|
|
|
|
Strumenti |
15-06-2017, 14:09 | #1 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Virus o problema hardware?
Ciao a tutti, ho un problema che non saprei bene come definire al mio PC fisso: potrebbe essere un virus o un componente hardware (probabilmente la CPU) in procinto di lasciarmi.
In pratica, da un mesetto in qua, ogni tanto il PC si blocca all'improvviso. Il cursore del mouse non si muove più, la tastiera non funziona più e sullo schermo è come se venisse "stampata" l'immagine al momento del blocco. Se, ad esempio, stavo caricando una pagina web, la rotellina resta ferma immobile, così come tutto il resto. Come in una foto, insomma. E non c'è verso di sbloccarlo se non forzando il riavvio. Per un po' ho cercato di capire se ciò fosse correlato all'apertura di specifici programmi o pagine web, ma niente. Ho fatto una scansione con Malwarebytes ma non ho risolto. Ho notato che quando la circostanza si verificava le ventole andavano a tutta, il che poteva significare uno sforzo eccessivo per la CPU, ma in realtà non è che stessi facendo chissà che. Finché ieri, addirittura, ho acceso il PC, non ho fatto assolutamente nulla, sono uscito un paio d'ore e al mio ritorno l'ho trovato bloccato con le ventole al massimo. E al riavvio si ribloccava quasi subito. Ho scaricato Core Temp e mi dava 80° come massima temperatura della CPU. Allora l'ho aperto e ho provato a pulirlo un po'. Effettivamente la polvere non mancava e la temperatura esterna in questi giorni non aiuta. Purtroppo, da inesperto quale sono, non sono riuscito a liberare le ventiole della CPU e della scheda video per pulirle, in ogni caso l'ho riavviato lasciando il case aperto. Le temperature su Core Temp si erano abbassate drasticamente (anche 30° o meno) e per un po' non ho riscontrato problemi. Solo che all'improvviso, senza un motivo apparente, la temperatura è tornata a salire vertiginosamente fino a sfiorare ancora gli 80°. Stavolta però non si è bloccato e la temperaura poi è nuovamente scesa. Oggi, stesso problema. Appena mi sono assentato 10 minuti, le ventole hanno cominciato a girare all'impazzata e al ritorno l'ho trovato bloccato un'altra volta. Solo che adesso il case è aperto, il che mi induce a pensare che non sia tanto un problema di sporcizia. Anche se non ho ripulito la ventola della CPU, perché dovrebbe surriscaldarsi così tanto quando è a riposo e paradossalmente meno quando invece lo uso? Sospetto che ci sia un processo che parte in automatico creando il problema (magari un virus, appunto, o un processo di sistema che va in conflitto con qualcosa), ma sinceramente non riesco proprio a farmi un'idea precisa. Vi lascio i componenti del PC, nella speranza che qualcuno possa darmi una mano. Grazie in anticipo a chiunque vorrà aiutarmi. Case: Cooler Master N300 Alimentatore: XFX ProSeries 450W Scheda madre: Gigabyte GA-970A-UD3P Processore: AMD FX-8320 Box 3,5 GHz Solid State Drive: Samsung 850 PRO 256GB Hard disk: Western Digital Caviar Blue 1TB Scheda video: Radeon R7 250 1GB RAM: Kingston HyperX FURY 8GB Masterizzatore: Samsung SH-224DB/BEBE Sistema operativo: Windows 10 (aggiornamento da 8.1) |
15-06-2017, 15:02 | #2 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Prova a fare una scansione con malwarebyte antirootkit
scaricalo da qui https://www.bleepingcomputer.com/dow...-anti-rootkit/ •Esegui il file e segui le istruzioni sullo schermo per estrarlo dove preferisci (per default sul desktop) •Malwarebytes Anti-Rootkit si apre; segui le istruzioni nel wizard per aggiornare il programma e consentirgli di effettuare la scansione del tuo computer contro le minacce •Fai clic sul pulsante "Pulisci" per rimuovere tutte le minacce; riavvia il sistema se ti viene chiesto di farlo •Attendi che il sistema si arresti e che venga eseguito il processo di pulizia •Effettua un'altra scansione con Malwarebytes Anti-Rootkit per verificare che tutte le minacce siano state rimosse; in presenza di minacce residue, fai di nuovo clic su "Pulisci" e ripeti il processo •posta il log scarica roguekiller da qui https://www.bleepingcomputer.com/download/roguekiller/ ■ Scaricare e salvare sul desktop RogueKiller ■ Chiudere tutti i programmi che sono avviati. ■ Si prega di scollegare qualsiasi unità esterne USB dal computer prima di eseguire la scansione! ■ Per Vista o versioni piu su, fare clic destro sul file di programma e selezionare "Esegui come amministratore" ■ Accettare gli accordi di utente. ■ Eseguire la scansione e attendere fino al termine. ■ Se Windows apre per spiegare che cosa [PUM di] sono, leggere su di esso. ■ Fare clic sull'icona sul taksbar RoguKiller per tornare al report. ■ Fare clic apre il report ■ Fare clic sul pulsante Esporta TXT ■ Salvare il file del ReportRogue.txt ■ Fare clic sul pulsante Rimuovi per eliminare gli elementi in rosso ■ Fare clic su Fine e chiudere il programma. ■ Individuare il file ReportRogue.txt sul desktop e postarlo ciao Ultima modifica di Dan1979 : 15-06-2017 alle 15:15. |
15-06-2017, 15:33 | #3 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Innanzitutto grazie mille.
Ho eseguito la scansione con anti-rootkit ed è uscito questo messaggio: Congratulations, no cleanup is required! Scan Finished: No malware found! Ma è normale che durante la scansione la temperatura della CPU sia salita fino a 74°? Ora procedo con roguekiller (sperando che non si surriscaldi al punto da bloccarsi durante lo scan...) |
15-06-2017, 15:57 | #4 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Dopo le scansioni apri il task menager
– premere Ctrl+alt+canc e scegliere Avvia Gestione Attività Verificare a che percentuale lavora la cpu sotto la scheda processi verificare che processo assorbe piu percentuale termina i processi non essenziali uno per uno e verifica se scende la percentuale Se non riesci scarica process explorer prova a disabilitare anche windows update |
15-06-2017, 16:24 | #5 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Finita la scansione con Roguekiller. Mi si è aperta una pagina web che spiega la questione dei PUM, per cui non so cosa eliminare e cosa no. Accetto suggerimenti.
Questo intanto è il report: ¤¤¤ Registro : 13 ¤¤¤ [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Trovato [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/se...pvid=21.6.0.32 -> Trovato [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sicomputer.com/apps/start -> Trovato [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sicomputer.com/apps/start -> Trovato [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\KMSELDI.exe|Name=KMS Emulator: KMSELDI.exe| [x] -> Trovato [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E02B047-CCBB-4343-B3A0-7CFDFB42342D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\KMSELDI.exe|Name=KMS Emulator: KMSELDI.exe| [x] -> Trovato [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5BF59883-6C68-464E-A071-F339DC2B25CC} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\AutoPico.exe|Name=KMS Emulator: AutoPico.exe| [x] -> Trovato [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AD155401-D57D-4179-A12A-99AD74B73980} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\AutoPico.exe|Name=KMS Emulator: AutoPico.exe| [x] -> Trovato ¤¤¤ Attività : 0 ¤¤¤ ¤¤¤ Archivi : 14 ¤¤¤ [PUP.Gen0][Archivio] C:\Windows\SECOH-QAD.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Trovato [Tr.Gen0][Archivio] C:\Users\Claudio\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Trovato [PUP.HackTool][Archivio] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Trovato [PUP.HackTool][Archivio] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Trovato [PUP.HackTool][Cartella] C:\Program Files\KMSpico -> Trovato [PUP.Gen1][Cartella] C:\Program Files\Reimage -> Trovato ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Archivio Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤ ¤¤¤ Web Browser : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] c05u035j.default : user_pref("browser.startup.homepage", "http://www.fantacalcio.it/"); -> Trovato ¤¤¤ Controllo MBR : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 PRO 256GB +++++ --- User --- [MBR] dfcdb87f22337a1eac2ddc92b0cb8907 [BSP] 4b95327c6a6b34a418666446adc08ee0 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243396 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499195904 | Size: 449 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 +++++ --- User --- [MBR] 5361cdcc8934a7cb3d3d28906647733a [BSP] 38ef26ef65c192927016f230af201314 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK |
15-06-2017, 16:31 | #6 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Hai per caso win10 craccato??
