:19 - 000002241 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\FantaBook.lnk
2017-09-04 17:19 - 2017-09-04 17:19 - 000002217 _____ C:\Users\Family\Desktop\FantaBook.lnk
2017-09-04 17:18 - 2017-09-04 17:18 - 000001213 _____ C:\Users\Family\Desktop\Facebook Gameroom.lnk
2017-09-04 17:18 - 2017-09-04 17:18 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-09-04 17:18 - 2017-09-04 17:18 - 000000000 ____D C:\Users\Family\AppData\Local\Facebook
2017-09-02 11:27 - 2017-09-27 12:42 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 11:27 - 2017-09-09 11:07 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-02 11:27 - 2017-09-07 11:52 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-02 11:27 - 2017-09-02 12:25 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-02 11:27 - 2017-09-02 12:25 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-02 11:27 - 2017-09-02 11:27 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-02 11:27 - 2017-09-02 11:27 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 12:56 - 2015-05-02 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-27 12:44 - 2015-06-02 15:37 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-09-27 12:41 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-27 11:06 - 2017-01-14 11:30 - 000000000 ____D C:\Users\Family\AppData\Roaming\Telegram Desktop
2017-09-27 10:52 - 2016-12-16 11:44 - 000000000 ____D C:\Users\Family\.BigNox
2017-09-27 10:52 - 2016-07-20 23:38 - 000000000 ____D C:\Users\Family\vmlogs
2017-09-27 10:52 - 2016-07-20 21:41 - 000000000 ____D C:\Users\Family\AppData\Local\Nox
2017-09-27 10:52 - 2016-03-13 21:16 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2017-09-27 10:52 - 2015-05-13 11:23 - 000000000 ____D C:\Users\Family\.android
2017-09-27 10:46 - 2017-02-12 13:42 - 000000000 ___RD C:\Users\Family\Documents\MEGA
2017-09-27 10:27 - 2015-05-10 12:19 - 002395648 ___SH C:\Users\Family\Desktop\Thumbs.db
2017-09-27 10:16 - 2015-05-02 10:54 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D549027-8071-415A-B6CA-4004F85E0170}
2017-09-26 20:46 - 2015-05-02 10:49 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-765619463-2455679133-4176694875-1001
2017-09-26 14:33 - 2014-11-21 04:26 - 000803220 _____ C:\Windows\system32\perfh010.dat
2017-09-26 14:33 - 2014-11-21 04:26 - 000156820 _____ C:\Windows\system32\perfc010.dat
2017-09-26 14:29 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2017-09-26 14:27 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-26 14:01 - 2017-02-15 14:08 - 000000000 ____D C:\Users\Family\AppData\Roaming\Kodi
2017-09-26 13:59 - 2013-08-22 16:44 - 000488016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-26 13:56 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-26 13:54 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-26 13:47 - 2015-06-02 17:03 - 000000000 ____D C:\Windows\system32\MRT
2017-09-26 13:45 - 2015-06-02 17:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-26 09:52 - 2015-05-02 11:11 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 10:40 - 2017-06-12 10:37 - 000003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFamily
2017-09-25 10:40 - 2017-06-12 10:37 - 000000354 _____ C:\Windows\Tasks\HPCeeScheduleForFamily.job
2017-09-24 19:18 - 2017-06-09 11:59 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-22 11:13 - 2015-05-02 10:44 - 000000000 ____D C:\Users\Family\AppData\Local\Packages
2017-09-22 10:05 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-22 10:04 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-20 20:46 - 2015-08-20 17:36 - 000000000 ____D C:\Users\Family\AppData\Roaming\Dashlane
2017-09-20 19:39 - 2016-11-08 13:09 - 000000426 ____H C:\Users\Family\.swfinfo
2017-09-17 11:37 - 2017-05-13 17:51 - 000000000 ____D C:\Users\Family\Desktop\DOC PER PAOLO
2017-09-17 11:36 - 2015-06-09 16:55 - 000000000 ____D C:\Users\Family\Desktop\Songr
2017-09-17 11:13 - 2017-07-23 16:55 - 000000000 ____D C:\Users\Family\Desktop\Foto Famiglia
2017-09-17 10:57 - 2017-04-15 12:16 - 000000000 ____D C:\Users\Family\Desktop\DOCUMENTI
2017-09-16 13:57 - 2015-05-03 10:40 - 000000000 ____D C:\Users\Family\AppData\Roaming\uTorrent
2017-09-16 13:31 - 2015-08-21 10:59 - 000000000 ____D C:\Users\Family\Desktop\Film
2017-09-14 18:45 - 2017-02-13 14:16 - 000000000 ____D C:\Users\Family\AppData\Roaming\Tunngle
2017-09-14 18:09 - 2017-07-18 13:02 - 000000000 ____D C:\ProgramData\Tunngle
2017-09-14 14:22 - 2015-05-02 12:39 - 000000000 ____D C:\Users\Family\AppData\Roaming\.minecraft
2017-09-13 14:27 - 2015-08-20 18:11 - 000001960 _____ C:\Users\Family\Desktop\Dashlane.lnk
2017-09-13 14:27 - 2015-08-20 18:10 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-09-12 11:19 - 2017-08-08 17:37 - 000000000 ____D C:\Users\Family\AppData\Local\ElevatedDiagnostics
2017-09-10 18:48 - 2016-06-18 12:59 - 000256000 ___SH C:\Users\Family\Documents\Thumbs.db
2017-09-10 17:32 - 2017-07-17 18:08 - 000000000 ____D C:\GOG Games
2017-09-10 12:47 - 2017-02-17 14:27 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-09-10 12:47 - 2017-02-17 14:27 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-09-09 18:01 - 2017-06-30 18:25 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2017-09-09 18:01 - 2016-06-23 20:27 - 000003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1466706460
2017-09-09 18:01 - 2016-06-23 20:26 - 000000000 ____D C:\Program Files (x86)\Opera
2017-09-06 13:44 - 2015-05-02 10:44 - 000000000 ____D C:\Users\Family
2017-09-02 18:24 - 2017-07-05 13:42 - 000000000 ____D C:\Users\Family\Desktop\ClickersMulticlicker
2017-09-02 12:13 - 2016-04-20 11:31 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-09-02 11:24 - 2017-02-17 18:48 - 000000000 ____D C:\Users\Family\Heaven
2017-09-02 01:54 - 2015-07-07 14:20 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-02 01:54 - 2015-07-07 14:20 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-29 11:10 - 2015-05-02 16:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-02-17 18:48 - 2017-02-18 12:03 - 001307648 _____ () C:\Users\Family\AppData\Local\file__0.localstorage
2017-09-27 10:52 - 2017-09-27 10:52 - 000000831 _____ () C:\Users\Family\AppData\Local\Nox_crash.log
2015-11-05 18:17 - 2017-01-03 18:26 - 000007598 _____ () C:\Users\Family\AppData\Local\Resmon.ResmonCfg
2016-01-30 17:17 - 2016-01-30 17:17 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-09-22 16:59 - 2014-11-21 05:49 - 001040384 _____ (Microsoft Corporation) C:\Users\Family\AppData\Local\Temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-26 10:49

