Spam aggressivo [Archivio] - Hardware Upgrade Forum

mazzazz

30-07-2018, 18:52

Salve da un paio di settimane mi si aprono pagine di spam su chrome (e su qualsiasi browser impostato come predefinito), l'utilizzo di antimalware e antispam che di solito mi hanno risolto il problema stavolta non hanno funzionato e il problema continua a persistere.
Tra l'altro mi è difficilissimo provare programmi di pulizia diversi perché ogni volta che cerco su un motore di ricerca frasi che contengono le parole malware o spam chrome si chiude istantaneamente così come quando riesco a scaricare fortunosamente i file di installazione l'exe crasha e l'installazione non parte mai.
A volte trovo anche il firewall disattivato e l'antivirus disattivato senza che io li tocchi, e le prestazioni del computer sono ai minimi storici.

Questo è il log di Hijackthis, ma per me è arabo e non ci ho capito nulla

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:52:59, on 30/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19081)

Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
C:\Program Files\DAEMON Tools Lite\DTAgent.exe
C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\Desktop\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [f.lux] "C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [utweb] "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8701 bytes

Come posso fare prima di lanciare il computer dalla finestra?

supremo.a

31-07-2018, 06:16

No.. io ripristinerei di brutto con un ripristino alle impostazioni di fabbrica (o distruttivo)

mazzazz

31-07-2018, 11:34

No.. io ripristinerei di brutto con un ripristino alle impostazioni di fabbrica (o distruttivo)

Dici che potrebbe funzionare? Prima del ripristino non c'è nient'altro che posso provare a fare? Come si fa il ripristino? E, soprattutto, i miei file in memoria vengono toccati nella procedura? Devo fare un backup?

Dan1979

31-07-2018, 12:28

Ciao

proviamo a vedere se cè qualche cosa che non va....
teniamo il ripristino o il format come ultima spiaggia...

Esegui le scansioni in ordine come scritte:

scansione con mbar scaricalo da qui:
https://it.malwarebytes.com/antirootkit/
elimina quello che trova e posta il log

Malwarebyte antimalware scaricalo da qui https://it.malwarebytes.com/
fai la scansione ed elimina cio che trova e posta il log generato

Scarica adwcleaner da qui https://www.bleepingcomputer.com/download/adwcleaner/
tasto dx sopra eseguibile avvia come amministratore e fai la scansione elimina quello che trova e posta il log

Poi scarica frst da qui https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
scarica la versione adatta al tuo sistemaoperativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

mazzazz

31-07-2018, 13:36

Nicodemo Timoteo Taddeo

31-07-2018, 13:56

Cosa stai aspettando a formattare e reinstallare da zero o ripristinare una immagine di backup delle partizioni di sistema fatta quando tutto era a posto?

Che parti qualche processo che si metta a criptare i tuoi file chiedendoti il riscatto in moneta per la chiave di decodifica?

Lasciate stare le scansioni e le disinfezioni, perdete più tempo che rifare tutto d'accapo, senza alcuna sicurezza di riuscire veramente a ripristinare e nel frattempo potete avere ancora più danni.

Mia opinione. sia chiaro. Tu fai pure come pensi sia giusto :)

mazzazz

31-07-2018, 14:09

Cosa stai aspettando a formattare e reinstallare da zero o ripristinare una immagine di backup delle partizioni di sistema fatta quando tutto era a posto?

è possibile ripristinare un'immagine di backup precedente anche se negli ultimi mesi non ho fatto un backup su disco esterno?

Dan1979

31-07-2018, 14:19

Prova a scaricare mbar e rinominalo in mbar.com....vedi se funge...

In alternativa fa cosi:
1. Scarica la versione 1.10.3.1001 di Malwarebytes Anti Rootkit (MBAR)
https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z
2. Eseguire il programma come amministratore.

Click ok per estrarre..
Se Mbar non funziona, scaricare la copia zip dell articolo ALL INIZIO e seguire le istruzioni. Quindi continua al passaggio 3.
https://support.malwarebytes.com/docs/DOC-1267
3. Dopo l'estrazione, dovrebbe iniziare MBAR.

Cliccare su next

4. Aggiorna lo strumento premendo il pulsante di aggiornamento UPDATE.

Dopo l'aggiornamento, cliccare su next.
5. Premi il pulsante di scansione. Per favore lascia che finisca la scansione. Questo rootkit potrebbe rallentare il tuo computer e MBAR potrebbe sembrare che si bloccherà ma continuerà a scansionare. Si prega di lascirlo lavorare.

Se la scansione fallisce provare a lasciare selezionato solo DRIVER e deselezionare SECTOR e SYSTEM….Poi riprovare la scansione….

Se si ottiene l errore dda driver was not installed....

Fare clic su Sì e il computer verrà riavviato.
Dopo il riavvio, la finestra di MBAR dovrebbe aprirsi automaticamente.
Nota: se il desktop è mancante / nero, non preoccuparti. Questo è normale e si prega di procedere con il seguito.
Fare clic su Avanti seguito da Avanti.

Fare click su scan

elimina cio che trova...
Ciao fa sapere...

NB: fa come vuoi, secondo me ripristinare da punti di ripristino interni al pc è un rischio con la probabilita che il malware li abbia infettati....
Altro discorso da un beckup esterno...pero se è stato effettuato quando il pc era gia infetto ti trascinerai dietro pure l infezione..
Se sei sicuro della bonta del beckup è un conto se no...vedi te

Ci mancherebbe altro sono mie opinioni personali...

Dan1979

31-07-2018, 14:41

Che parti qualche processo che si metta a criptare i tuoi file chiedendoti il riscatto in moneta per la chiave di decodifica?

Lasciate stare le scansioni e le disinfezioni, perdete più tempo che rifare tutto d'accapo, senza alcuna sicurezza di riuscire veramente a ripristinare e nel frattempo potete avere ancora più danni.

Se si fosse preso un ransomware ,il riscatto forse gia l avrebbe chiesto...
In piu i file erano gia criptati....

Perche lasciare stare le scansioni quando ci sono programmi appositamente creati per effettuare pulizie varie...???
Non capisco!!!

Mia opinione....ci mancherebbe

Forse concordo per il fatto dei tempi...
Con la formattazione o beckup (con i relativi rischi) è vero che che si fa prima, ma non è sempre vero...dipende da infezione a infezione e da quanto si è radicata in profondita al S.O (se è a livello kernel è complicato ma non impossibile sbarazzarsene,vedi rootkit livello kernel simil driver....)

Io tento quasi sempre, poi se vedo che non cavo un ragno dal buco dopo un po si che formatto tutto....

Ciao

mazzazz

31-07-2018, 15:15

Sono riuscito ad eseguire la scansione e a cleanare i due file sospetti trovati col file zip di mbar, ma non è cambiato nulla, continuo a non poter installare mbar o altri antimalware e se cerco la parola malware sugoogle o clicco su uno dei tuoi link mi si chiude chrome. :muro:

Nicodemo Timoteo Taddeo

31-07-2018, 15:15

è possibile ripristinare un'immagine di backup precedente anche se negli ultimi mesi non ho fatto un backup su disco esterno?

Se ce l'hai l'immagine di backup perché no? Chiaro che prima devi salvare i tuoi file perché col ripristino si perde tutto.

Nicodemo Timoteo Taddeo

31-07-2018, 15:24

Se si fosse preso un ransomware ,il riscatto forse gia l avrebbe chiesto...