|
15-06-2017, 16:33 | #7 | |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Quote:
Se può servire, ho notato (e non da ora) che il processo che fa girare le ventole più vorticosamente di solito è firefox. Ma non credo sia quello a creare il problema visto che, come detto, ormai il PC si blocca anche quando non faccio nulla ed è tutto chiuso. |
|
15-06-2017, 16:34 | #8 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
|
15-06-2017, 17:37 | #9 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Ehm... ho ancora aperto Roguekiller, cosa mi consigliate di rimuovere?
|
15-06-2017, 19:53 | #10 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Elimina tutto di roguekiller....e di come va il pc
Si forefox consuma parecchie risorse potrebbe essere normale che partono le ventole Ultima modifica di Dan1979 : 15-06-2017 alle 19:56. |
15-06-2017, 20:06 | #11 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Poi scarica farbar recovery scan tool dal sito della bleepingcomputer
Mettilo sul desktop avvialo e premi su scan Quando ha finito allegami i log frst.txt e addition.txt Li trovi sul desktop ciao |
15-06-2017, 20:08 | #12 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Ti saprò dire. Oggi si è piantato una sola volta pochi minuti dopo l'accensione e poi basta, per cui si tratta di aspettare che il problema torni eventualmente a manifestarsi. Quella che andrebbe assolutamente fatta è una pulizia generale, soprattutto delle ventole, ma non riesco ad aprirle e ho paura di rompere qualcosa.
|
15-06-2017, 20:24 | #13 | |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Quote:
Ran by Claudio (administrator) on KLAS (15-06-2017 21:22:06) Running from C:\Users\Claudio\Downloads Loaded Profiles: Claudio (Available Profiles: Claudio) Platform: Windows 10 Pro Version 1607 (X64) Language: Italiano (Italia) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe () C:\Windows\SysWOW64\SecUPDUtilSvc.exe (Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files\OpenVPN\bin\openvpn-gui.exe (Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe (hxxp://www.emule-project.net) C:\Program Files (x86)\eMule\emule.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (ALCPU) C:\Program Files\Core Temp\Core Temp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-18] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-06-14] (Copyright (c) 2017 Plays.tv, LLC) HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd) HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] () HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [615040 2017-03-22] () HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [WhatsApp] => C:\Users\Claudio\AppData\Local\WhatsApp\app-0.2.4240\WhatsApp.exe [88291088 2017-04-26] (WhatsApp) HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\Run: [eMuleAutoStart] => C:\Program Files (x86)\eMule\emule.exe [5758976 2010-04-07] (hxxp://www.emule-project.net) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.0 AE.lnk [2015-08-20] ShortcutTarget: PHOTOfunSTUDIO 9.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0878bcbf-b797-47ae-ba10-5b80729643ba}: [DhcpNameServer] 192.168.32.22 192.168.32.21 Tcpip\..\Interfaces\{e04e7c81-4a9f-4ab3-9f3c-fe2ecd89b8c7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sicomputer.com/apps/start SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: c05u035j.default FF ProfilePath: C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\c05u035j.default [2017-06-15] FF Homepage: Mozilla\Firefox\Profiles\c05u035j.default -> hxxp://www.fantacalcio.it/ FF Extension: (YesScript) - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\c05u035j.default\Extensions\yesscript@userstyles.org.xpi [2016-08-03] FF Extension: (RightToClick) - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\c05u035j.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-11-16] FF Extension: (Adblock Plus) - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\c05u035j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\DACAABB511A61794FE7228C6D07836E9DACA [2015-12-30] <==== ATTENTION Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default [2017-06-02] CHR Extension: (Google Drive) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-16] CHR Extension: (YouTube) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20] CHR Extension: (Google Search) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19] CHR Extension: (Adobe Acrobat) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07] CHR Extension: (Google Documenti offline) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-16] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-16] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Gmail) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13] CHR Extension: (Chrome Media Router) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Claudio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-11-14] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-18] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-18] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-31] (AVG Technologies CZ, s.r.o.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed] R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project) S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-06-14] (Copyright (c) 2017 Plays.tv, LLC) R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [143664 2016-05-19] () S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.) R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ALSysIO; C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys [35320 2017-06-15] (Arthur Liberman) <==== ATTENTION S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-26] (Advanced Micro Devices) R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-05-18] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314128 2017-05-18] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-05-18] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-05-18] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-05-18] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-05-18] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-05-18] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102280 2017-05-18] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-05-18] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-05-18] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [570320 2017-05-18] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [160008 2017-05-18] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340824 2017-05-18] (AVG Technologies CZ, s.r.o.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-03-06] (Disc Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-03-20] () R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-15 21:22 - 2017-06-15 21:22 - 00022540 _____ C:\Users\Claudio\Downloads\FRST.txt 2017-06-15 21:21 - 2017-06-15 21:22 - 00000000 ____D C:\FRST 2017-06-15 21:21 - 2017-06-15 21:21 - 02438656 _____ (Farbar) C:\Users\Claudio\Downloads\FRST64.exe 2017-06-15 19:13 - 2017-06-15 19:13 - 00013286 _____ C:\Users\Claudio\Desktop\rep.txt 2017-06-15 17:22 - 2017-06-15 17:22 - 00012930 _____ C:\Users\Claudio\Desktop\report.txt 2017-06-15 16:40 - 2017-06-15 16:40 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-06-15 16:39 - 2017-06-15 21:18 - 00000000 ____D C:\ProgramData\RogueKiller 2017-06-15 16:37 - 2017-06-15 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-06-15 16:37 - 2017-06-15 16:37 - 00000000 ____D C:\Program Files\RogueKiller 2017-06-15 16:09 - 2017-06-15 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-06-15 16:07 - 2017-06-15 16:33 - 00000000 ____D C:\Program Files\mbar 2017-06-15 16:05 - 2017-06-15 16:08 - 35421992 _____ (Adlice Software ) C:\Users\Claudio\Downloads\RogueKiller_setup_ref3.exe 2017-06-15 16:05 - 2017-06-15 16:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Claudio\Downloads\mbar-1.09.3.1001.exe 2017-06-15 13:13 - 2017-06-15 13:13 - 00000000 ___HD C:\OneDriveTemp 2017-06-14 20:09 - 2017-06-14 20:09 - 00007603 _____ C:\Users\Claudio\AppData\Local\Resmon.ResmonCfg 2017-06-14 17:24 - 2017-06-14 17:24 - 00000989 _____ C:\Users\Claudio\Desktop\Core Temp.lnk 2017-06-14 17:24 - 2017-06-14 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp 2017-06-14 17:24 - 2017-06-14 17:24 - 00000000 ____D C:\Program Files\Core Temp 2017-06-14 17:23 - 2017-06-14 17:23 - 01211896 _____ (ALCPU ) C:\Users\Claudio\Downloads\Core-Temp-setup.exe 2017-06-14 17:00 - 2017-06-14 17:00 - 00000000 ____D C:\Users\Claudio\AppData\Local\UNP 2017-06-14 14:42 - 2017-06-14 14:43 - 00000000 ____D C:\Program Files\UNP 2017-06-14 14:42 - 2017-06-14 14:42 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-06-07 13:41 - 2017-06-07 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-05-24 16:36 - 2017-05-24 16:37 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-05-24 16:08 - 2017-06-15 16:07 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-05-24 16:08 - 2017-06-15 13:45 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-24 16:08 - 2017-06-08 01:41 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-24 16:08 - 2017-06-07 16:34 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-05-24 16:08 - 2017-06-07 16:34 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-05-24 16:08 - 2017-06-07 16:34 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-05-24 16:08 - 2017-05-24 16:08 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-24 16:08 - 2017-05-24 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-24 16:08 - 2017-05-24 16:08 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-24 15:58 - 2017-05-24 16:02 - 63364552 _____ (Malwarebytes ) C:\Users\Claudio\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe 2017-05-24 15:20 - 2017-05-24 16:16 - 00000000 ____D C:\Program Files\Reimage 2017-05-24 15:19 - 