==================== End of FRST.txt ============================

ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017
Ran by Family (27-09-2017 13:05:47)
Running from C:\Users\Family\Desktop
Windows 8.1 Pro (Update) (X64) (2015-05-02 08:44:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765619463-2455679133-4176694875-500 - Administrator - Disabled)
Family (S-1-5-21-765619463-2455679133-4176694875-1001 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-765619463-2455679133-4176694875-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-765619463-2455679133-4176694875-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
3DMark (HKLM\...\{F611E93B-8EC1-4662-BDFF-6909DB820862}) (Version: 2.2.3509.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{4bf26510-8c4e-447c-b819-2967aeca2839}) (Version: 2.2.3509.0 - Futuremark)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Championify versione 1.2.7 (HKLM-x32\...\{1AE5DA33-DB00-453C-9190-FB14C0BBDBE7}_is1) (Version: 1.2.7 - Dustin Blackman)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberGhost version 6.0.2.1985 (HKLM-x32\...\CyberGhost_is1) (Version: 6.0.2.1985 - CyberGhost Windows Client)
Dashlane (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Dashlane) (Version: 4.8.3.33472 - Dashlane, Inc.)
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Deskjet 3050A J611 series ? (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Software di base dispositivo (HKLM\...\{A9CD1B52-1548-4A2B-88E9-5BEFEFE74665}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Studio per il miglioramento dei prodotti HP (HKLM\...\{20A6F401-C36E-46CE-8EC5-FAD601F622E0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{1DAF8EEB-5935-437D-ABC1-80897D352FA7}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HWiNFO64 Version 5.44 (HKLM\...\HWiNFO64_is1) (Version: 5.44 - Martin Malík - REALiX)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Kodi (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Kodi) (Version: - XBMC-Foundation)
League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
Malwarebytes versione 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
MEmu (HKLM-x32\...\MEmu) (Version: 2.9.1.1 - Microvirt)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.6.1 - Duodian Technology Co. Ltd.)
NVIDIA Driver 3D Vision 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Driver grafico 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 47.0.2631.80 (HKLM-x32\...\Opera 47.0.2631.80) (Version: 47.0.2631.80 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pannello di controllo NVIDIA 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 384.94 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Songr (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Songr) (Version: 2.1 - Xamasoft)
SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com)
Spotify (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
Stronghold HD (HKLM-x32\...\Stronghold HD_is1) (Version: - )
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version: - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3213574) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8C2A4D8F-3020-403E-94D4-E8EC03F9E723}) (Version: - Microsoft)
VIA Manager Piattaforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
小米助手 (HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MiPhoneManager) (Version: - 小米移动软件有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-765619463-2455679133-4176694875-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-03-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-03-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-03-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06A11862-9C1E-4EE7-8A01-2FA55D0012F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.)
Task: {0DAA5557-0F6B-45D9-B413-8124D542EA8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {16F9C27A-D78F-4233-9B5B-6E43AB1CD78F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1AD3E82E-6529-4C9C-8D58-8C94F6BC4D35} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {20A2D439-92BC-4AFD-9F4B-690CE3B51CE7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {2585DC24-F604-4718-BF53-45EB8B259F91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {2CAD8658-B244-41EF-8B1A-6B135B32F187} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {2D01D8C7-8C51-45D8-B3C9-CA26A1132D8B} - System32\Tasks\HPCeeScheduleForFamily => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {2FE317A4-01F1-4E4F-8039-3DDD613CA3AB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.)
Task: {30916A8B-328B-4B40-B742-EE92B4E88E01} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {3C9BD689-837C-4B4F-8F77-FDEB044B8715} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {40B62F76-D341-46AB-8FB1-AE289CDB0342} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {44EDE845-8969-4722-A52B-0A583DCC8D65} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {4A245252-C77B-46AF-A5B0-79CD6E34FA00} - System32\Tasks\Opera scheduled Autoupdate 1466706460 => C:\Program Files (x86)\Opera\launcher.exe [2017-09-06] (Opera Software)
Task: {4A9E3B89-0743-4BF4-84E0-8A1035844C80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {4CDC2FC1-15D6-462D-95DF-E80DFCEB1BDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {54C519EE-67DD-4A04-9183-A6370F377E51} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {5902FF1E-ABB9-44C6-9CB4-62AF149C172C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {68EF2CA4-3A4B-4E31-81FA-F8144564DB37} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {70FB6E0F-B3A3-4611-9E5C-88061F4FB14C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {7215C26E-DC37-46D0-B0DC-A337A791BDE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {7C96C114-3F45-4DEB-95A9-04AA210133D7} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {85F5334D-B7AD-4A3F-8B94-8375EB8C6C81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
Task: {8938A08E-093D-45F3-969E-3DD22D919C94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-02] ()
Task: {8DE49A4D-163F-4A96-BF9E-BFF7DBEF72AF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8EAF128A-772A-426C-8551-89D332F785CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
Task: {A5882EA7-EFC3-4A93-87D0-F1C1585DFCE5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B4381149-09F8-4DEC-9BD3-572D4F7F972D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {D06659A6-BA65-4DDD-BE2B-80642196B2AF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {D2EB7302-743B-4BE7-A2E4-3003CCB15C58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {D67651BE-1427-4FBC-B48C-CE5630BA917A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {E67AA67A-1CED-4930-B778-9BAC6EF593A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForFamily.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk -> C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt () <==== Cyrillic
Shortcut: C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File)