Se se lo avesse preso prima sì, ma il malware può scaricarselo da se ora o successivamente, tranne ovviamente se scollega il PC da internet.

In piu i file erano gia criptati....

Non mi pare di averlo letto questo, e rileggendo quello che ha scritto continuo a non vederlo.

Perche lasciare stare le scansioni quando ci sono programmi appositamente creati per effettuare pulizie varie...???
Non capisco!!!

Perché la sicurezza di ripulire veramente il sistema gravemente compromesso, e questo lo è, non l'avrai mai e perché impieghi più tempo che a rifare tutto d'accapo. L'unico antidoto alla reinstallazione per me è il backup delle partizioni di sistema.

Sempre mie opinioni ed esperienze sia chiaro, ognuno faccia come gli pare. :)

ps. ha postato ieri sera alle 19, son passate quasi 24 ore ed è ancora punto e accapo, non so se mi spiego...

Dan1979

31-07-2018, 15:41

Ciao Nicodemo

I ransomware generalmente si prendono tramite allegati di posta ,tranne wannacry che sfruttato un exploit per intrufolarsi ....questo solo chi ha vista....
Questo per quanto ne so io....

Quel genere di sintomi sono dovuti in teoria da rootkit o trojan...è per quello che gli faccio eseguire un antirootkit...

Be ieri sera ha postato il problema....
Siccome penso che scriviamo qui per hobby e quando ceneè il tempo diciamo che siamo ancora nei tempi giusti ....
Correggimi se sbaglio...

Ripeto, se hai un beckup infetto tantovale non usarlo...
Allora meglio formattare....

Io proverei prima a bonificare....

Decisione che spetta l utente....

mazzazz

31-07-2018, 15:50

Ora ho provato a scansionare di nuovo e non ha trovato niente, ho anche riavviato il computer e niente sembra esser cambiato.

Nicodemo Timoteo Taddeo

31-07-2018, 15:57

Ciao Nicodemo

I ransomware generalmente si prendono tramite allegati di posta ,

Si prendono se viene scaricato ed eseguito un eseguibile o uno script che si mette a criptare quello per cui è programmato. Poi che lo si scarichi dalla posta elettronica o è altro malware a farlo per conto suo è indifferente. Il punto è che non hai nessuna certezza che ciò possa non avvenire finché hai un sistema infetto collegato ad internet. E sempre ammesso che non sia già avvenuto e non te ne sei ancora accorto, oppure che l'eseguibile sia stato già scaricato ed in attesa di essere eseguito in qualche modo.

tranne wannacry che sfruttato un exploit per intrufolarsi ....questo solo chi ha vista.

Non solo per Vista ma per tutti i sistemi Windows da XP in poi non aggiornati con le specifiche Patch, oppure non aggiornati di release come in Windows 10.

La cosa principale ripeto è che se hai un sistema infetto non puoi mettere la mano sul fuoco su nulla. Non sei più tu il "padrone" del computer, ma chi ha programmato quel malware. Quindi ci si può aspettare di tutto, e secondo me, tranne che non si tratti qualche fesseria facilmente eliminabile tipo quelli che agiscono solo sul browser, meglio rifare tutto d'accapo o richiamare un backup.

Meno sbattimento e più sicurezza e tranquillità.

Poi se uno vuole divertirsi a fare scansioni, controscansioni, verifiche, contro verifiche, proviamo questo e poi proviamo quello, vediamo che succede così ecc. ecc. ecc. faccia pure. Ci siam passati tutti, e ci siamo quelli che abbiamo capito che è innanzitutto una gran perdita di tempo. :D

mazzazz

31-07-2018, 16:54

Io vorrei provare a bonificare prima e in extremis formattare, se non funziona niente sarò costretto a farlo evidentemente ed ero già pronto all'evenienza ancor prima di scrivere il post nel forum. Cosa posso fare adesso visto che mbar sembra non aver risolto nulla?

Dan1979

31-07-2018, 17:07

Provalo in modalita provvisoria...poi vai avanti con il resto delle scansioni....

supremo.a

01-08-2018, 06:41

Dici che potrebbe funzionare? Prima del ripristino non c'è nient'altro che posso provare a fare? Come si fa il ripristino? E, soprattutto, i miei file in memoria vengono toccati nella procedura? Devo fare un backup?

1)Chiaramente un ripristino ti tipo distruttivo (o alle impostazioni di fabbrica) ti spiana completamente il disco rigido e te lo fa tornare a zero,cancellando tutto (compresi i tuoi files) e reinstallando da zero solo l'essenziale o,nel caso di un preassemblato anche i programmi,files etc.. che ti sei trovato appena acquistato il computer.
2)Il ripristino lo si può fare in tre modi:
-Se hai i dischi di ripristino li inserisci,spegni il computer e una volta acceso dovrebbe partirti l'utility per ripristinarlo. Qui stai attento a seguire la procedura per il ripristino alle impostazioni di fabbrica e non solo ripristino standard...
-Se hai la partizione di ripristino,appena acceso il computer devi schiacciare ripetutamente il tasto che serve ad accedere alla partizione e quindi all'utility per il ripristino. Per il resto la procedura è come quella con i dischi.
-Se non hai ne dischi di ripristino ne partizione devi installare il sistema operativo tramite installazione pulita. Quindi devi reperire l'immagine del sistema operativo (o il CD) e fare una installazione pulita con formattazione dell'unità. Nel caso tu abbia Windows 10 la Microsoft mette a disposizione un tool sul sito in cui puoi scaricarti l'immagine di Windows 10 o su CD o su Pen Drive.
Queste,per lo meno,sono le procedure più diffuse o che io conosco meglio.

Per tutte queste modalità di ripristino descritte devi salvarti su un supporto tutto ciò che vuoi salvare e non vuoi perdere.

IMPORTANTE che tu sappia il codice product key prima di proseguire con una installazione pulita,altrimenti rischi di perderlo a vita se non ce l'hai da qualche parte e di dover comprare un nuovo sistema operativo.

mazzazz

01-08-2018, 10:55

Provalo in modalita provvisoria...poi vai avanti con il resto delle scansioni....

Sono riuscito a fare tutto ma solo in modalità provvisoria.

Questo è il log di Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 01/08/18
Ora scansione: 10:28
File di log: e3d149ff-9564-11e8-9283-1c7508451efc.json
Amministratore: Sì

-Informazioni software-
Versione: 3.5.1.2522
Versione componenti: 1.0.391
Aggiorna versione pacchetto: 1.0.6151
Licenza: Free

-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x86
File system: NTFS
Utente: pc\Pietro

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 181592
Minacce rilevate: 10
Minacce messe in quarantena: 10
Tempo impiegato: 7 min, 2 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 10
PUP.Optional.Reimage, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES, Sostituito, [1367], [541062],1.0.6151
PUP.Optional.MyStart, C:\PROGRAM FILES\PANDASECURITYTB\TOOLBARCLEANER.EXE, In quarantena, [227], [455885],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sostituito, [101], [455248],1.0.6151
PUP.Optional.Iminent, C:\USERS\PIETRO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sostituito, [101], [455248],1.0.6151

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)

(end)

Questo è il log di Adwcleaner:

# AdwCleaner 7.0.7.0 - Logfile created on Wed Aug 01 08:53:32 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 2018-07-25.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Panda, panda_url_filtering