2017-05-24 16:15 - 00000000 ____D C:\rei 2017-05-20 03:30 - 2017-05-20 03:30 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2017-05-19 17:09 - 2017-05-19 17:09 - 00002578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2017-05-19 17:09 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2017-05-18 04:57 - 2017-04-19 20:36 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-05-18 04:41 - 2017-05-18 04:41 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-05-18 04:41 - 2017-05-18 04:41 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-05-18 04:41 - 2017-05-18 04:41 - 00004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2017-05-18 04:34 - 2017-05-29 16:54 - 00000894 _____ C:\Users\Public\Desktop\AVG.lnk 2017-05-17 14:56 - 2017-06-15 19:42 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\WhatsApp 2017-05-17 14:56 - 2017-05-17 14:56 - 00002282 _____ C:\Users\Claudio\Desktop\WhatsApp.lnk 2017-05-17 14:56 - 2017-05-17 14:56 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-05-17 14:56 - 2017-05-17 14:56 - 00000000 ____D C:\Users\Claudio\AppData\Local\WhatsApp 2017-05-17 14:56 - 2017-05-17 14:56 - 00000000 ____D C:\Users\Claudio\AppData\Local\SquirrelTemp 2017-05-17 14:46 - 2017-05-17 14:53 - 91179280 _____ (WhatsApp) C:\Users\Claudio\Downloads\WhatsAppSetup.exe 2017-05-17 13:20 - 2017-05-17 13:20 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN 2017-05-17 13:20 - 2017-05-17 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2017-05-16 18:06 - 2017-05-16 18:06 - 01040768 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00924544 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00546688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00478080 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00121208 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00112512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00112000 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00099192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00044920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00042368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00029056 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2017-05-16 18:06 - 2017-05-16 18:06 - 00029048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-15 20:52 - 2015-03-09 22:44 - 00000000 ____D C:\Users\Claudio\Documents\File di Outlook 2017-06-15 19:46 - 2016-03-10 16:33 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\PlaysTV 2017-06-15 19:21 - 2016-10-02 19:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-15 17:19 - 2016-11-18 15:28 - 00000000 ____D C:\Users\Claudio\AppData\LocalLow\Mozilla 2017-06-15 17:18 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-06-15 16:09 - 2015-12-30 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-15 14:44 - 2015-12-17 18:44 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-06-15 14:44 - 2015-02-28 22:02 - 00000000 ____D C:\ProgramData\Skype 2017-06-15 13:50 - 2016-07-17 00:35 - 04317822 _____ C:\WINDOWS\system32\perfh010.dat 2017-06-15 13:50 - 2016-07-17 00:35 - 01281754 _____ C:\WINDOWS\system32\perfc010.dat 2017-06-15 13:50 - 2016-07-16 08:28 - 08792552 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-15 13:46 - 2016-11-14 19:19 - 00000000 ___RD C:\Users\Claudio\Google Drive 2017-06-15 13:46 - 2016-10-02 19:33 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-06-15 13:46 - 2015-03-05 19:48 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Raptr 2017-06-15 13:46 - 2015-03-03 18:30 - 00000000 __RDO C:\Users\Claudio\OneDrive 2017-06-15 13:45 - 2016-10-02 19:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-15 13:45 - 2016-10-02 19:26 - 00000000 ____D C:\Users\Claudio 2017-06-15 13:45 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-15 13:39 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-15 13:37 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-15 05:08 - 2016-10-02 19:24 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-06-15 05:08 - 2016-07-16 08:04 - 02097152 _____ C:\WINDOWS\system32\config\BBI 2017-06-15 04:57 - 2015-03-01 00:20 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\vlc 2017-06-14 20:01 - 2015-03-01 20:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-06-14 17:19 - 2016-11-18 06:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-14 17:19 - 2015-02-28 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-14 17:16 - 2015-04-07 16:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-14 17:16 - 2015-04-07 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-14 17:13 - 2015-04-07 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-14 17:12 - 2015-03-02 02:05 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-14 17:07 - 2015-03-02 02:04 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-14 14:43 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini 2017-06-14 05:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-06-14 05:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-14 04:01 - 2015-03-01 21:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-06-12 18:02 - 2015-02-28 22:02 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Skype 2017-06-09 13:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-07 18:59 - 2015-03-01 00:20 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-06-07 13:41 - 2016-10-02 19:33 - 00003334 _____ C:\WINDOWS\System32\Tasks\SamsungMagician 2017-06-07 13:41 - 2015-03-09 15:54 - 00001293 _____ C:\Users\Public\Desktop\Samsung Magician.lnk 2017-06-07 13:41 - 2015-03-07 20:27 - 00000000 ____D C:\ProgramData\Samsung 2017-06-07 13:41 - 2015-03-07 20:25 - 00000000 ____D C:\Program Files (x86)\Samsung 2017-06-03 19:46 - 2015-02-26 05:11 - 00000000 ____D C:\Users\Claudio\AppData\Local\Packages 2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-26 05:00 - 2015-02-28 20:34 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\uTorrent 2017-05-19 17:10 - 2016-10-02 19:33 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511887087-4107616233-696709613-1001 2017-05-19 17:09 - 2015-10-25 14:08 - 00000000 ____D C:\ProgramData\Avg 2017-05-19 17:09 - 2015-10-25 13:59 - 00000000 ____D C:\Users\Claudio\AppData\Local\AvgSetupLog 2017-05-19 17:09 - 2015-05-21 12:33 - 00000000 ____D C:\Users\Claudio\AppData\Local\Avg 2017-05-19 17:09 - 2015-03-06 20:41 - 00000000 ____D C:\Program Files (x86)\AVG 2017-05-18 05:07 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-05-18 05:07 - 2015-10-25 14:16 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\AVG 2017-05-18 05:07 - 2015-06-18 12:56 - 00000000 ____D C:\Program Files\Common Files\AV 2017-05-17 13:20 - 2016-10-02 19:24 - 00000000 ____D C:\Program Files\AMD 2017-05-17 13:20 - 2016-07-16 08:19 - 00000000 ____D C:\Program Files (x86)\AMD 2017-05-17 13:20 - 2015-02-26 07:12 - 00000000 ____D C:\ProgramData\AMD 2017-05-17 13:19 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-05-17 13:19 - 2015-02-28 22:50 - 00000000 ____D C:\AMD 2017-05-16 18:06 - 2016-10-26 01:04 - 10320248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 02536320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 01516416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 00864120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 00514424 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 00411008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2017-05-16 18:06 - 2016-10-26 01:04 - 00091520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll 2017-05-16 18:06 - 2016-10-26 01:04 - 00068992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2017-05-16 18:06 - 2016-07-25 22:55 - 00156704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2017-05-16 18:06 - 2016-07-25 22:55 - 00148440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2017-05-16 18:06 - 2016-07-25 22:55 - 00115072 _____ C:\WINDOWS\system32\atidxx64.dll 2017-05-16 18:06 - 2016-07-25 22:55 - 00101760 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00531328 _____ C:\WINDOWS\system32\GameManager64.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00365440 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00278400 _____ C:\WINDOWS\system32\clinfo.exe 2017-05-16 18:06 - 2016-07-25 22:53 - 00276352 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00242048 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00191360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00169856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00167808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00150912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2017-05-16 18:06 - 2016-07-25 22:53 - 00133504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2017-05-16 18:06 - 2016-07-25 22:52 - 00777088 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2017-05-16 18:06 - 2016-07-25 22:52 - 00551808 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2017-05-16 18:06 - 2016-07-25 22:52 - 00483712 _____ C:\WINDOWS\system32\atieah64.exe 2017-05-16 18:06 - 2016-07-25 22:52 - 00467328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2017-05-16 18:06 - 2016-07-25 22:52 - 00334208 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2017-05-16 18:06 - 2016-07-25 22:52 - 00245112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2017-05-16 18:06 - 2016-07-25 22:52 - 00203648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2017-05-16 18:06 - 2016-07-25 22:52 - 00122744 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2017-05-16 18:06 - 2016-07-25 22:51 - 08479104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll 2017-05-16 18:06 - 2016-07-25 22:51 - 02198400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2017-05-16 18:06 - 2016-07-25 22:51 - 01040768 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2017-05-16 18:06 - 2016-07-25 22:49 - 00696192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2017-05-16 