ShortcutWithArgument: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2016-11-25 08:16 - 2016-11-25 08:16 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-10-31 21:45 - 2017-06-23 10:41 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-06-18 23:44 - 2017-06-18 23:44 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-02-15 18:10 - 2017-06-21 09:07 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-26 09:52 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 09:52 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-02-15 18:10 - 2017-06-21 09:07 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\amazon.it -> hxxps://amazon.it

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-06-11 17:34 - 000000822 ____R C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "MK LOL"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "MiPhoneManager"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FB7B0037-E65C-4441-B2CB-5277EC1A2224}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD91BEB2-BE11-475A-A4F7-06F49FCD51C9}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31E2FE81-BC16-4F38-B416-73E3AA7A7E72}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AFE6FFE3-E6BC-48F1-91E6-862AF9D8AA17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{61983152-C112-48A8-BC64-78CC9835E628}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{081F375C-2F63-4003-AF44-1E988274A7A1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{204D6D94-C34F-40AD-9A4F-49DE379606AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7D5212B0-8BD9-429E-AFD4-EB391A09E5C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{18522D4F-5AB1-493B-9412-F25102B1FB81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5C799020-B063-48C4-ACD7-3B8350E76023}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4F1B0EB0-6B36-48C1-8E0C-9FE541846099}C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{B817C0B5-CECF-450D-9249-9CEF96F21E08}C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{4D782D10-C717-4E7A-8223-B6E0160134A4}] => (Block) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{2AA8443B-62EF-44FA-8DEF-279B938399F4}] => (Block) C:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [TCP Query User{804C5800-6594-4F61-B94D-9FC9CA79374B}C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe] => (Allow) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe
FirewallRules: [UDP Query User{9D8EC560-4756-4E4E-8823-EF1D841F73DE}C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe] => (Allow) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe
FirewallRules: [{D12C6AAA-1730-4C01-8986-9F609B5098F6}] => (Block) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe
FirewallRules: [{69B3839C-05F4-4E84-86B5-D4D99024FA27}] => (Block) C:\users\family\downloads\call.of.duty.black.ops.iii.hotfix-reloaded.www.gamestorrents.com\blackops3.exe
FirewallRules: [{CDFA3205-B86D-485D-AD5C-FFD7660F57EC}] => (Allow) LPort=80
FirewallRules: [{731DAE6E-FA18-44DB-82CE-32555ED28BDF}] => (Allow) LPort=443
FirewallRules: [{980334CF-942F-4CE7-9CDF-4E29A33BE9FA}] => (Allow) LPort=20010
FirewallRules: [{0DBF7E89-A835-440E-882D-B0EC32420630}] => (Allow) LPort=3478
FirewallRules: [{313D14B8-E4DE-49E5-834A-83CCF25EE213}] => (Allow) LPort=7850
FirewallRules: [{CD034DE1-FE5E-4F64-B176-FF28584741BE}] => (Allow) LPort=7852
FirewallRules: [{B4B2A9E6-C3C2-41EC-AC16-5857A0C970FB}] => (Allow) LPort=7853
FirewallRules: [{9EC66787-6C17-4C3E-96A6-2629097D620A}] => (Allow) LPort=27022
FirewallRules: [{FEB7C062-9821-44CD-8704-D116568FF149}] => (Allow) LPort=6881
FirewallRules: [{C15DEFB2-1F21-4C87-9DE9-2E50FB858203}] => (Allow) LPort=33333
FirewallRules: [{C3AE48C9-A854-4FFA-B192-BF009B60B5AE}] => (Allow) LPort=20443
FirewallRules: [{6F000C14-F494-401C-A27F-D9536F10A9E2}] => (Allow) LPort=8090
FirewallRules: [{97C1CA4B-F030-40E4-8589-D919098741FB}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{ABA6107A-C085-4D88-9AC2-64382DDEB3ED}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{ED7BC393-726E-49A7-95E2-D6CAB04E5A4C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7ED9B658-A517-40AD-B219-C325082B66D8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{283742EE-6FC6-4AA4-B54B-71AEBD4CE772}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{966B5A11-EC60-480D-A41D-C8544E4F2C9A}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{1E1D0541-529D-4DE9-BA89-910EB745ED8E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{C591F641-30C4-4972-8717-A64238CF2A15}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{9F4DBDEE-1283-438A-8E1B-B97E9B4E26FE}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{98E81A8F-998F-4618-95D5-B514444E1727}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F52F4886-7348-4E75-9AC9-FE505F09CC11}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{81010EEF-6D22-490D-93A1-D97BE06643F5}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{1026EB6F-40C4-4828-9FF5-4C0B1A6627F0}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{165D1ADD-AF1B-4062-89A2-074F55281C43}] => (Allow) C:\Users\Family\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{DC888424-8C3F-4A9A-A156-11DB4EC2550E}] => (Allow) C:\Users\Family\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{87A659C7-CD6D-4DC6-8AE2-C9A2E98097AE}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E5A3BAF2-EC96-44A0-8FD1-FB730AB4F24F}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{4B3857B9-13A8-4297-85F5-8E699D3D859D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D01A12C6-A6CA-4CED-B412-84576059322F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{262275F4-B8EE-4583-9B63-7B97419F0A12}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9