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files\pandasecuritytb
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\pandasecuritytb
PUP.Optional.Legacy, C:\Users\Pietro\AppData\LocalLow\pandasecuritytb
PUP.Optional.Solvusoft, C:\Users\Pietro\AppData\Roaming\WinThruster
PUP.Optional.Panda, C:\Program Files\Panda Security URL Filtering

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {72E0B1DE-7B7C-489A-AAEA-69AA892A96EE}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {72E0B1DE-7B7C-489A-AAEA-69AA892A96EE}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8B308A8C-B706-45F4-AF10-5C30818A67F0}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8B308A8C-B706-45F4-AF10-5C30818A67F0}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {96178B12-D8F2-4ADD-8F6D-723F74F76C14}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DC484EAF-7CC8-4570-BD55-E8DABDD73331}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D1F038C-E479-4A4B-85E3-29385B899DF9}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D1F038C-E479-4A4B-85E3-29385B899DF9}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83F79830-6962-4EC7-96F0-5B454CCB9A10}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83F79830-6962-4EC7-96F0-5B454CCB9A10}
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Questo il log di frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Pietro (administrator) on PC (01-08-2018 11:45:07)
Running from C:\Users\Pietro\Desktop
Loaded Profiles: Pietro (Available Profiles: Pietro)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PAV3WSC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [f.lux] => C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [utweb] => C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe [5179064 2018-03-29] (BitTorrent Inc.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [Spotify Web Helper] => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-07-22] (Spotify Ltd)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C11EF9E9-8CE1-4917-AA25-844B5D1D3F5F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ECC88173-E57E-4622-A400-1B9EE911E625}: [DhcpNameServer] 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default [2018-08-01]
CHR Extension: (Presentazioni) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documenti) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03]
CHR Extension: (Giovanni Ficarra) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicbnmkiaocihaoagfeccdlbhjegpbpp [2017-08-03]
CHR Extension: (YouTube) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03]
CHR Extension: (Adblock Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-19]
CHR Extension: (Fogli) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03]
CHR Extension: (Google Documenti offline) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-04]
CHR Extension: (AdBlock) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27]
CHR Extension: (Google Maps) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-08-03]
CHR Extension: (StudentiAristofane) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljalkpjbjhgagkobdehjlmpbnbgdbm [2017-08-03]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03]
CHR Extension: (Gmail) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-03]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-26] (Panda Security, S.L.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [98304 2013-04-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2017-08-03] (ATI Technologies, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2017-08-15] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2018-07-07] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2018-07-07] (Disc Soft Ltd)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2017-08-15] ()
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-01] (Malwarebytes)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [98624 2017-02-08] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [210984 2016-06-29] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119760 2017-02-08] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [134368 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [67352 2016-06-30] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114536 2016-06-29] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [75048 2017-02-08] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [129224 2016-06-29] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [315904 2016-06-29] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [232536 2017-02-08] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116224 2016-06-29] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261064 2016-07-01] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109904 2016-06-29] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [152336 2017-02-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [112400 2017-02-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2017-02-20] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2017-02-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2017-02-12] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2017-02-12] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 11:45 - 2018-08-01 11:46 - 000012360 _____ C:\Users\Pietro\Desktop\FRST.txt
2018-08-01 11:44 - 2016-08-08 11:00 - 000058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-08-01 10:53 - 2018-08-01 10:53 - 000003025 _____ C:\Users\Pietro\Desktop\AdwCleaner[S0].txt
2018-08-01 10:25 - 2018-08-01 11:44 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-31 21:06 - 2018-08-01 11:45 - 000000000 ____D C:\FRST
2018-07-31 21:05 - 2018-07-31 21:05 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-31 21:05 - 2018-07-31 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-31 21:04 - 2018-07-31 22:14 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-07-31 21:04 - 2018-07-31 21:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-31 20:46 - 2018-07-31 20:46 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\1655554A.sys
2018-07-31 20:43 - 2018-07-31 20:43 - 001773056 ____N (Farbar) C:\Users\Pietro\Desktop\FRST.exe
2018-07-31 20:34 - 2018-08-01 11:44 - 000445258 _____ C:\Windows\ntbtlog.txt
2018-07-31 18:29 - 2018-07-31 18:29 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\5272E707.sys
2018-07-31 16:17 - 2018-07-31 16:17 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\4C6306E4.sys
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-31 15:41 - 2018-07-31 20:46 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-07-31 15:41 - 2018-07-31 15:41 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6751C2EE.sys
2018-07-30 14:50 - 2018-07-30 14:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pietro\Desktop\HijackThis.exe
2018-07-30 12:29 - 2018-08-01 10:59 - 000000000 ____D C:\AdwCleaner
2018-07-30 12:29 - 2018-07-27 11:21 - 008206624 ____N (Malwarebytes) C:\Users\Pietro\Desktop\adwcleaner-7-0-7-0.exe
2018-07-23 11:12 - 2018-07-23 11:13 - 000028657 _____ C:\Users\Pietro\Desktop\modulo_disdetta_contratto_affitto.pdf
2018-07-20 15:57 - 2018-07-20 15:57 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-20 15:57 - 2018-07-20 15:57 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-17 19:24 - 2018-07-17 19:24 - 000000000 ____D C:\Users\Pietro\Documents\telecamera
2018-07-14 00:37 - 2018-07-14 00:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 23:54 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 23:54 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 23:54 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 23:54 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 23:54 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 23:54 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 23:54 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 23:54 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 23:54 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 23:54 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 23:54 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 23:54 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 23:54 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 23:54 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 23:54 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 23:54 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 23:54 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 23:54 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 23:54 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 23:54 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 23:54 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 23:54 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 23:54 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 23:54 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 23:53 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 23:53 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 23:53 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 23:53 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 23:53 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 23:53 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 23:53 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 23:53 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 23:53 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 23:53 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 23:53 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 23:53 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 23:53 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 23:53 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 23:53 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 23:53 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 23:53 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 23:53 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 23:53 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 23:53 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 23:53 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 23:53 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 23:53 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 23:53 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 23:53 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 23:53 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 23:52 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 23:52 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 23:52 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-08 12:25 - 2018-07-08 12:25 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\SUPERAntiSpyware.com
2018-07-08 12:24 - 2018-07-08 12:24 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-07-07 19:18 - 2018-07-07 19:18 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Steam
2018-07-07 19:10 - 2018-07-07 19:10 - 000001893 _____ C:\Users\Public\Desktop\Total War Attila.lnk
2018-07-07 18:39 - 2018-07-07 20:25 - 000000000 ____D C:\Program Files\Total War Attila
2018-07-07 18:35 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-07-07 18:34 - 2018-07-07 18:35 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-07-07 18:33 - 2018-07-07 18:36 - 000000000 ____D C:\Users\Pietro\AppData\Local\Disc_Soft_Ltd
2018-07-07 18:33 - 2018-07-07 18:33 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-07-07 18:31 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\DAEMON Tools Lite
2018-07-07 18:31 - 2018-07-07 18:33 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-07-07 18:30 - 2018-07-07 18:30 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-07-07 17:24 - 2018-07-07 18:02 - 000000000 ____D C:\Users\Pietro\Downloads\Total.War.Attila.RePack.by.Valdeni
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 11:41 - 2018-04-22 17:43 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\uTorrent Web
2018-08-01 11:06 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-01 11:06 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-01 10:57 - 2017-08-03 00:11 - 000000000 ____D C:\Program Files\KMSpico
2018-08-01 10:56 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-31 21:04 - 2015-01-28 01:02 - 000000000 ____D C:\Users\Pietro\Desktop\mbar
2018-07-31 20:39 - 2017-11-12 01:31 - 000000000 ____D C:\Users\Pietro\AppData\Local\ElevatedDiagnostics
2018-07-31 16:06 - 2017-08-15 16:54 - 000000000 ____D C:\Program Files\Steam
2018-07-30 20:46 - 2018-03-12 21:15 - 000000000 ____D C:\Users\Pietro\Desktop\ricordati che ogni tanto sei anche un cazzo di scrittore
2018-07-30 14:51 - 2017-08-03 18:21 - 000000000 ____D C:\Users\Pietro\AppData\Local\Spotify
2018-07-30 14:39 - 2017-08-03 18:20 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Spotify
2018-07-29 02:26 - 2017-08-16 09:19 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-24 12:09 - 2011-01-15 13:50 - 001644010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-24 12:09 - 2009-07-14 10:21 - 000744404 _____ C:\Windows\system32\perfh010.dat
2018-07-24 12:09 - 2009-07-14 10:21 - 000148734 _____ C:\Windows\system32\perfc010.dat
2018-07-24 12:08 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-07-20 15:56 - 2017-08-03 16:44 - 000000000 ____D C:\Program Files\Google
2018-07-20 15:54 - 2017-08-03 16:43 - 000000000 ____D C:\Users\Pietro\AppData\Local\Deployment
2018-07-17 00:02 - 2011-01-15 14:00 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-16 01:57 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-07-14 19:38 - 2017-10-19 19:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-14 19:21 - 2009-07-14 06:33 - 000464392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-14 19:17 - 2017-08-16 04:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-14 00:53 - 2017-08-02 23:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-07-14 00:34 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-11 19:02 - 2017-09-13 20:58 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-11 19:02 - 2017-08-16 09:19 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 18:10 - 2017-09-19 17:46 - 000002078 _____ C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-07 19:18 - 2017-08-16 09:19 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\The Creative Assembly
2018-07-07 14:33 - 2017-11-12 21:49 - 000000000 ____D C:\Users\Pietro\AppData\Local\Ubisoft Game Launcher
2018-07-07 14:31 - 2017-08-03 08:28 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-07-07 13:52 - 2017-08-15 16:50 - 000000000 ____D C:\Windows\system32\appmgmt
2018-07-06 13:32 - 2017-08-02 23:44 - 000000000 ____D C:\Users\Pietro
2018-07-06 13:12 - 2018-05-07 14:41 - 000000000 ____D C:\Users\Pietro\Documents\il gioco
2018-07-06 13:12 - 2017-12-05 15:20 - 000000000 ____D C:\Users\Pietro\Desktop\Cenerentola
2018-07-05 13:23 - 2009-07-14 04:04 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe
2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp
2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini

Some files in TEMP:
====================
2012-10-01 12:22 - 2012-10-01 12:22 - 000150648 ____R (Microsoft Corporation) C:\Users\Pietro\AppData\Local\Temp\ose00000.exe
2017-08-03 08:48 - 2017-08-03 08:50 - 062220008 _____ () C:\Users\Pietro\AppData\Local\Temp\{5D7B7A09-D066-467F-8179-FD7ECE607679}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-27 12:30

==================== End of FRST.txt ============================

Nonostante abbia cleanato i risultati di malwarebytes ed adwcleaner la situazione non è cambiata rispetto a prima, tr l'altro stranamente molti di questi file infetti sembrano provenire da PANDA che sarebbe il mio antivirus (????). Ci si cava un ragno dal buco?

Dan1979

01-08-2018, 13:37

Allora disinstalla panda antivirus, lo reinstalleremo alla fine....

Pulisci con ccleaner sia sistema che registro..

Poi ,esegui una scansione con roguekiller...
Scaricalo da qui...
http://www.adlice.com/download/roguekiller/
Segui questa guida per usare il programma
http://it.ccm.net/faq/3204-come-usare
Cancella solo le voci di colore rosso...
Posta il.report

Ripeti una scansione con frst facendo attenzione a spuntare addition....posta i nuovi log frst.txt e addition.txt

Fai attenzione a non sbagliarti con i vecchi log..
Mi raccomando pista anche addition.txt l altra volta non lo hai postato....

mazzazz

01-08-2018, 14:25

Mi raccomando pista anche addition.txt l altra volta non lo hai postato....