18:06 - 2016-07-25 22:49 - 00360312 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2017-05-16 18:06 - 2016-07-25 22:49 - 00075136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll 2017-05-16 18:06 - 2016-07-25 22:45 - 00551808 _____ C:\WINDOWS\system32\dgtrayicon.exe 2017-05-16 18:06 - 2016-07-25 22:45 - 00135040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2017-05-16 18:05 - 2016-10-26 01:05 - 00573800 _____ C:\WINDOWS\system32\amdmiracast.dll 2017-05-16 18:05 - 2016-10-26 01:05 - 00196176 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2017-05-16 18:05 - 2016-10-26 01:05 - 00139080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2017-05-16 18:05 - 2016-10-26 01:05 - 00131280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2017-05-16 18:05 - 2016-07-25 22:55 - 00164400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2017-05-16 18:05 - 2016-07-25 22:55 - 00131280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2017-05-16 18:05 - 2016-07-25 22:55 - 00102520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2017-05-16 18:05 - 2016-07-25 22:55 - 00102512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2017-05-16 18:05 - 2016-07-25 22:54 - 00116072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll ==================== Files in the root of some directories ======= 2015-03-10 00:44 - 2015-03-10 01:07 - 0028298 _____ () C:\Users\Claudio\AppData\Roaming\Valori separati da virgola.ADR 2015-03-10 00:57 - 2015-04-23 16:45 - 0012424 _____ () C:\Users\Claudio\AppData\Roaming\Valori separati da virgola.EML 2017-06-14 20:09 - 2017-06-14 20:09 - 0007603 _____ () C:\Users\Claudio\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-06-15 16:40 - 2016-11-11 12:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Claudio\AppData\Local\Temp\dllnt_dump.dll 2017-05-19 15:42 - 2017-05-19 15:42 - 14608752 _____ (Samsung Electronics ) C:\Users\Claudio\AppData\Local\Temp\Samsung_Magician_Installer.exe 2016-10-05 14:54 - 2017-06-12 12:01 - 0854016 _____ () C:\Users\Claudio\AppData\Local\Temp\SkypeSetup.exe 2017-04-12 16:24 - 2017-04-12 16:24 - 14456872 _____ (Microsoft Corporation) C:\Users\Claudio\AppData\Local\Temp\vc_redist.x86.exe 2017-06-02 02:32 - 2017-06-07 18:58 - 30950664 _____ () C:\Users\Claudio\AppData\Local\Temp\vlc-2.2.6-win32.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-06 20:39 ==================== End of FRST.txt ============================ |
|
15-06-2017, 20:24 | #14 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Claudio (15-06-2017 21:22:45) Running from C:\Users\Claudio\Downloads Windows 10 Pro Version 1607 (X64) (2016-10-02 17:35:09) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3511887087-4107616233-696709613-500 - Administrator - Disabled) Claudio (S-1-5-21-3511887087-4107616233-696709613-1001 - Administrator - Enabled) => C:\Users\Claudio DefaultAccount (S-1-5-21-3511887087-4107616233-696709613-503 - Limited - Disabled) Guest (S-1-5-21-3511887087-4107616233-696709613-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3511887087-4107616233-696709613-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE) µTorrent (HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) AVG (Version: 1.191.1 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - ) calibre 64bit (HKLM\...\{03D76A6B-4B00-4CEA-835B-909D7462F32E}) (Version: 2.58.0 - Kovid Goyal) Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Core Temp 1.8.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.8.1 - ALCPU) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Diagnostica della stampante Samsung (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.2.5 - Samsung Electronics Co., Ltd.) DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.) Easy Tune 6 B13.1111.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B13.1111.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden eMule (HKLM-x32\...\eMule) (Version: - ) FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden GNU Backgammon (Version 1_05_000, 20150725) (HKLM-x32\...\GNU Backgammon_is1) (Version: - Free Software Foundation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation) MKVToolNix 6.7.0 [20140102-565] (HKLM-x32\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus) Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version: - ) Mozilla Firefox 54.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 it)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla) Mozilla Thunderbird 31.5.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 it)) (Version: 31.5.0 - Mozilla) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden OpenVPN 2.4.1-I601 (HKLM\...\OpenVPN) (Version: 2.4.1-I601 - OpenVPN Technologies, Inc.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacchetto Eco Driver (HKLM-x32\...\Samsung Eco Driver Pack) (Version: 2.01.10.00 (28/05/2015) - Samsung Electronics Co., Ltd.) Pacchetto Stylish Driver (HKLM-x32\...\Samsung Stylish UI Pack) (Version: 1.01.74.00 (09/02/2015) - Samsung Electronics Co., Ltd.) PHOTOfunSTUDIO 9.0 AE (HKLM-x32\...\{94C19375-D509-4D21-A627-DD9160DF4710}) (Version: 9.00.517 - Panasonic Corporation) Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.24.2-r123476-release - Plays.tv, LLC) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.0.0.78 - Samsung Electronics Co., Ltd.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics) Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.12 - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.03.05.26 - Samsung Electronics Co., Ltd.) Hidden Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.) SolveigMM AVI Trimmer+ versione 5.0.1603.23 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1603.23 - Solveig Multimedia) SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer) Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.12 - Samsung Electronics CO., LTD.) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Update for Skype for Business 2015 (KB3191873) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{85A9A851-E7DE-47F5-9F0D-58808E986FE1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft) vanBasco's Karaoke Player (HKLM-x32\...\VMidi) (Version: - ) VIA Manager Piattaforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visualizza Guida dell’utente (HKLM-x32\...\View User Guide) (Version: 4.0.0.6 - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden WhatsApp (HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\WhatsApp) (Version: 0.2.4240 - WhatsApp) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CF53677-BC7E-4D68-BC7B-AE60A84001ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {154D4630-EBCA-434C-B484-E88C46A7CE2D} - \WPD\SqmUpload_S-1-5-21-3511887087-4107616233-696709613-1001 -> No File <==== ATTENTION Task: {1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {209022DE-32F0-449B-A1BD-59BEE83E67B6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {24CBAAD4-1132-49EA-8534-5FACFA34D692} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3733B79C-C3C2-4DCD-B84C-CE43AA66E705} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {39BAB04C-8521-4397-B539-C0B4C946DEED} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.) Task: {3D0315BB-FFA1-4C76-B8AB-EB78FB687060} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3DCDB99E-7F3C-46CE-837B-5A111929BDF6} - System32\Tasks\MotoGP => Firefox.exe hxxp://www.motogp.com/ Task: {482D36AD-CA7D-42E0-882B-0ACBFB372CB8} - System32\Tasks\{150078D6-86FF-4591-A911-219B29645782} => pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://jws.agenziaentrate.it/jws/dichiarazioni/2016/UNI16.jnlp" Task: {49B0EEA3-822D-42AB-80D6-310E56192F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4DE0DE2E-BF45-4754-9022-0AD457BF66BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {53B79389-325E-484C-A880-4D95E300451C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {599C466A-D6AA-4069-8EDF-8BCEDC3B8E09} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.) Task: {6A8DEED4-26C6-4ACD-9BA0-0F1BA9539032} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-18] (AVG Technologies CZ, s.r.o.) Task: {6F16341C-FF77-4A2E-8252-0ABE53694AB1} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [2015-04-24] () Task: {70915773-242A-474A-ADF4-F9E4FAE3A266} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {7CA0D17F-309B-46E1-885E-ACC287EDF342} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {7ECDF658-7A02-4EA6-8D30-5593D1F760AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {81513D21-688F-460D-B2F8-4E3AEEFAECFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-06-14] (Microsoft Corporation) Task: {913BA7EB-F711-4767-9F05-BDF402A15ABB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {9AB0D919-322F-499A-BDAB-83A11E248102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9BECD48C-8E37-4F95-9514-5B849B522017} - System32\Tasks\Formula 1 => Firefox.exe hxxps://www.formula1.com/en.html Task: {B164D83E-1136-4828-9DFC-CCE65283113A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {B680E122-9A97-4E30-9986-08B1915B4ECA} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\AudioConverter 1.32\AudioConverter.exe [2013-08-11] (Moo0) Task: {B6D71C30-5A70-4F9B-A37B-008B996F3509} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-14] (Adobe Systems Incorporated) Task: {B9A1E249-EC74-4C4A-93F5-77DED62D5311} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BA10277A-1151-4ABB-9936-505AA472E51F} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {BC05D346-893B-4F75-915D-2EF6516ECFE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BE201AD4-A3E3-445F-8030-AC0BD1159EC3} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C933E1D1-22AD-4A10-BAA1-2C414823BF79} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.) Task: {DCE76D9D-095C-480C-B365-C1770CF97402} - System32\Tasks\Injury List Nba => Firefox.exe