D133308-895A-4F15-82AB-53F9249FF368}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{416AE572-9737-452A-B00C-41DCD8F505AF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9862B4A5-E0B1-4C8C-8B65-0F54548FA421}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E9C38E9C-5081-4A46-ACC5-809C1532E2DE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0A3732D8-4110-4358-9AAC-772E3755DF9F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{3C4E6533-6BA8-4715-9DF6-65D4A23D18FA}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{92935EA0-C120-4FCF-8B86-887D25679B76}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{47AD7919-B072-47AA-A06E-043B24BAB035}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{6E8317BC-0D7A-44B2-86E1-4274E88A62DE}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{A18A3843-06A3-4979-B8F1-9CD1C424E8D2}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{E6F42C16-0AD0-4956-A726-62F1AA62008C}C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe] => (Allow) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe
FirewallRules: [{5AEC63AD-4128-4119-92F1-A66BD3A6DDCD}] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe
FirewallRules: [{E0E440E9-1938-46E8-8227-65D6BCCCC16D}] => (Block) C:\program files (x86)\stronghold crusader 2\bin\win32_release\crusader2.exe
FirewallRules: [TCP Query User{F117029A-B8B0-4F78-8A38-4911A6BFB5C8}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{C0887D99-AFD1-4EC2-B82E-6E6800921419}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{89C0E421-411A-4084-BF09-90DA6C5989DF}] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{DC5350B6-C2C2-4ABB-9C77-F10C2365CF0F}] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{E5B22BB9-F6DF-4311-A7E9-58A39107CB1E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{21406FD4-6280-4867-8CF3-8DC62226F9E0}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{D911F201-1737-4DDC-A479-18ED67B55CAC}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{257423DE-738A-4ECC-A723-CF0A7AB0C8AB}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{C63FA5CF-05DE-4A89-B4BB-EA4798AC9258}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B0E6C28D-6FEB-41DC-A9E5-B151F95BB0A3}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{2F671A0A-0782-4FA9-A24C-4DE239D4EA13}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{ECAC49FD-BABD-49DE-A66E-7D2BCE67B09E}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{603EC5F7-1877-4B55-95E4-44AE20AACEE9}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{F46D1371-718B-4572-85AF-ABCB6FB0CD82}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{ADF420BD-1998-4FE2-8969-35AD129DA3E2}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\ITA_ita\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{B25D0B0D-BCDA-4523-B5FF-6E22AD20EFC3}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\ITA_ita\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [TCP Query User{DF1B07EB-BDAF-4F98-B702-8592ACD602D5}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{E8FDA2F2-7733-4E02-9407-06FE7077DBF6}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{2AAB2C83-2EE5-4CC9-AAB2-48B2A518CF25}] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{7FC69171-F2F5-4995-9573-BFC6232791B5}] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{E4F8BFE6-19EB-4583-827A-10E30783F6C1}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{BB7AFC0C-6226-4060-9468-A769DA3489EA}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{350E3E4E-BF57-4900-829F-33ACC3504E50}] => (Block) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{EB663D56-365C-4B18-BAF5-126B028BE374}] => (Block) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [TCP Query User{21536A45-19C3-4F4D-B8A6-5F08A06FFB1B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{3A5185A4-8FCD-4E09-8432-5F93D2809F1F}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{EF244DCB-13CD-4D0B-9907-E0375EBADE94}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{85EB4EBD-2D73-4E93-8951-8740A3633194}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{9C446134-C9FB-4C16-82C2-211A3AD7A6DD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{4AB5EC88-9488-4D42-BEC7-C781882955C2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{F477CBDD-A81D-4556-A8C9-F89BC69EAA88}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{43678EC5-3436-4362-94E3-57F71134AC6B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8E2464B1-AEAD-41BD-A301-5224D7876690}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9DAB3C0E-DCBA-4B08-B6DB-A0BB8FAB7E21}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [{C313559A-7419-4799-966D-884B7C89B48E}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [{6FB50232-1445-4C7F-81A5-D46D066EF502}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [{E1F83E18-D32F-4EBC-ADD3-DB47810CAEF7}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{643180EC-0A7E-484E-868C-296F0335CF19}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [TCP Query User{F150A2E7-2C91-4D6F-A632-55AA379DF3F7}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [UDP Query User{21DE7B20-66A5-4E0E-9894-B5E4AC59AFC6}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [{51813490-2508-4EEF-BE0F-C3F1E49AED0A}] => (Block) C:\warthunder\aces.exe