eccolo

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Pietro (01-08-2018 11:46:44)
Running from C:\Users\Pietro\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-08-02 21:19:48)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3475549784-737223174-1249760543-500 - Administrator - Disabled)
Guest (S-1-5-21-3475549784-737223174-1249760543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3475549784-737223174-1249760543-1003 - Limited - Enabled)
Pietro (S-1-5-21-3475549784-737223174-1249760543-1000 - Administrator - Enabled) => C:\Users\Pietro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{AC904169-4386-A9F9-AC00-67D5C42133BF}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM\...\{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}) (Version: 2010.1028.1114.18274 - Nome società) Hidden
f.lux (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - )
League of Legends (HKLM\...\{1976A709-EC16-419D-85D4-52FE64A3A5C7}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacchetto driver Windows - Broadcom (BCM43XX) Net (09/04/2014 6.34.223.5) (HKLM\...\2A31EA3D7C17F73EDC1C5275544C8B1D34746852) (Version: 09/04/2014 6.34.223.5 - Broadcom)
Pacchetto driver Windows - Broadcom (k57nd60x) Net (10/30/2013 15.6.0.14) (HKLM\...\D044F015E956FC855111BB167FC036B8BFCBB620) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Pacchetto driver Windows - Broadcom (k57w2k) Net (11/24/2011 14.8.0.6) (HKLM\...\6B2DB2AB78900DF8904260899A8081C43DAEDD3A) (Version: 11/24/2011 14.8.0.6 - Broadcom)
Panda Devices Agent (HKLM\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{2DE1F55B-B8FC-4ACF-8EB2-A38056C8E476}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype versione 8.17 (HKLM\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Spotify) (Version: 1.0.85.259.g4ab01679 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Total War Attila (HKLM\...\Total War Attila_is1) (Version: 1.6 - RePack by Valdeni)
Uplay (HKLM\...\Uplay) (Version: 4.3 - Ubisoft)
uTorrent Web (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\utweb) (Version: 0.15.0 - BitTorrent, Inc.)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-10-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A12AAA6-08D3-4502-9F76-734579CB9F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35DE8FCE-5991-4F86-9677-9A68D72B0E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35E77E7F-AAC8-4425-BB95-6AB7D2720B09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {590D3233-9A2A-414B-83C4-DE6574211224} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {76313147-2D04-4785-BE9F-298335A1A7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {86C57075-EB8A-46C1-8863-2AF2D31AB737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {95660FD3-95AE-4F02-A987-83E395F12F7F} - System32\Tasks\{7FAC327B-162B-3D63-117E-5A1DCCA56CC9} => C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe [2009-07-14] (Microsoft Corporation)
Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)
Task: {C80FC050-04CA-4430-B0B8-B6DC5EE45264} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {D8CB692F-A750-4556-A51B-82468351E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {FF7FB4FD-7E43-43BB-A93D-A940BC52A578} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {FFD2495D-6E4B-4D03-B6B0-6D36923EB299} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-07-31 21:04 - 2018-07-31 22:14 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-12-15 19:17 - 2015-12-15 19:17 - 000618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Pietro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6BABEEEB-78C4-4285-981D-DBD80DD7598B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AD892B7E-7293-46C5-BFF0-35DE1DF09D2C}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF89BE03-48A1-4719-85CF-66DA42718527}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2216C13B-D064-4C8E-80D3-941602FD363C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E38F1CA-2AAA-4442-A9D8-3147A7FDDFE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12481DF3-1CE6-4F2A-83BC-83B4A40CDF52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0E43F-C147-4B69-9944-14BA90D1B746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D893CBB8-B39D-4958-9AA6-314C867D1FE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{07D30D75-64E3-4FBC-9D15-59AE3874A30C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F303B6D-C51B-4210-9E7E-284B4A3BECC3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{96C3DE76-140C-400C-9F3F-4114C3A7D50F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8F7D49EF-F962-42C8-B0A3-06AF7B1205E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7688AEF3-7391-417A-8829-C4635E9B5D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9E6EEEEE-BBC5-4346-BE74-CA9A7500BF7B}] => (Allow) C:\Program Files\Ubisoft\The Settlers® - La Nascita di un Impero\base\bin\Settlers6.exe
FirewallRules: [{34FCC8D6-62F6-4FC5-9639-425D207BAE08}] => (Allow) C:\Program Files\Ubisoft\The Settlers® - La Nascita di un Impero\base\bin\Settlers6.exe
FirewallRules: [{8F6D752B-76F1-45B0-8D41-4B3B063B8469}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{78CA0936-98B1-4233-AB94-99D96F47B20E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9FF35AD0-8A75-43CD-8829-46EA28BB2CA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30A3A1F4-0D6F-4716-9C46-7E9A5EA99A36}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{576DDD19-0100-443C-97C0-A12468F812DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3B0617D-2860-45B3-BE54-C156FC9C9630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{E63C56DD-E86B-41EC-8B7D-9C5C26384889}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F191430D-6395-4B3A-BEF5-611A00B26DD5}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{B823B103-5F9F-47C4-B68A-2B15DDA44A6E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DFF16248-3A3D-4846-A329-3453B8BDD65A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [TCP Query User{62A9A113-6C2F-4D5C-9EA9-30AB91EFC31D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8544A09D-D373-4AD0-956D-79A48374C9F1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C54D4062-75AE-4E1C-8FFF-2DF5ABA6764A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{BE38033B-A815-4CE5-AFBB-B89886E979F3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D9494E16-BE71-4637-9B11-94933BBED86D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{13A67061-957E-4764-AF2C-1C3852A80E99}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2E588985-D6CC-425F-8087-F3A16B3E19E7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E769C33C-F022-43D1-A202-6347569C65D7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{59C10FBF-E7F8-4B03-B4C0-62F4851CF127}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [{8518049A-2EF5-467F-96CB-6D43546D337F}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [TCP Query User{76746DF5-E389-4621-877C-65BB7C8E8926}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [UDP Query User{ED20944B-297E-4082-9763-1F48D090658C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F19525F0-C933-407D-9E05-338B555312A0}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [UDP Query User{D113A0C8-7A4D-4656-8BB5-0AFBF23CD20F}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [TCP Query User{D8C549D6-4A93-4F5B-97F5-2FBA0E312AAB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [UDP Query User{72BBB8FF-3117-4290-8346-2E2E295C0215}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D5B01D37-F316-4601-A6AF-B9E9B97209A7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [UDP Query User{62BD642B-9AD0-4389-A3C8-EE8F6C7FE009}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4256DBCD-8697-459A-AC6C-41013F152381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7CB1666C-16A4-4759-9966-63BD69AD5D5A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DD3C8712-59F6-47FA-AA06-6E783056216C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C32D8B7F-96EC-4E35-95A8-8A793BD64E5F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D8E35D08-C494-4FF0-B2E5-507657DD2C1D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [UDP Query User{11EBA21A-049D-487A-BAA1-9EE705FBFA3A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4F0BCF5D-CCD2-4D60-AE3C-37BC217BAEE9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [UDP Query User{74FAF3A2-5CF8-46C1-8F59-AC0C9CF07A3C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E15D168C-CC26-4A32-B51C-886EEE20DEAC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{AC18287C-1E1C-4B23-9623-1C83D04AA911}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F31765C3-3B93-4CD5-84E9-2082843F765D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{92F53BF5-A26D-4A69-BB06-10ED900AE675}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{89A1BD2E-622B-46B1-9955-59AA1D8703F3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{31F1A673-7365-444F-A69A-F64C81F5955B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{D64193AB-885F-42A1-9453-3E9F365C527E}] => (Allow) C:\Windows\system32\msiexec.exe
FirewallRules: [{1CB41579-D0E1-4DB6-8427-26CE5A8EBB49}] => (Allow) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
FirewallRules: [{E6F50F18-9172-4A83-BCF0-86E9E2E86741}] => (Allow) C:\Windows\baez.exe
FirewallRules: [TCP Query User{781951F3-CE59-48DE-92E1-8EDEBD90137C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{5D5B2897-5457-4179-8CE4-7132EA75DE9C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{A2C52868-EA32-4B97-B0DD-5D31242A5A29}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{AE748AF5-E878-4AE3-BD5C-01F101B8DF55}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{89927C6F-8F0B-4CA8-9CAB-2C6338065E78}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A0FA92B3-566B-4543-84F7-A40129B0D248}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [{260AFA4C-596B-4FDB-BD17-1CDBB3AF1681}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A6377F03-DFA9-41DA-9AFF-F6920ECBDC95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E4AD3274-34EA-40C1-82F4-1F821ED2750A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [{DF2DC5E4-6F46-493A-AF26-7CD14D565001}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{88AB60CC-7C60-4F36-A126-997E0ECB1B66}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{38CE9F11-2265-4102-AEE6-EA9B8F66FF6E}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{F53AAADD-9D0B-4F0C-9525-06D95B5403DA}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{9E0B0D69-E370-459B-AB16-C9B73CADEE86}] => (Allow) C:\Windows\system32\tracert.exe

==================== Restore Points =========================

26-07-2018 13:35:08 Punto di controllo pianificato
26-07-2018 13:46:27 Windows Update
30-07-2018 01:34:35 Windows Update
31-07-2018 16:05:47 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Scheda Microsoft Teredo Tunneling
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3136

Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3136

Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2091

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2091

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2018 11:08:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/01/2018 11:08:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

System errors:
=============
Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:44:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Provider Gruppo Home dipende dal servizio Host provider di individuazione funzioni che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:44:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio WSearch con gli argomenti "" per eseguire il server
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/01/2018 11:44:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio WSearch con gli argomenti "" per eseguire il server
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/01/2018 11:44:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/01/2018 11:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Windows Defender:
===================================
Date: 2018-07-07 12:43:44.659
Description:
%1: il modulo è stato terminato a causa di un errore imprevisto.
Tipo errore:%5
Codice eccezione:%6
Risorsa:%3

Date: 2018-07-04 13:12:49.000
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:1.271.442.0
Versione firma precedente:1.269.1075.0
Origine aggiornamento:Utente
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2018-07-04 13:12:48.999
Description:
Windows Defender: errore durante il tentativo di aggiornare il modulo.
Nuova versione modulo:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Origine aggiornamento:Utente
Utente:NT AUTHORITY\SYSTEM
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===================================

Date: 2017-08-11 17:01:56.897
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.836
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.753
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.635
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.626
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.617
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.181
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.173
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II N830 Triple-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 3578.9 MB
Available physical RAM: 2585.5 MB
Total Virtual: 7156.15 MB
Available Virtual: 6217.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:43.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Shogun2 Disc 1) (CDROM) (Total:6.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 4455FAFA)
Partition 1: (Active) - (Size=232.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

ora eseguo con ccleaner

mazzazz

01-08-2018, 16:14

Ho pulito tutto con ccleaner, poi ho eliminato due file seganti in rosso con roguekiller sebbene ce ne siano molti altri gialli.