hxxp://stats.hoopshype.com/basketball/nba-injuries.aspx?page=/data/nba/injury/injuries.html Task: {E4512788-4B07-4ECF-AA88-7BB02045E663} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E70A734-C15F-43DF-B571-8F1685D2F9D2}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 23:10 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-05-19 16:35 - 2014-11-25 13:16 - 00022528 _____ () C:\WINDOWS\System32\us005lm.dll 2015-03-24 22:00 - 2014-04-16 10:22 - 00029184 _____ () C:\WINDOWS\System32\usp02l.dll 2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2015-03-24 22:02 - 2016-05-19 16:35 - 00143664 _____ () C:\Windows\SysWOW64\SecUPDUtilSvc.exe 2016-05-19 16:35 - 2015-07-27 11:57 - 01687856 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\us005du.dll 2016-10-03 16:41 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-17 14:18 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-17 14:17 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-17 14:17 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-17 14:17 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 23:10 - 2017-04-28 01:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-10 23:10 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 23:10 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-14 02:59 - 2016-09-14 02:59 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-14 02:59 - 2016-09-14 02:59 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2015-02-26 07:07 - 2012-11-14 09:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2015-02-26 07:07 - 2012-11-14 09:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2017-03-22 18:49 - 2017-03-22 18:49 - 00615040 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe 2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00020184 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\QtWebEngineProcess.exe 2017-06-01 16:52 - 2017-06-01 16:57 - 30965760 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe 2017-06-01 16:52 - 2017-06-01 16:57 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-05-26 13:06 - 2017-05-26 13:10 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-03-22 18:49 - 2017-03-22 18:49 - 00225696 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll 2017-03-22 18:49 - 2017-03-22 18:49 - 00124872 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll 2015-02-10 14:12 - 2015-02-10 14:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll 2015-10-13 16:10 - 2015-10-13 16:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-06-03 12:36 - 2017-06-03 12:45 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2016-07-16 16:48 - 2016-07-16 16:48 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-06-03 12:36 - 2017-06-03 12:45 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-05-05 13:01 - 2017-05-05 13:13 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-07-16 16:48 - 2016-07-16 16:48 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2016-11-28 16:44 - 2016-11-28 16:44 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2017-05-18 04:41 - 2017-05-18 04:41 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2017-06-15 13:46 - 2017-06-15 13:46 - 00098816 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32api.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00110080 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\pywintypes27.dll 2017-06-15 13:46 - 2017-06-15 13:46 - 00364544 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\pythoncom27.dll 2017-06-15 13:46 - 2017-06-15 13:46 - 00320512 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32com.shell.shell.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00914432 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_hashlib.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 01176576 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._core_.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00806400 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._gdi_.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00816128 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._windows_.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 01067008 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._controls_.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00733184 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._misc_.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00682496 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\pysqlite2._sqlite.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00088064 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_ctypes.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00686080 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\unicodedata.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00119808 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32file.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00108544 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32security.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00007168 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\hashobjs_ext.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00017920 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\thumbnails_ext.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00088064 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\usb_ext.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00012800 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\common.time34.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00018432 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32event.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00167936 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32gui.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00046080 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_socket.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 01303552 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_ssl.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00128512 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_elementtree.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00127488 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\pyexpat.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00038912 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32inet.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00036864 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_psutil_windows.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00524248 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\windows._lib_cacheinvalidation.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00011264 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32crypt.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00123392 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._wizard.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00077312 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._html2.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00027648 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_multiprocessing.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00020480 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\_yappi.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00035840 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32process.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00078848 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\wx._animate.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00024064 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32pipe.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00010240 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\select.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00025600 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32pdh.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00017408 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32profile.pyd 2017-06-15 13:46 - 2017-06-15 13:46 - 00022528 ____R () C:\Users\Claudio\AppData\Local\Temp\_MEI75402\win32ts.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd 2017-05-04 21:01 - 2017-05-04 21:01 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd 2015-05-08 03:38 - 2015-05-08 03:38 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll 2015-05-08 03:37 - 2015-05-08 03:37 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd 2015-05-08 03:49 - 2015-05-08 03:49 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll 2015-05-08 03:39 - 2015-05-08 03:39 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd 2015-05-08 03:39 - 2015-05-08 03:39 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd 2015-05-08 03:37 - 2015-05-08 03:37 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd 2015-11-13 23:59 - 2015-11-13 23:59 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll 2015-11-13 23:59 - 2015-11-13 23:59 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll 2015-05-08 03:37 - 2015-05-08 03:37 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00021504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00124416 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00084992 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtSvg.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00152064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebEngineWidgets.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00033792 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebEngineCore.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00032256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebChannel.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00035328 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\simplejson._speedups.