FirewallRules: [{8C495DB5-EA91-4631-809F-53C437BA4B51}] => (Block) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{23AC2331-20B8-41DA-9D86-49F088D39D05}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8E31D7C0-5472-4918-BECB-A18041E00E4E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{BB7332DD-2640-4DF3-82B7-BC89148B03C2}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{8F2612A0-1BDF-4203-97C9-8561619CC482}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{B87A4A47-555B-4881-B7CD-0ACA30740251}] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{541EB8CA-85A0-48D0-9D90-4890C729D6EE}] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{B2D04C80-A02A-41EC-A31A-95E53BC2E50E}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{69557955-8BB1-4D92-B6E7-E39DFE6FB2F0}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{CC73424D-48CD-4D4C-A0A6-14A7085A5D0F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{4B155C57-81F2-4F0E-9121-C7DF0C65209F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{E191B3DE-B258-4EC1-AFF3-801DA29C0C98}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{4161CEBE-40F6-4BCB-9C3D-9800816AE95E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{F57C2C15-0055-4EB2-A9CF-815C0ECCFDDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{FA6B9906-D973-4C72-B635-1323AD910D5B}C:\games\tom clancys rainbow six siege\rainbowsixgame.exe] => (Block) C:\games\tom clancys rainbow six siege\rainbowsixgame.exe
FirewallRules: [UDP Query User{44124ED1-3149-4CE5-B3AA-27C78F9E8931}C:\games\tom clancys rainbow six siege\rainbowsixgame.exe] => (Block) C:\games\tom clancys rainbow six siege\rainbowsixgame.exe
FirewallRules: [TCP Query User{FDD63012-604D-4165-A502-25C2B4B540FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{BCCAF2E7-6C4E-47F0-A3F3-48A2888DF4A6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{516AC1B1-2114-455C-BA11-8BBF9D09F44F}C:\games\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\games\tom clancys rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{B19E8447-45E2-4813-8C61-1FF26951BC3F}C:\games\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\games\tom clancys rainbow six siege\rainbowsix.exe
FirewallRules: [{CB1B9894-A41E-4377-B7DF-4AE6CB57AEC4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F6A10FA-509B-4570-BC67-8363054E1D95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6AD2320E-DB45-4C60-A78E-0D85C50F1397}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FCB541CD-707E-4E52-8306-A612771D673E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4DBF2B10-3CD3-4E21-947D-5C3EA6D9FEBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F972239D-CBF9-4F39-85A6-E1270660970A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{1D4D4308-A152-4742-95BF-552D8C257633}C:\programdata\oracle\java\javapath_target_670570828\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_670570828\java.exe
FirewallRules: [UDP Query User{B861E5FD-3870-4096-AF7D-92CB7E185194}C:\programdata\oracle\java\javapath_target_670570828\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_670570828\java.exe
FirewallRules: [{0281B987-C171-43DA-BAFD-6C4A0AB4BC88}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D5877936-D71A-4CCE-A30E-B023ADEBD463}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{924F33A9-D010-43BC-97C2-41C765748323}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{78F9CD25-DDCF-414B-BF3C-5658A7CD6A39}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{9DFBAF6D-FFE4-4935-BD03-E80B95D1B462}C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [UDP Query User{1D051D65-B72D-4251-B0BA-47ECFE300D87}C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) C:\gog games\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [TCP Query User{EDC53283-5FC9-4CD9-9151-56F6B81F07D5}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{4208840A-E40A-4A00-AD4F-CC2EB9C45509}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{5C2487D1-3A8B-4E9E-8F57-15FC3C17AA16}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{228DC351-9910-49DA-889D-8578E6D53690}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1FCCBA26-CED4-4AE7-909A-DB3F680EEFDF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{F033629F-5B9B-4A79-AEE4-93DA39A8CAFC}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{8E9BBA83-1704-49AA-9171-3CECC656A273}C:\programdata\oracle\java\javapath_target_100913625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_100913625\java.exe
FirewallRules: [UDP Query User{B99ADD53-1689-4293-A74E-3A3F95485FC0}C:\programdata\oracle\java\javapath_target_100913625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_100913625\java.exe
FirewallRules: [TCP Query User{ACB98BDF-1976-4596-A4F8-0EF4B06D89FF}C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [UDP Query User{8D13966B-C0A2-4165-BCDA-827665828F45}C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\family\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [{668D9F87-3692-44DE-B2CB-9E2DAFF1CBA3}] => (Allow) C:\Users\Family\AppData\Local\MiPhoneManager\main\MiPhoneManager.exe
FirewallRules: [{ECCDF29C-0646-47A0-A325-63E088282D76}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
FirewallRules: [{538B45A7-7A19-4D97-9C36-F166D01D4780}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe
FirewallRules: [TCP Query User{F8C5DD73-EDF3-4661-B635-571E1A62DBA6}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{409F4685-67F3-4343-8E79-5815E582B1B3}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D462427F-6FB8-49B9-9F69-4D35E7084195}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9E926A74-2F12-4140-BAE6-0755A244A93F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6443DEB5-25AE-4ACC-8390-846ACBB16A71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-09-2017 14:06:18 Punto di controllo pianificato
26-09-2017 13:41:15 Windows Update
26-09-2017 14:21:58 Programma di installazione dei moduli di Windows
27-09-2017 12:50:09 JRT Pre-Junkware Removal
27-09-2017 12:56:07 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2017 12:56:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Accesso negato.
.