Ecco il log di roguekiller:

RogueKiller V12.12.29.0 [Jul 30 2018] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniziato in : Modalità Sicura e connessione
Utente : Pietro [Amministratore]
Iniziato da : C:\Program Files\RogueKiller\RogueKiller.exe
Modalità : Scansione -- Data : 08/01/2018 16:13:47 (Durata : 00:28:48)

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 13 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Trovato
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[Suspicious.Path] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [7] -> Trovato
[PUP.HackTool|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato
[PUP.HackTool|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 2 ¤¤¤
[PUP.HackTool][Cartella] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Trovato
[PUP.HackTool][Cartella] C:\Program Files\KMSpico -> Trovato

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000035f]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] 09a04c6d1f22ff2f2dfb29351f5caee1
80a38fed0ab809015c13cee96c71d3db : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 237923 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[B]Il log di FRST (che continua a non trovare nulla di sospetto):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Pietro (administrator) on PC (01-08-2018 16:54:43)
Running from C:\Users\Pietro\Desktop
Loaded Profiles: Pietro (Available Profiles: Pietro)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [f.lux] => C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [utweb] => C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe [5179064 2018-03-29] (BitTorrent Inc.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [Spotify Web Helper] => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-07-22] (Spotify Ltd)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C11EF9E9-8CE1-4917-AA25-844B5D1D3F5F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ECC88173-E57E-4622-A400-1B9EE911E625}: [DhcpNameServer] 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default [2018-08-01]
CHR Extension: (Presentazioni) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documenti) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03]
CHR Extension: (Giovanni Ficarra) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicbnmkiaocihaoagfeccdlbhjegpbpp [2017-08-03]
CHR Extension: (YouTube) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03]
CHR Extension: (Adblock Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-19]
CHR Extension: (Fogli) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03]
CHR Extension: (Google Documenti offline) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-04]
CHR Extension: (AdBlock) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27]
CHR Extension: (Google Maps) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-08-03]
CHR Extension: (StudentiAristofane) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljalkpjbjhgagkobdehjlmpbnbgdbm [2017-08-03]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03]
CHR Extension: (Gmail) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-01]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2017-11-16] (The OpenVPN Project)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2017-08-03] (ATI Technologies, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2017-08-15] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2018-07-07] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2018-07-07] (Disc Soft Ltd)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2017-08-15] ()
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-01] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-08-01] ()
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 16:54 - 2018-08-01 16:56 - 000009750 _____ C:\Users\Pietro\Desktop\FRST.txt
2018-08-01 16:52 - 2018-08-01 16:52 - 000008072 _____ C:\Users\Pietro\Desktop\roguekille lol.txt
2018-08-01 16:13 - 2018-08-01 16:13 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-01 16:13 - 2018-08-01 16:13 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-01 16:12 - 2018-08-01 16:13 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-01 16:12 - 2018-08-01 16:11 - 036746192 _____ (Adlice Software ) C:\Users\Pietro\Desktop\RogueKiller_setup.exe
2018-08-01 16:11 - 2018-08-01 16:12 - 036716074 _____ C:\Users\Pietro\Desktop\bau.zip
2018-08-01 16:06 - 2018-08-01 16:20 - 000000320 _____ C:\Windows\ntbtlog.txt
2018-08-01 16:01 - 2018-08-01 16:01 - 000112040 _____ C:\Users\Pietro\Desktop\cc_20180801_160103.reg
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-01 15:54 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\CCleaner
2018-08-01 15:54 - 2018-08-01 15:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-01 15:54 - 2018-08-01 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-01 10:25 - 2018-08-01 15:58 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-31 21:06 - 2018-08-01 16:54 - 000000000 ____D C:\FRST
2018-07-31 21:05 - 2018-07-31 21:05 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-31 21:05 - 2018-07-31 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-31 21:04 - 2018-07-31 22:14 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-07-31 21:04 - 2018-07-31 21:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-31 20:46 - 2018-07-31 20:46 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\1655554A.sys
2018-07-31 20:43 - 2018-07-31 20:43 - 001773056 ____N (Farbar) C:\Users\Pietro\Desktop\FRST.exe
2018-07-31 18:29 - 2018-07-31 18:29 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\5272E707.sys
2018-07-31 16:17 - 2018-07-31 16:17 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\4C6306E4.sys
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-31 15:41 - 2018-07-31 20:46 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-07-31 15:41 - 2018-07-31 15:41 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6751C2EE.sys
2018-07-30 14:50 - 2018-07-30 14:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pietro\Desktop\HijackThis.exe
2018-07-30 12:29 - 2018-08-01 10:59 - 000000000 ____D C:\AdwCleaner
2018-07-30 12:29 - 2018-07-27 11:21 - 008206624 ____N (Malwarebytes) C:\Users\Pietro\Desktop\adwcleaner-7-0-7-0.exe
2018-07-23 11:12 - 2018-07-23 11:13 - 000028657 _____ C:\Users\Pietro\Desktop\modulo_disdetta_contratto_affitto.pdf
2018-07-20 15:57 - 2018-07-20 15:57 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-20 15:57 - 2018-07-20 15:57 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-17 19:24 - 2018-07-17 19:24 - 000000000 ____D C:\Users\Pietro\Documents\telecamera
2018-07-14 00:37 - 2018-07-14 00:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 23:54 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 23:54 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 23:54 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 23:54 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 23:54 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 23:54 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 23:54 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 23:54 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 23:54 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 23:54 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 23:54 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 23:54 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 23:54 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 23:54 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 23:54 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 23:54 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 23:54 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 23:54 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 23:54 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 23:54 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 23:54 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 23:54 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 23:54 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 23:54 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 23:53 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 23:53 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 23:53 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 23:53 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 23:53 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 23:53 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 23:53 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 23:53 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 23:53 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 23:53 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 23:53 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 23:53 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 23:53 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 23:53 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 23:53 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 23:53 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 23:53 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 23:53 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 23:53 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 23:53 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 23:53 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 23:53 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 23:53 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 23:53 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 23:53 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 23:53 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 23:52 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 23:52 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 23:52 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-08 12:25 - 2018-07-08 12:25 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\SUPERAntiSpyware.com
2018-07-08 12:24 - 2018-07-08 12:24 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-07-07 19:18 - 2018-07-07 19:18 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Steam
2018-07-07 19:10 - 2018-07-07 19:10 - 000001893 _____ C:\Users\Public\Desktop\Total War Attila.lnk
2018-07-07 18:39 - 2018-07-07 20:25 - 000000000 ____D C:\Program Files\Total War Attila
2018-07-07 18:35 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-07-07 18:34 - 2018-07-07 18:35 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-07-07 18:33 - 2018-07-07 18:36 - 000000000 ____D C:\Users\Pietro\AppData\Local\Disc_Soft_Ltd
2018-07-07 18:33 - 2018-07-07 18:33 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-07-07 18:31 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\DAEMON Tools Lite
2018-07-07 18:31 - 2018-07-07 18:33 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-07-07 18:30 - 2018-07-07 18:30 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-07-07 17:24 - 2018-07-07 18:02 - 000000000 ____D C:\Users\Pietro\Downloads\Total.War.Attila.RePack.by.Valdeni
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 16:03 - 2017-08-15 16:54 - 000000000 ____D C:\Program Files\Steam
2018-08-01 16:03 - 2011-01-15 13:33 - 000000000 ____D C:\Windows\Panther
2018-08-01 16:03 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-01 15:54 - 2017-11-10 18:40 - 000000000 ____D C:\Users\Pietro\Desktop\Foto
2018-08-01 15:53 - 2018-04-22 17:43 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\uTorrent Web
2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security
2018-08-01 15:52 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-01 15:51 - 2009-07-14 06:33 - 000464392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security
2018-07-31 21:04 - 2015-01-28 01:02 - 000000000 ____D C:\Users\Pietro\Desktop\mbar
2018-07-30 20:46 - 2018-03-12 21:15 - 000000000 ____D C:\Users\Pietro\Desktop\ricordati che ogni tanto sei anche un cazzo di scrittore
2018-07-30 14:51 - 2017-08-03 18:21 - 000000000 ____D C:\Users\Pietro\AppData\Local\Spotify
2018-07-30 14:39 - 2017-08-03 18:20 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Spotify
2018-07-29 02:26 - 2017-08-16 09:19 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-24 12:09 - 2011-01-15 13:50 - 001644010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-24 12:09 - 2009-07-14 10:21 - 000744404 _____ C:\Windows\system32\perfh010.dat
2018-07-24 12:09 - 2009-07-14 10:21 - 000148734 _____ C:\Windows\system32\perfc010.dat
2018-07-20 15:56 - 2017-08-03 16:44 - 000000000 ____D C:\Program Files\Google
2018-07-20 15:54 - 2017-08-03 16:43 - 000000000 ____D C:\Users\Pietro\AppData\Local\Deployment
2018-07-17 00:02 - 2011-01-15 14:00 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-16 01:57 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-07-14 19:38 - 2017-10-19 19:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-14 19:17 - 2017-08-16 04:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-14 00:53 - 2017-08-02 23:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-07-14 00:34 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-11 19:02 - 2017-09-13 20:58 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-11 19:02 - 2017-08-16 09:19 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 18:10 - 2017-09-19 17:46 - 000002078 _____ C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-07 19:18 - 2017-08-16 09:19 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\The Creative Assembly
2018-07-07 14:33 - 2017-11-12 21:49 - 000000000 ____D C:\Users\Pietro\AppData\Local\Ubisoft Game Launcher
2018-07-07 14:31 - 2017-08-03 08:28 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-07-07 13:52 - 2017-08-15 16:50 - 000000000 ____D C:\Windows\system32\appmgmt
2018-07-06 13:32 - 2017-08-02 23:44 - 000000000 ____D C:\Users\Pietro
2018-07-06 13:12 - 2018-05-07 14:41 - 000000000 ____D C:\Users\Pietro\Documents\il gioco
2018-07-06 13:12 - 2017-12-05 15:20 - 000000000 ____D C:\Users\Pietro\Desktop\Cenerentola
2018-07-05 13:23 - 2009-07-14 04:04 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe
2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp
2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini