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00372736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd 2017-06-14 02:32 - 2017-06-14 02:32 - 00013824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libEGL.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 01983488 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libGLESv2.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 02653392 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL 2017-06-14 02:32 - 2017-06-14 02:32 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll 2017-06-14 02:32 - 2017-06-14 02:32 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll 2015-05-08 03:39 - 2015-05-08 03:39 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd 2017-05-04 19:33 - 2017-05-04 19:33 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd 2015-05-08 03:49 - 2015-05-08 03:49 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll 2015-05-08 03:55 - 2015-05-08 03:55 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll 2015-05-08 03:49 - 2015-05-08 03:49 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-12-30 18:14 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{babd5440-34b5-48b4-adae-54a39568fa61}.JPG DNS Servers: 192.168.1.1 - 192.168.32.22 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-3511887087-4107616233-696709613-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{AFB411C0-239E-49F0-87CD-47D8A772D638}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{14EA612D-5B89-4A8B-8756-A37750739440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{28D8AA8E-264F-4C6C-8F62-965378F9F770}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{5F85C090-73DB-4D2F-924F-91410FFD2299}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{6FB59A35-4ABD-4C3C-9D57-6CEB00B8FDDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{029457B3-765B-4BEF-871B-6304D3AFFC23}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{D460CC75-4DAC-404E-9340-67A4F039D53D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{32A38BEA-1D07-44A7-8233-A581003F6022}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{A6C67D62-4FC6-460B-A6B5-E82EB08D9972}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe FirewallRules: [TCP Query User{AB40D956-5751-42C1-A74E-16145D0C2030}C:\users\claudio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\claudio\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{ABFC7E79-C6F2-42DE-A25F-92B41B770BD5}C:\users\claudio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\claudio\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{4343EE75-1E04-456F-8A2A-4A460466A93E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{30917B3A-8EA8-4A15-B787-22478774616A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{E2BCEA09-430C-4634-AFA7-444DFB1FE910}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe FirewallRules: [UDP Query User{CC1F69AF-3790-4FC8-80E9-1AC2D905A8FD}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe FirewallRules: [{3EF0E89F-3A7F-41CD-BBCA-527B21DBEC2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BAE299C9-396A-4258-8F89-4774F4EDE351}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{3E02B047-CCBB-4343-B3A0-7CFDFB42342D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{5BF59883-6C68-464E-A071-F339DC2B25CC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{AD155401-D57D-4179-A12A-99AD74B73980}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{0ADE9274-FE3C-45C6-BBE0-D47D132FBA14}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe FirewallRules: [{372447CC-58CF-4A17-8BB1-63FEF2D7AB57}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe FirewallRules: [{7CF2CE99-FD06-439E-921A-BF7CC5E17AB3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{2990456E-B4C1-46EF-99D8-BA6A5DDD26C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe FirewallRules: [{91364B55-F016-44BD-9D4D-5FAA8834102B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe FirewallRules: [{542345FD-E0CA-4393-910D-2B3D8D3CA4F3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{7CCA5D7C-8CBC-47C3-8C31-B09C35D3A709}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{8EEF06DE-3FE8-4019-98EF-3BD10DB39996}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{64549595-77CA-48B7-879F-83A1B0FA85AC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [TCP Query User{383ACCBF-A1EA-44B2-9F9C-E46021D472EB}C:\users\claudio\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\claudio\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [UDP Query User{90D33360-6F0D-4D2F-B4B8-A33B8154E5B9}C:\users\claudio\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\claudio\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [{0015BC59-7D68-4C9F-B292-2C2DB62415F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9C31C005-4E23-4FD0-973C-66D1FA9C4BB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{79358719-CC40-4018-ACFD-88C0781202A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{269EADCE-CA03-4313-9011-668B76ABE478}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7547D2CF-C34E-473F-B21F-5893BDCA03B2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{FAC6B126-10A2-4521-9F4F-D1B9C3896DB7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{304AF0FF-3640-43C4-996D-1BA92B518E36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1DA36D99-5E24-4AB1-8137-C168BE85005A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{E504D859-D337-4E43-8F02-632C5A305858}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{A91BF7CF-1A24-487E-A766-9E446F22A8BE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{AD35B0F7-478F-4DE0-92FD-15FE53E92A6C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{2863D593-E314-4B6D-AB3A-3235643A6067}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{4DBC2EA3-3781-4F56-8099-0471C4406870}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe ==================== Restore Points ========================= 30-05-2017 19:55:45 Punto di controllo pianificato 08-06-2017 20:03:56 Punto di controllo pianificato 14-06-2017 14:42:04 Windows Update 14-06-2017 14:42:23 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2017 09:15:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 08:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 08:15:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 07:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 07:15:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 06:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 06:15:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 05:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLAS) Description: Attivazione dell'app Microsoft.BingWeather_8wekyb3d8bbwe!App non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (06/15/2017 05:19:09 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (06/15/2017 05:19:09 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 System errors: ============= Error: (06/15/2017 05:26:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (06/15/2017 04:09:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: KLAS) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes' Anti-Malware (portable)\S-1-5-21-3511887087-4107616233-696709613-1001-0-ntuser.dat Error: (06/15/2017 04:09:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: KLAS) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes' Anti-Malware (portable)\S-1-5-21-3511887087-4107616233-696709613-1001-0-ntuser.dat Error: (06/15/2017 01:48:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (06/15/2017 01:45:47 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Precedente arresto del sistema inatteso a 13:42:34 su 15/06/2017. Error: (06/15/2017 01:17:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (06/15/2017 05:07:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (06/14/2017 06:50:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (06/14/2017 05:31:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024001e: Aggiornamento della sicurezza per Skype for Business 2015 (KB3191939) Edizione a 64 bit. Error: (06/14/2017 05:27:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. CodeIntegrity: =================================== Date: 2017-05-28 04:47:13.233 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-119906.dll that did not meet the Store signing level requirements. Date: 2017-05-28 04:47:13.213 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-122689.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:28:50.245 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-119906.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:28:50.241 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-122689.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:28:50.199 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-119906.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:28:50.195 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-122689.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:24:04.252 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-119906.dll that did not meet the Store signing level requirements. Date: 2017-05-25 15:24:04.232 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-122689.dll that did not meet the Store signing level requirements. Date: 2017-05-24 16:53:11.931 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-21 03:58:50.512 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-119906.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 62% Total physical RAM: 8156.62 MB Available physical RAM: 3027.29 MB Total Virtual: 8834.53 MB Available Virtual: 2994.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.69 GB) (Free:131.03 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:265.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 0B24D8A3) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B24D8BE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