Error: (09/27/2017 12:50:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Accesso negato.
.

Error: (09/27/2017 10:52:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Nox.exe, versione: 3.7.6.1, timestamp: 0x02b29be8
Nome del modulo che ha generato l'errore: Nox.exe, versione: 3.7.6.1, timestamp: 0x02b29be8
Codice eccezione: 0xc0000005
Offset errore 0x0019a517
ID processo che ha generato l'errore: 0x1b7c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3376df5641485
Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Nox\bin\Nox.exe
Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Nox\bin\Nox.exe
ID segnalazione: 39e6d83e-a361-11e7-8341-60a44c3d1aa4
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/26/2017 05:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma WinRAR.exe versione 5.21.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1ce8

Ora di avvio: 01d336d9d5ff80bb

Ora di chiusura: 0

Percorso applicazione: C:\Program Files\WinRAR\WinRAR.exe

ID segnalazione: 88ed7bbb-a2d2-11e7-8340-60a44c3d1aa4

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/26/2017 02:18:39 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Famiglia)
Description: Impossibile arrestare l'applicazione o il servizio 'Tracking'.

Error: (09/26/2017 02:18:39 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Famiglia)
Description: Impossibile arrestare l'applicazione o il servizio 'Tracking'.

Error: (09/26/2017 01:41:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Accesso negato.
.

Error: (09/24/2017 06:07:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma kodi.exe versione 17.4.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 2714

Ora di avvio: 01d3354e60399a4e

Ora di chiusura: 58

Percorso applicazione: C:\Program Files (x86)\Kodi\kodi.exe

ID segnalazione: 746dd2e1-a142-11e7-833d-60a44c3d1aa4

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/24/2017 01:42:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: kodi.exe, versione: 17.4.0.0, timestamp: 0x599be633
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.3.9600.18696, timestamp: 0x5915ecd6
Codice eccezione: 0xc0000005
Offset errore 0x00040e92
ID processo che ha generato l'errore: 0x1838
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d335229dde647d
Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Kodi\kodi.exe
Percorso del modulo che ha generato l'errore: C:\Windows\SYSTEM32\ntdll.dll
ID segnalazione: 6eaed449-a11d-11e7-833d-60a44c3d1aa4
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (09/23/2017 10:53:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: La procedura Open per il servizio "WmiApRpl" nella DLL "C:\Windows\system32\wbem\wmiaprpl.dll" non è riuscita. I dati delle prestazioni per questo servizio non saranno disponibili. I primi quattro byte (DWORD) della sezione Data contengono il codice di errore.


System errors:
=============
Error: (09/27/2017 12:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:51:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:51:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA Display Container LS è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Sandboxie Service. Questo evento si è già verificato 1 volta(e).

Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio HuaweiHiSuiteService64.exe. Questo evento si è già verificato 1 volta(e).

Error: (09/27/2017 12:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:37:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA Telemetry Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio.

Error: (09/27/2017 12:37:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio CyberGhost 6 Service. Questo evento si è già verificato 1 volta(e).


CodeIntegrity:
===================================
Date: 2017-09-26 13:29:03.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 13:28:56.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 13:28:29.106
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 13:28:20.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:44.894
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:38.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:33.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:31.219
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:30.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 11:54:28.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 26%
Total physical RAM: 8142.36 MB
Available physical RAM: 6012.02 MB
Total Virtual: 9422.36 MB
Available Virtual: 7799.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:814.23 GB) (Free:421.77 GB) NTFS
Drive d: (Dati) (Fixed) (Total:117.19 GB) (Free:13.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E9297D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=814.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Spero di non aver sbagliato nulla, ti ringrazio ancora
Ultima modifica di MicheleFG : 27-09-2017 alle 12:33.
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 27-09-2017, 16:37   #4
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
Ciao
allora ..

usi per caso un proxy per collegarti a internet???:
ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled.

posiziona frst sul desktop assieme al file allegato fixlist.txt
tasto dx sopra frst--->esegui come amministratore
clicca su fix
attendi la fine delle operazioni e che il pc si riavvii (se non lo fa fallo te)
posta il fixlog

resetta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser
dovrai reinpostare anche la pagina iniziale

fai pulizia con ccleaner sia sistema che registro..

fa sapere come va il pc ....

Ciao
Allegati
File Type: txt fixlist.txt (4.8 KB, 11 visite)
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 09:37   #5
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Che io sappia non sto usando proxy
Nei giorni scorsi ho usato dei programmi per i quali ho dovuto usare dei proxy, ma la cosa è finita lì. Poi, sempre nei giorni scorsi, ho usato anche Cyberghost VPN, però disconnettendomi sempre, quindi mi sembra strana la cosa.
In ogni caso ho fatto tutto quello che mi hai detto, e a dirti la verità sembra non mi dia più il problema che avevo descritto all'inizio.
Ti posto il log del fix:
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Family (28-09-2017 10:01:06) Run:1
Running from C:\Users\Family\Desktop
Loaded Profiles: Family (Available Profiles: Family)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516aa9-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {10516d00-f37c-11e6-8322-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1a9ed080-03fd-11e7-8325-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {46e8ebd3-faab-11e6-8324-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {4d386012-4f48-11e6-82d3-001583c4341c} - "J:\autorun.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b51a-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5635b555-ba11-11e6-830e-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297c78-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {5b297d18-6aa8-11e6-82db-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {749f6e3f-7c16-11e7-8338-60a44c3d1aa4} - "K:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\...\MountPoints2: {8d86910c-b87a-11e6-830d-60a44c3d1aa4} - "J:\HiSuiteDownLoader.exe"


HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> {7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Toolbar: HKU\S-1-5-21-765619463-2455679133-4176694875-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ask: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {3C9BD689-837C-4B4F-8F77-FDEB044B8715} - \AutoPico Daily Restart -> No File <==== ATTENTION
C:\Program Files\Common Files\AV\avast! Antivirus
Shortcut: C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk -> C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt () <==== Cyrillic
Shortcut: C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File)
C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt
ShortcutWithArgument: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list