Some files in TEMP:
====================
2018-08-01 16:13 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Users\Pietro\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-27 12:30

==================== End of FRST.txt ============================

E l'additiondi FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Pietro (01-08-2018 16:56:26)
Running from C:\Users\Pietro\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-08-02 21:19:48)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3475549784-737223174-1249760543-500 - Administrator - Disabled)
Guest (S-1-5-21-3475549784-737223174-1249760543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3475549784-737223174-1249760543-1003 - Limited - Enabled)
Pietro (S-1-5-21-3475549784-737223174-1249760543-1000 - Administrator - Enabled) => C:\Users\Pietro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{AC904169-4386-A9F9-AC00-67D5C42133BF}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM\...\{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}) (Version: 2010.1028.1114.18274 - Nome società) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
f.lux (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - )
League of Legends (HKLM\...\{1976A709-EC16-419D-85D4-52FE64A3A5C7}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacchetto driver Windows - Broadcom (BCM43XX) Net (09/04/2014 6.34.223.5) (HKLM\...\2A31EA3D7C17F73EDC1C5275544C8B1D34746852) (Version: 09/04/2014 6.34.223.5 - Broadcom)
Pacchetto driver Windows - Broadcom (k57nd60x) Net (10/30/2013 15.6.0.14) (HKLM\...\D044F015E956FC855111BB167FC036B8BFCBB620) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Pacchetto driver Windows - Broadcom (k57w2k) Net (11/24/2011 14.8.0.6) (HKLM\...\6B2DB2AB78900DF8904260899A8081C43DAEDD3A) (Version: 11/24/2011 14.8.0.6 - Broadcom)
RogueKiller version 12.12.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.29.0 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype versione 8.17 (HKLM\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Spotify) (Version: 1.0.85.259.g4ab01679 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Total War Attila (HKLM\...\Total War Attila_is1) (Version: 1.6 - RePack by Valdeni)
uTorrent Web (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\utweb) (Version: 0.15.0 - BitTorrent, Inc.)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-10-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A12AAA6-08D3-4502-9F76-734579CB9F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35DE8FCE-5991-4F86-9677-9A68D72B0E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35E77E7F-AAC8-4425-BB95-6AB7D2720B09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {590D3233-9A2A-414B-83C4-DE6574211224} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {76313147-2D04-4785-BE9F-298335A1A7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {83917107-974C-4689-ACE4-AB7256AD751F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {86C57075-EB8A-46C1-8863-2AF2D31AB737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {95660FD3-95AE-4F02-A987-83E395F12F7F} - System32\Tasks\{7FAC327B-162B-3D63-117E-5A1DCCA56CC9} => C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe [2009-07-14] (Microsoft Corporation)
Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)
Task: {C80FC050-04CA-4430-B0B8-B6DC5EE45264} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {D5F05977-A32E-4759-A355-ABCE66A8D0AC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {D8CB692F-A750-4556-A51B-82468351E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {FF7FB4FD-7E43-43BB-A93D-A940BC52A578} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {FFD2495D-6E4B-4D03-B6B0-6D36923EB299} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-07-31 21:04 - 2018-07-31 22:14 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-27 19:24 - 2018-06-27 19:24 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-08-01 15:55 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts

2.20.251.26 n4464433.iavs9x.u.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Pietro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6BABEEEB-78C4-4285-981D-DBD80DD7598B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AD892B7E-7293-46C5-BFF0-35DE1DF09D2C}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF89BE03-48A1-4719-85CF-66DA42718527}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2216C13B-D064-4C8E-80D3-941602FD363C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E38F1CA-2AAA-4442-A9D8-3147A7FDDFE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12481DF3-1CE6-4F2A-83BC-83B4A40CDF52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0E43F-C147-4B69-9944-14BA90D1B746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D893CBB8-B39D-4958-9AA6-314C867D1FE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{07D30D75-64E3-4FBC-9D15-59AE3874A30C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F303B6D-C51B-4210-9E7E-284B4A3BECC3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{96C3DE76-140C-400C-9F3F-4114C3A7D50F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8F7D49EF-F962-42C8-B0A3-06AF7B1205E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7688AEF3-7391-417A-8829-C4635E9B5D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F6D752B-76F1-45B0-8D41-4B3B063B8469}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{78CA0936-98B1-4233-AB94-99D96F47B20E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9FF35AD0-8A75-43CD-8829-46EA28BB2CA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30A3A1F4-0D6F-4716-9C46-7E9A5EA99A36}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{576DDD19-0100-443C-97C0-A12468F812DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3B0617D-2860-45B3-BE54-C156FC9C9630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{E63C56DD-E86B-41EC-8B7D-9C5C26384889}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F191430D-6395-4B3A-BEF5-611A00B26DD5}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{59C10FBF-E7F8-4B03-B4C0-62F4851CF127}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [{8518049A-2EF5-467F-96CB-6D43546D337F}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [TCP Query User{F19525F0-C933-407D-9E05-338B555312A0}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [UDP Query User{D113A0C8-7A4D-4656-8BB5-0AFBF23CD20F}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [{D64193AB-885F-42A1-9453-3E9F365C527E}] => (Allow) C:\Windows\system32\msiexec.exe
FirewallRules: [{1CB41579-D0E1-4DB6-8427-26CE5A8EBB49}] => (Allow) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
FirewallRules: [{E6F50F18-9172-4A83-BCF0-86E9E2E86741}] => (Allow) C:\Windows\baez.exe
FirewallRules: [TCP Query User{781951F3-CE59-48DE-92E1-8EDEBD90137C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{5D5B2897-5457-4179-8CE4-7132EA75DE9C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{A2C52868-EA32-4B97-B0DD-5D31242A5A29}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{AE748AF5-E878-4AE3-BD5C-01F101B8DF55}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [{260AFA4C-596B-4FDB-BD17-1CDBB3AF1681}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A6377F03-DFA9-41DA-9AFF-F6920ECBDC95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E4AD3274-34EA-40C1-82F4-1F821ED2750A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [{DF2DC5E4-6F46-493A-AF26-7CD14D565001}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{88AB60CC-7C60-4F36-A126-997E0ECB1B66}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{9E0B0D69-E370-459B-AB16-C9B73CADEE86}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [TCP Query User{F52EF858-3F47-4C97-8A53-A557449E53CF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E2FA60C7-FA51-470E-BD4D-F39D53F0C3E0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [{DEF95A84-9F64-48FD-84E5-D0F98E9F426E}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{D9E3D654-454C-4DBC-9B4D-8D4C63DDE93C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{AC8BFD51-B8AB-42A8-A237-83974224C204}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

26-07-2018 13:35:08 Punto di controllo pianificato
26-07-2018 13:46:27 Windows Update
30-07-2018 01:34:35 Windows Update
31-07-2018 16:05:47 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Scheda Microsoft Teredo Tunneling
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Windows Defender:
===================================
Date: 2018-07-07 12:43:44.659
Description:
%1: il modulo è stato terminato a causa di un errore imprevisto.
Tipo errore:%5
Codice eccezione:%6
Risorsa:%3

Date: 2018-07-04 13:12:49.000
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:1.271.442.0
Versione firma precedente:1.269.1075.0
Origine aggiornamento:Utente
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2018-07-04 13:12:48.999
Description:
Windows Defender: errore durante il tentativo di aggiornare il modulo.
Nuova versione modulo:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Origine aggiornamento:Utente
Utente:NT AUTHORITY\SYSTEM
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===================================

Date: 2017-08-11 17:01:56.897
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.836
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.753
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.635
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.626
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.617
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.181
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.173
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II N830 Triple-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 3578.9 MB
Available physical RAM: 2434.5 MB
Total Virtual: 7156.15 MB
Available Virtual: 6399.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:40.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Shogun2 Disc 1) (CDROM) (Total:6.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Cosa faccio con il resto dei file trovati da roguekiller?

Dan1979

03-08-2018, 08:00

Ciao

Allora primo elimina queste voci di roguekiller se ancora non l hai fatto:
¤¤¤ Registro : 13 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Trovato
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[Suspicious.Path] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato

-Poi se non conosci o utilizzi disinstalla queste estensioni in chrome:
-CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03]
-CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03]

-Poi posiziona sul desktop frst.exe e il file allegato sotto fixlist.txt (mi raccomando sul desktop)
tasto dx sopra frst---->esegui come amministratore
quando si apre clicca su fix
attendi che finisca e che il pc si riavvii ( se non si riavvia fallo te)
posta il fixlog.txt (lo trovi sul desktop)

-Resetta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser
dopo questa operazione dovrai reimpostare la pagina iniziale dei browser vedi qui http://it.ccm.net/faq/2175-come-cambiare-la-pagina-iniziale-del-browser
prima di resettare i browser salvati i segnalibri e password se ti interessano....

-Fai pulizia con ccleaner sia sistema che registro (importante)

Fa sapere come va il pc ......e che eventuali problemi restano...

mazzazz

03-08-2018, 12:09

Ho fatto tutto, il problema sembra essere finalmente scomparso. Ora posso reinstallare un antivirus?

Questo è il fixlog di FRST:

Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by Pietro (03-08-2018 12:48:17) Run:1
Running from C:\Users\Pietro\Desktop
Loaded Profiles: Pietro (Available Profiles: Pietro)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION

Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com

URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File

S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini
2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security
2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security
2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe
2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp
2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)

C:\Windows\baez.exe

HOSTS:
Removeproxy:
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: ipconfig /flushdns
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
Reboot:

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda" => removed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda_XP" => removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\System\CurrentControlSet\Services\panda_url_filteringd" => removed successfully.
panda_url_filteringd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\Users\Pietro\AppData\Local\WMI.ini => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\Users\Pietro\AppData\Roaming\Panda Security => moved successfully
C:\Users\Pietro\AKKZk.exe => moved successfully
C:\Program Files\GUT7D73.tmp => moved successfully
C:\Program Files\GUTFA49.tmp => moved successfully
C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe => moved successfully
"C:\Users\Pietro\AppData\Local\WMI.ini" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => not found
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully.
C:\Windows\System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{273197F8-CB33-493E-9FF5-3F0858A98994}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully.
C:\Windows\System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully.
C:\Windows\System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCFB33EC-4A33-9817-0B3C-2C2C38358829}" => removed successfully.
C:\Windows\baez.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.

========= End of RemoveProxy: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Informazioni: Ripristino delle impostazioni dei contatori di prestazioni dall'archivio di backup del sistema completato
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Impossibile trovare il percorso specificato.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.
Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
Avvio del gruppo o del servizio di dipendenza non riuscito.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12680601 B
Java, Flash, Steam htmlcache => 15198739 B
Windows/system/drivers => 943842 B
Edge => 0 B
Chrome => 47954077 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55863087 B
LocalService => 66228 B
NetworkService => 72344 B
Pietro => 102637997 B

RecycleBin => 0 B
EmptyTemp: => 224.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:49:54 ====

Dan1979

03-08-2018, 12:30

Ok....:D
adesso puoi reinstallare un antivirus....:)
Occhio a vetificare che windows defender sia disabilitato una volta installata l antivirus di terze parti...

testa il pc per un po e se andra bene seguiranno le ultime pulizie dei log e dei programmi usati per effettuare scansioni...

Dan1979

06-08-2018, 07:30

Ok..
se il pc funziona bene...

Scarica delfix da qui https://www.bleepingcomputer.com/download/delfix/
Posizionalo sul desktop...poi tasto dx del mouse sopra l eseguibile e fai esegui come amministratore....
Quando si apre metti la spunta a :
Remove disinfection tool
Clicca su run
Attendi che finisca...

Se non ci son piu problemi abbiamo finito....