16-06-2017, 08:33 | #15 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Ciao,
Un mio consiglio, disinstalla avg tuneup , utorrent ed emule (gli ultimi due sono portatori di virus se usati) Se decidi di farlo disinstallali da pannello di controllo poi fai una passata con ccleaner compreso il registro!!! Metti farbar recovery scan tool (frst) e il file allegato fixlist.txt sul desktop (mi raccomando sul desktop) poi posizionati sopra frst tasto dx esegui come amministratore una volta aperto clicca su fix aspetta che finisca e che si riavvi il pc se non si riavvia fallo tu al riavvio posta il log generato fixlog.txt lo trovi sul desktop Fammi saper come va il pc!!! Ultima modifica di Dan1979 : 16-06-2017 alle 08:35. |
16-06-2017, 13:15 | #16 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Claudio (16-06-2017 14:10:38) Run:1 Running from C:\Users\Claudio\Desktop Loaded Profiles: Claudio (Available Profiles: Claudio) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sicomputer.com/apps/start SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\DACAABB511A61794FE7228C6D07836E9DACA [2015-12-30] <==== ATTENTION CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Chrome Media Router) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Claudio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-11-14] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx R3 ALSysIO; C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys [35320 2017-06-15] (Arthur Liberman) <==== ATTENTION Task: {0CF53677-BC7E-4D68-BC7B-AE60A84001ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {154D4630-EBCA-434C-B484-E88C46A7CE2D} - \WPD\SqmUpload_S-1-5-21-3511887087-4107616233-696709613-1001 -> No File <==== ATTENTION Task: {1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {209022DE-32F0-449B-A1BD-59BEE83E67B6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {24CBAAD4-1132-49EA-8534-5FACFA34D692} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3733B79C-C3C2-4DCD-B84C-CE43AA66E705} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {3D0315BB-FFA1-4C76-B8AB-EB78FB687060} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4DE0DE2E-BF45-4754-9022-0AD457BF66BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {7ECDF658-7A02-4EA6-8D30-5593D1F760AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {913BA7EB-F711-4767-9F05-BDF402A15ABB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3DCDB99E-7F3C-46CE-837B-5A111929BDF6} - System32\Tasks\MotoGP => Firefox.exe hxxp://www.motogp.com/ Task: {482D36AD-CA7D-42E0-882B-0ACBFB372CB8} - System32\Tasks\{150078D6-86FF-4591-A911-219B29645782} => pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://jws.agenziaentrate.it/jws/dichiarazioni/2016/UNI16.jnlp" Task: {9BECD48C-8E37-4F95-9514-5B849B522017} - System32\Tasks\Formula 1 => Firefox.exe hxxps://www.formula1.com/en.html Task: {B9A1E249-EC74-4C4A-93F5-77DED62D5311} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BC05D346-893B-4F75-915D-2EF6516ECFE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {DCE76D9D-095C-480C-B365-C1770CF97402} - System32\Tasks\Injury List Nba => Firefox.exe hxxp://stats.hoopshype.com/basketball/nba-injuries.aspx?page=/data/nba/injury/injuries.html Task: {FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E70A734-C15F-43DF-B571-8F1685D2F9D2}.job => C:\WINDOWS\system32\msfeedssync.exe FirewallRules: [{F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{3E02B047-CCBB-4343-B3A0-7CFDFB42342D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{5BF59883-6C68-464E-A071-F339DC2B25CC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{AD155401-D57D-4179-A12A-99AD74B73980}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys C:\Program Files\Reimage C:\rei C:\Windows\SECOH-QAD.exe C:\Program Files\KMSpico\KMSELDI.exe C:\Program Files\KMSpico\AutoPico.exe cmd: ipconfig /flushdns hosts: reboot: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. C:\Program Files (x86)\mozilla firefox\DACAABB511A61794FE7228C6D07836E9DACA => moved successfully C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => key removed successfully C:\Users\Claudio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx => moved successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully ALSysIO => Unable to stop service. HKLM\System\CurrentControlSet\Services\ALSysIO => key removed successfully ALSysIO => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CF53677-BC7E-4D68-BC7B-AE60A84001ED} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF53677-BC7E-4D68-BC7B-AE60A84001ED} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{154D4630-EBCA-434C-B484-E88C46A7CE2D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{154D4630-EBCA-434C-B484-E88C46A7CE2D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3511887087-4107616233-696709613-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209022DE-32F0-449B-A1BD-59BEE83E67B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209022DE-32F0-449B-A1BD-59BEE83E67B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24CBAAD4-1132-49EA-8534-5FACFA34D692} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24CBAAD4-1132-49EA-8534-5FACFA34D692} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3733B79C-C3C2-4DCD-B84C-CE43AA66E705} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3733B79C-C3C2-4DCD-B84C-CE43AA66E705} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D0315BB-FFA1-4C76-B8AB-EB78FB687060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0315BB-FFA1-4C76-B8AB-EB78FB687060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DE0DE2E-BF45-4754-9022-0AD457BF66BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE0DE2E-BF45-4754-9022-0AD457BF66BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ECDF658-7A02-4EA6-8D30-5593D1F760AE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ECDF658-7A02-4EA6-8D30-5593D1F760AE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{913BA7EB-F711-4767-9F05-BDF402A15ABB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{913BA7EB-F711-4767-9F05-BDF402A15ABB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DCDB99E-7F3C-46CE-837B-5A111929BDF6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DCDB99E-7F3C-46CE-837B-5A111929BDF6} => key removed successfully C:\WINDOWS\System32\Tasks\MotoGP => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoGP => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{482D36AD-CA7D-42E0-882B-0ACBFB372CB8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482D36AD-CA7D-42E0-882B-0ACBFB372CB8} => key removed successfully C:\WINDOWS\System32\Tasks\{150078D6-86FF-4591-A911-219B29645782} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{150078D6-86FF-4591-A911-219B29645782} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BECD48C-8E37-4F95-9514-5B849B522017} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BECD48C-8E37-4F95-9514-5B849B522017} => key removed successfully C:\WINDOWS\System32\Tasks\Formula 1 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Formula 1 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9A1E249-EC74-4C4A-93F5-77DED62D5311} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9A1E249-EC74-4C4A-93F5-77DED62D5311} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC05D346-893B-4F75-915D-2EF6516ECFE4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC05D346-893B-4F75-915D-2EF6516ECFE4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE76D9D-095C-480C-B365-C1770CF97402} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE76D9D-095C-480C-B365-C1770CF97402} => key removed successfully C:\WINDOWS\System32\Tasks\Injury List Nba => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Injury List Nba => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E70A734-C15F-43DF-B571-8F1685D2F9D2}.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E02B047-CCBB-4343-B3A0-7CFDFB42342D} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BF59883-6C68-464E-A071-F339DC2B25CC} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD155401-D57D-4179-A12A-99AD74B73980} => value not found. C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys => moved successfully C:\Program Files\Reimage => moved successfully C:\rei => moved successfully C:\Windows\SECOH-QAD.exe => moved successfully "C:\Program Files\KMSpico\KMSELDI.exe" => not found. "C:\Program Files\KMSpico\AutoPico.exe" => not found. ========= ipconfig /flushdns ========= Configurazione IP di Windows Cache del resolver DNS svuotata. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8983627 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 58210686 B Edge => 891 B Chrome => 151552 B Firefox => 12298269 B Opera => 2296832 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Claudio => 58791935 B RecycleBin => 0 B EmptyTemp: => 134.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:11:25 ==== |
16-06-2017, 13:34 | #17 |
Member
Iscritto dal: Jun 2017
Messaggi: 175
|
Reinposta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser
Fai pulizia con ccleaner scaricalo da qui https://www.piriform.com/ccleaner/download cancella i log di farbar fixlog.txt e frst.txt e addition.txt(per non confonderci nel postare i log) metti farbar recovery scan tool nel desktop aprilo e sunta addition e dai scan posta i log generati frst.txt e additions.txt Comunque secondo me la polvere incide molto prova ad aspirarla con un aspirapolvere non soffiarla che si infiltra dappertutto.. come va il pc??? Ultima modifica di Dan1979 : 16-06-2017 alle 13:43. |
16-06-2017, 13:44 | #18 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Il PC va bene, ma andava bene anche prima, il problema non sono mai state le prestazioni. Al momento non si sta più bloccando e speriamo che continui. Oggi, pochi minuti dopo l'accensione, core temp mi ha segnalato una temperatura massima di 81°, ma stavolta il PC non si è bloccato, ed è già un passo avanti.