Folder: C:\Users\Family\AppData\Roaming\ScreenShot
Folder: C:\Users\Family\AppData\Roaming\Jaty


HOSTS:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10516aa9-f37c-11e6-8322-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{10516aa9-f37c-11e6-8322-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10516d00-f37c-11e6-8322-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{10516d00-f37c-11e6-8322-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a9ed080-03fd-11e7-8325-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{1a9ed080-03fd-11e7-8325-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{1c6537a1-7cb7-11e6-82fd-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46e8ebd3-faab-11e6-8324-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{46e8ebd3-faab-11e6-8324-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d386012-4f48-11e6-82d3-001583c4341c} => key removed successfully
HKLM\Software\Classes\CLSID\{4d386012-4f48-11e6-82d3-001583c4341c} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5635b51a-ba11-11e6-830e-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{5635b51a-ba11-11e6-830e-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5635b555-ba11-11e6-830e-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{5635b555-ba11-11e6-830e-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b297c78-6aa8-11e6-82db-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{5b297c78-6aa8-11e6-82db-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b297d18-6aa8-11e6-82db-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{5b297d18-6aa8-11e6-82db-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749f6e3f-7c16-11e7-8338-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{749f6e3f-7c16-11e7-8338-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d86910c-b87a-11e6-830d-60a44c3d1aa4} => key removed successfully
HKLM\Software\Classes\CLSID\{8d86910c-b87a-11e6-830d-60a44c3d1aa4} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} => key removed successfully
HKLM\Software\Classes\CLSID\{7FD2A0B3-2647-4E69-AF55-B5D2F0E43D92} => key not found.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKLM\Software\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found.
CHR Extension: (EditThisCookie) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-18] => Error: No automatic fix found for this entry.
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\xspirit => key removed successfully
xspirit => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
ask: {3C2560DD-720C-4800-BA70-86B9AF145C06} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C9BD689-837C-4B4F-8F77-FDEB044B8715} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C9BD689-837C-4B4F-8F77-FDEB044B8715} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
"C:\Program Files\Common Files\AV\avast! Antivirus" => not found.
C:\Users\Family\Desktop\Payday 2 Hack\mods\Крашлог.lnk => moved successfully
C:\Users\Family\Desktop\Nuova cartella\Heaven Benchmark 4.0.lnk => moved successfully
C:\Users\Family\AppData\Local\PAYDAY 2\crash.txt => moved successfully
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk => Shortcut argument removed successfully.

========================= Folder: C:\Users\Family\AppData\Roaming\ScreenShot ========================

2017-09-26 14:23 - 2017-09-26 14:24 - 000075507 _____ () C:\Users\Family\AppData\Roaming\ScreenShot\screen.jpeg

====== End of Folder: ======


========================= Folder: C:\Users\Family\AppData\Roaming\Jaty ========================


====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Reimpostazione catalogo Winsock completata.
Ô necessario riavviare il computer per completare l'operazione.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reimpostazione di Globale completata.
Reimpostazione di Interfaccia completata.
Reimpostazione di Router adiacente completata.
Reimpostazione di Percorso completata.
Reimpostazione di non riuscita.
Accesso negato.

Reimpostazione di completata.
Riavviare il computer per completare l'azione.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.
Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{F9A92B1C-99A9-4A65-985E-B0910699197D} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46137842 B
Java, Flash, Steam htmlcache => 61220272 B
Windows/system/drivers => -181365510 B
Edge => 0 B
Chrome => 566442362 B
Firefox => 0 B
Opera => 63824128 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 235630 B
systemprofile32 => 128 B
LocalService => 23122 B
NetworkService => -658 B
Family => 414704114 B

RecycleBin => 10455846363 B
EmptyTemp: => 10.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:04:06 ====
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 11:03   #6
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
Ok, quindi togliamo il proxy...
anzitutto se non usi piu Cyberghost VPN disinstallalo da pannello di controllo...
poi fai pulizia con ccleaner sia sistema che registro...

-cancella il fixlist.txt che ti avevo dato e il fixlog.txt (questo per non sbagliaci con i file)
-poi posiziona frst sul desktop assieme al nuovo fixlist.txt in allegato
-tasto dx sopra frst--->esegui come amministratore
-clicca su FIX
-attendi che finisca e che si riavvia il pc (se non si riavvia fallo te)
-posta il nuovo fixlog.txt

Controlla se tutto va bene e che non riscontri problemi...
poi se è tutto ok seguiranno le ultime pulizie dei programmi e log usati per fare scansioni....
Allegati
File Type: txt fixlist.txt (301 Bytes, 8 visite)
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 12:38   #7
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Quote:
Originariamente inviato da Dan1979 Guarda i messaggi
Ok, quindi togliamo il proxy...
anzitutto se non usi piu Cyberghost VPN disinstallalo da pannello di controllo...
poi fai pulizia con ccleaner sia sistema che registro...

-cancella il fixlist.txt che ti avevo dato e il fixlog.txt (questo per non sbagliaci con i file)
-poi posiziona frst sul desktop assieme al nuovo fixlist.txt in allegato
-tasto dx sopra frst--->esegui come amministratore
-clicca su FIX
-attendi che finisca e che si riavvia il pc (se non si riavvia fallo te)
-posta il nuovo fixlog.txt

Controlla se tutto va bene e che non riscontri problemi...
poi se è tutto ok seguiranno le ultime pulizie dei programmi e log usati per fare scansioni....
Cyberghost l'ho lasciato perchè dovrebbe servirmi di nuovo. Per il resto ho fatto tutto, ed ecco il log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Family (28-09-2017 13:14:59) Run:2
Running from C:\Users\Family\Desktop
Loaded Profiles: Family (Available Profiles: Family)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ProxyEnable: [S-1-5-21-765619463-2455679133-4176694875-1001] => Proxy is enabled.

HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EMPTYTEMP:
Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-765619463-2455679133-4176694875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3266018 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -481259143 B
Edge => 0 B
Chrome => 263956848 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2390 B
Family => 77164931 B

RecycleBin => 16744 B
EmptyTemp: => -128463604 byte temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:17:31 ====

Dimenticavo, da quello che vedo i problemi sono stati risolti
Ultima modifica di MicheleFG : 28-09-2017 alle 12:42.
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 12:49   #8
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
Ok se non ci sono piu problemi ,facciamo pulizia dei programmi installati per fare le scansioni....
Scarica sul desktop delfix da qui https://www.bleepingcomputer.com/download/delfix/
Aprilo e metti la spunta:

Activate uac
Remove disinfenction tool
Create registry beckup
Purge system restore

Clicca su run e attendi la fine delle operazioni....
Posta il log generato...
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 16:37   #9
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Quote:
Originariamente inviato da Dan1979 Guarda i messaggi
Ok se non ci sono piu problemi ,facciamo pulizia dei programmi installati per fare le scansioni....
Scarica sul desktop delfix da qui https://www.bleepingcomputer.com/download/delfix/
Aprilo e metti la spunta:

Activate uac
Remove disinfenction tool
Create registry beckup
Purge system restore

Clicca su run e attendi la fine delle operazioni....
Posta il log generato...
Ecco fatto:
# DelFix v1.010 - Logfile created 28/09/2017 at 17:33:07
# Updated 26/04/2015 by Xplode
# Username : Family - FAMIGLIA
# Operating System : Windows 8.1 Pro (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Family\Desktop\FRST-OlderVersion
Deleted : C:\Users\Family\Desktop\AdwCleaner.exe
Deleted : C:\Users\Family\Desktop\AdwCleaner[C0]2.txt
Deleted : C:\Users\Family\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Family\Desktop\Fixlog.txt
Deleted : C:\Users\Family\Desktop\FRST64.exe
Deleted : C:\Users\Family\Desktop\JRT.exe
Deleted : C:\Users\Family\Desktop\JRT.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #191 [Punto di controllo pianificato | 09/21/2017 12:06:18]
Deleted : RP #192 [Windows Update | 09/26/2017 11:41:15]
Deleted : RP #193 [Programma di installazione dei moduli di Windows | 09/26/2017 12:21:58]
Deleted : RP #194 [JRT Pre-Junkware Removal | 09/27/2017 10:50:09]
Deleted : RP #195 [JRT Pre-Junkware Removal | 09/27/2017 10:56:07]
Deleted : RP #197 [Restore Point Created by FRST | 09/28/2017 08:01:07]
Deleted : RP #199 [Restore Point Created by FRST | 09/28/2017 11:15:16]

New restore point created !

########## - EOF - ##########
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 16:52   #10
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
Ok perfetto...
Il pc è ripulito

Se non riscontri problemi abbiamo finito....
Per qualsiasi cosa siamo qui...
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 20:37   #11
MicheleFG
Member
 
Iscritto dal: Jun 2012
Messaggi: 156
Quote:
Originariamente inviato da Dan1979 Guarda i messaggi
Ok perfetto...
Il pc è ripulito

Se non riscontri problemi abbiamo finito....
Per qualsiasi cosa siamo qui...
Vorrei farti una statua ahahah
Grazie mille ancora per la pazienza e il supporto
MicheleFG è offline   Rispondi citando il messaggio o parte di esso
Old 28-09-2017, 20:42   #12
Dan1979
Member
 
Iscritto dal: Jun 2017
Messaggi: 175
De nada ,è stato un piacere....
Ciao buona serata
Dan1979 è offline   Rispondi citando il messaggio o parte di esso
 Rispondi

« Discussione precedente | Discussione successiva »

Appian: non solo low code. La missione è l’ottimizzazione dei processi con l'IA Appian: non solo low code. La missione è ...
Lenovo ThinkVision 3D 27, la steroscopia senza occhialini Lenovo ThinkVision 3D 27, la steroscopia senza o...
La Formula E può correre su un tracciato vero? Reportage da Misano con Jaguar TCS Racing La Formula E può correre su un tracciato ...
Lenovo LEGION e LOQ: due notebook diversi, stessa anima gaming Lenovo LEGION e LOQ: due notebook diversi, stess...
Nothing Ear e Ear (a): gli auricolari per tutti i gusti! La ''doppia'' recensione Nothing Ear e Ear (a): gli auricolari per tutti ...
Il 5 maggio torna la Maratona Fotografic...
Teatro dei Vitellini - Regia di Gian Pao...
Phi-3 Mini, il modello IA di Microsoft c...
D-Wave annuncia la disponibilità ...
AWS aggiorna Amazon Bedrock con nuove fu...
Sonos: in arrivo un restyling completo p...
La Russia ha condannato il direttore del...
Dead Island 2 arriva finalmente su Steam...
Era già il tablet più conv...
Razer Viper V3 Pro: il mouse da gaming w...
Noctua NH-L12Sx77: il dissipatore per bu...
AVM FRITZ!Repeater 1200 AX: il più vendu...
Apple presenterà i nuovi iPad il ...
SAP introduce l'IA nelle sue soluzioni p...
OnePlus lancia in Europa il nuovo Watch ...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 03:55.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Served by www2v