Temo proprio che l'unico modo per abbassare le temperature sia riuscire ad estrarre la ventola della CPU per rimuovere la patina di polvere che vi si è depositata in due anni di utilizzo. Il problema è che non ho la pasta termica e se anche me la procurassi sarei davvero a rischio danni irreparabili. Ti volevo chiedere due cose: 1) La ventola stock di questa CPU è particolarmente rumorosa. Lo sapevo già quando l'ho presa, mi ripromettevo di sostituirla con una migliore after market ma poi, per un motivo o per l'altro, non l'ho mai fatto. Forse, già che ci sono, potrebbe essere l'occasione giusta per prendere due piccioni con una fava. Mi consiglieresti un dissipatore dal buon rapporto qualità/prezzo per la configurazione del mio PC (riportata in fondo al primo post)? 2) Anni fa avevo avuto un problema simile a questo col mio PC precedente, che avevo risolto proprio ripulendo le ventole dalla polvere (sì, con quello c'ero riuscito). Solo che in quel caso il PC si spegneva di colpo, non si bloccava rimanendo acceso con le ventole a manetta come questo. Ora, siccome io tengo spesso il PC acceso quando esco (per poterlo richiamare via smartphone con teamviewer nel caso mi servisse un file per lavoro), preferirei che si spegnesse automaticamente quando si surriscalda, per evitare di fondere la CPU se resta bloccato per ore (sempre che davvero il motivo del blocco sia il surriscaldamento, che ancora non lo so mica con certezza). E' un settaggio che va modificato da bios? Ed eventualmente come si fa? |
16-06-2017, 13:44 | #19 |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Claudio (16-06-2017 14:10:38) Run:1 Running from C:\Users\Claudio\Desktop Loaded Profiles: Claudio (Available Profiles: Claudio) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=NIS&pvid=21.6.0.32 HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sicomputer.com/apps/start SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\DACAABB511A61794FE7228C6D07836E9DACA [2015-12-30] <==== ATTENTION CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Chrome Media Router) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Claudio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-11-14] CHR HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx R3 ALSysIO; C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys [35320 2017-06-15] (Arthur Liberman) <==== ATTENTION Task: {0CF53677-BC7E-4D68-BC7B-AE60A84001ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {154D4630-EBCA-434C-B484-E88C46A7CE2D} - \WPD\SqmUpload_S-1-5-21-3511887087-4107616233-696709613-1001 -> No File <==== ATTENTION Task: {1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {209022DE-32F0-449B-A1BD-59BEE83E67B6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {24CBAAD4-1132-49EA-8534-5FACFA34D692} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3733B79C-C3C2-4DCD-B84C-CE43AA66E705} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {3D0315BB-FFA1-4C76-B8AB-EB78FB687060} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4DE0DE2E-BF45-4754-9022-0AD457BF66BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {7ECDF658-7A02-4EA6-8D30-5593D1F760AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {913BA7EB-F711-4767-9F05-BDF402A15ABB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3DCDB99E-7F3C-46CE-837B-5A111929BDF6} - System32\Tasks\MotoGP => Firefox.exe hxxp://www.motogp.com/ Task: {482D36AD-CA7D-42E0-882B-0ACBFB372CB8} - System32\Tasks\{150078D6-86FF-4591-A911-219B29645782} => pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://jws.agenziaentrate.it/jws/dichiarazioni/2016/UNI16.jnlp" Task: {9BECD48C-8E37-4F95-9514-5B849B522017} - System32\Tasks\Formula 1 => Firefox.exe hxxps://www.formula1.com/en.html Task: {B9A1E249-EC74-4C4A-93F5-77DED62D5311} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BC05D346-893B-4F75-915D-2EF6516ECFE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {DCE76D9D-095C-480C-B365-C1770CF97402} - System32\Tasks\Injury List Nba => Firefox.exe hxxp://stats.hoopshype.com/basketball/nba-injuries.aspx?page=/data/nba/injury/injuries.html Task: {FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E70A734-C15F-43DF-B571-8F1685D2F9D2}.job => C:\WINDOWS\system32\msfeedssync.exe FirewallRules: [{F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{3E02B047-CCBB-4343-B3A0-7CFDFB42342D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{5BF59883-6C68-464E-A071-F339DC2B25CC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{AD155401-D57D-4179-A12A-99AD74B73980}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys C:\Program Files\Reimage C:\rei C:\Windows\SECOH-QAD.exe C:\Program Files\KMSpico\KMSELDI.exe C:\Program Files\KMSpico\AutoPico.exe cmd: ipconfig /flushdns hosts: reboot: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. C:\Program Files (x86)\mozilla firefox\DACAABB511A61794FE7228C6D07836E9DACA => moved successfully C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => key removed successfully C:\Users\Claudio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx => moved successfully HKU\S-1-5-21-3511887087-4107616233-696709613-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully ALSysIO => Unable to stop service. HKLM\System\CurrentControlSet\Services\ALSysIO => key removed successfully ALSysIO => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CF53677-BC7E-4D68-BC7B-AE60A84001ED} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF53677-BC7E-4D68-BC7B-AE60A84001ED} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{154D4630-EBCA-434C-B484-E88C46A7CE2D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{154D4630-EBCA-434C-B484-E88C46A7CE2D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3511887087-4107616233-696709613-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE86BB0-CEF7-4B9D-B8D1-3EF34360FA52} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209022DE-32F0-449B-A1BD-59BEE83E67B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209022DE-32F0-449B-A1BD-59BEE83E67B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24CBAAD4-1132-49EA-8534-5FACFA34D692} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24CBAAD4-1132-49EA-8534-5FACFA34D692} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DC58C7-89B0-48C9-8E9D-76C0E0E9BB78} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3733B79C-C3C2-4DCD-B84C-CE43AA66E705} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3733B79C-C3C2-4DCD-B84C-CE43AA66E705} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D0315BB-FFA1-4C76-B8AB-EB78FB687060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0315BB-FFA1-4C76-B8AB-EB78FB687060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DE0DE2E-BF45-4754-9022-0AD457BF66BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE0DE2E-BF45-4754-9022-0AD457BF66BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E75E1FF-3E7B-4793-8685-6CDC54CB12EE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ECDF658-7A02-4EA6-8D30-5593D1F760AE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ECDF658-7A02-4EA6-8D30-5593D1F760AE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{913BA7EB-F711-4767-9F05-BDF402A15ABB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{913BA7EB-F711-4767-9F05-BDF402A15ABB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DCDB99E-7F3C-46CE-837B-5A111929BDF6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DCDB99E-7F3C-46CE-837B-5A111929BDF6} => key removed successfully C:\WINDOWS\System32\Tasks\MotoGP => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MotoGP => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{482D36AD-CA7D-42E0-882B-0ACBFB372CB8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482D36AD-CA7D-42E0-882B-0ACBFB372CB8} => key removed successfully C:\WINDOWS\System32\Tasks\{150078D6-86FF-4591-A911-219B29645782} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{150078D6-86FF-4591-A911-219B29645782} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BECD48C-8E37-4F95-9514-5B849B522017} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BECD48C-8E37-4F95-9514-5B849B522017} => key removed successfully C:\WINDOWS\System32\Tasks\Formula 1 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Formula 1 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9A1E249-EC74-4C4A-93F5-77DED62D5311} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9A1E249-EC74-4C4A-93F5-77DED62D5311} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC05D346-893B-4F75-915D-2EF6516ECFE4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC05D346-893B-4F75-915D-2EF6516ECFE4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF276FB0-3B01-4DDA-B4DA-9F2A8D60F2A9} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE76D9D-095C-480C-B365-C1770CF97402} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE76D9D-095C-480C-B365-C1770CF97402} => key removed successfully C:\WINDOWS\System32\Tasks\Injury List Nba => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Injury List Nba => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9DB53C-7C0B-4FF1-B926-D11D5E8B1886} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E70A734-C15F-43DF-B571-8F1685D2F9D2}.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F05FB9AC-6425-4F5A-B7E3-BB2756DFB0DC} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E02B047-CCBB-4343-B3A0-7CFDFB42342D} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BF59883-6C68-464E-A071-F339DC2B25CC} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD155401-D57D-4179-A12A-99AD74B73980} => value not found. C:\Users\Claudio\AppData\Local\Temp\ALSysIO64.sys => moved successfully C:\Program Files\Reimage => moved successfully C:\rei => moved successfully C:\Windows\SECOH-QAD.exe => moved successfully "C:\Program Files\KMSpico\KMSELDI.exe" => not found. "C:\Program Files\KMSpico\AutoPico.exe" => not found. ========= ipconfig /flushdns ========= Configurazione IP di Windows Cache del resolver DNS svuotata. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8983627 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 58210686 B Edge => 891 B Chrome => 151552 B Firefox => 12298269 B Opera => 2296832 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Claudio => 58791935 B RecycleBin => 0 B EmptyTemp: => 134.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:11:25 ==== |
16-06-2017, 14:11 | #20 | |
Member
Iscritto dal: May 2010
Messaggi: 57
|
Quote:
|
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:05.