Spam aggressivo - Pagina 2

mazzazz · 01-08-2018, 14:25

Quote:

Originariamente inviato da Dan1979

Mi raccomando pista anche addition.txt l altra volta non lo hai postato....

eccolo

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Pietro (01-08-2018 11:46:44)
Running from C:\Users\Pietro\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-08-02 21:19:48)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3475549784-737223174-1249760543-500 - Administrator - Disabled)
Guest (S-1-5-21-3475549784-737223174-1249760543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3475549784-737223174-1249760543-1003 - Limited - Enabled)
Pietro (S-1-5-21-3475549784-737223174-1249760543-1000 - Administrator - Enabled) => C:\Users\Pietro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{AC904169-4386-A9F9-AC00-67D5C42133BF}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM\...\{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}) (Version: 2010.1028.1114.18274 - Nome società) Hidden
f.lux (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - )
League of Legends (HKLM\...\{1976A709-EC16-419D-85D4-52FE64A3A5C7}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacchetto driver Windows - Broadcom (BCM43XX) Net (09/04/2014 6.34.223.5) (HKLM\...\2A31EA3D7C17F73EDC1C5275544C8B1D34746852) (Version: 09/04/2014 6.34.223.5 - Broadcom)
Pacchetto driver Windows - Broadcom (k57nd60x) Net (10/30/2013 15.6.0.14) (HKLM\...\D044F015E956FC855111BB167FC036B8BFCBB620) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Pacchetto driver Windows - Broadcom (k57w2k) Net (11/24/2011 14.8.0.6) (HKLM\...\6B2DB2AB78900DF8904260899A8081C43DAEDD3A) (Version: 11/24/2011 14.8.0.6 - Broadcom)
Panda Devices Agent (HKLM\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{2DE1F55B-B8FC-4ACF-8EB2-A38056C8E476}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype versione 8.17 (HKLM\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Spotify) (Version: 1.0.85.259.g4ab01679 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Total War Attila (HKLM\...\Total War Attila_is1) (Version: 1.6 - RePack by Valdeni)
Uplay (HKLM\...\Uplay) (Version: 4.3 - Ubisoft)
uTorrent Web (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\utweb) (Version: 0.15.0 - BitTorrent, Inc.)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-10-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A12AAA6-08D3-4502-9F76-734579CB9F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35DE8FCE-5991-4F86-9677-9A68D72B0E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35E77E7F-AAC8-4425-BB95-6AB7D2720B09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {590D3233-9A2A-414B-83C4-DE6574211224} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {76313147-2D04-4785-BE9F-298335A1A7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {86C57075-EB8A-46C1-8863-2AF2D31AB737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {95660FD3-95AE-4F02-A987-83E395F12F7F} - System32\Tasks\{7FAC327B-162B-3D63-117E-5A1DCCA56CC9} => C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe [2009-07-14] (Microsoft Corporation)
Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)
Task: {C80FC050-04CA-4430-B0B8-B6DC5EE45264} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {D8CB692F-A750-4556-A51B-82468351E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {FF7FB4FD-7E43-43BB-A93D-A940BC52A578} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {FFD2495D-6E4B-4D03-B6B0-6D36923EB299} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-07-31 21:04 - 2018-07-31 22:14 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-12-15 19:17 - 2015-12-15 19:17 - 000618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Pietro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6BABEEEB-78C4-4285-981D-DBD80DD7598B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AD892B7E-7293-46C5-BFF0-35DE1DF09D2C}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF89BE03-48A1-4719-85CF-66DA42718527}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2216C13B-D064-4C8E-80D3-941602FD363C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E38F1CA-2AAA-4442-A9D8-3147A7FDDFE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12481DF3-1CE6-4F2A-83BC-83B4A40CDF52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0E43F-C147-4B69-9944-14BA90D1B746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D893CBB8-B39D-4958-9AA6-314C867D1FE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{07D30D75-64E3-4FBC-9D15-59AE3874A30C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F303B6D-C51B-4210-9E7E-284B4A3BECC3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{96C3DE76-140C-400C-9F3F-4114C3A7D50F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8F7D49EF-F962-42C8-B0A3-06AF7B1205E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7688AEF3-7391-417A-8829-C4635E9B5D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9E6EEEEE-BBC5-4346-BE74-CA9A7500BF7B}] => (Allow) C:\Program Files\Ubisoft\The Settlers® - La Nascita di un Impero\base\bin\Settlers6.exe
FirewallRules: [{34FCC8D6-62F6-4FC5-9639-425D207BAE08}] => (Allow) C:\Program Files\Ubisoft\The Settlers® - La Nascita di un Impero\base\bin\Settlers6.exe
FirewallRules: [{8F6D752B-76F1-45B0-8D41-4B3B063B8469}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{78CA0936-98B1-4233-AB94-99D96F47B20E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9FF35AD0-8A75-43CD-8829-46EA28BB2CA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30A3A1F4-0D6F-4716-9C46-7E9A5EA99A36}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{576DDD19-0100-443C-97C0-A12468F812DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3B0617D-2860-45B3-BE54-C156FC9C9630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{E63C56DD-E86B-41EC-8B7D-9C5C26384889}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F191430D-6395-4B3A-BEF5-611A00B26DD5}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{B823B103-5F9F-47C4-B68A-2B15DDA44A6E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DFF16248-3A3D-4846-A329-3453B8BDD65A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [TCP Query User{62A9A113-6C2F-4D5C-9EA9-30AB91EFC31D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8544A09D-D373-4AD0-956D-79A48374C9F1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C54D4062-75AE-4E1C-8FFF-2DF5ABA6764A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{BE38033B-A815-4CE5-AFBB-B89886E979F3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D9494E16-BE71-4637-9B11-94933BBED86D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{13A67061-957E-4764-AF2C-1C3852A80E99}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2E588985-D6CC-425F-8087-F3A16B3E19E7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E769C33C-F022-43D1-A202-6347569C65D7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{59C10FBF-E7F8-4B03-B4C0-62F4851CF127}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [{8518049A-2EF5-467F-96CB-6D43546D337F}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [TCP Query User{76746DF5-E389-4621-877C-65BB7C8E8926}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [UDP Query User{ED20944B-297E-4082-9763-1F48D090658C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F19525F0-C933-407D-9E05-338B555312A0}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [UDP Query User{D113A0C8-7A4D-4656-8BB5-0AFBF23CD20F}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [TCP Query User{D8C549D6-4A93-4F5B-97F5-2FBA0E312AAB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [UDP Query User{72BBB8FF-3117-4290-8346-2E2E295C0215}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D5B01D37-F316-4601-A6AF-B9E9B97209A7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [UDP Query User{62BD642B-9AD0-4389-A3C8-EE8F6C7FE009}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4256DBCD-8697-459A-AC6C-41013F152381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7CB1666C-16A4-4759-9966-63BD69AD5D5A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DD3C8712-59F6-47FA-AA06-6E783056216C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C32D8B7F-96EC-4E35-95A8-8A793BD64E5F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D8E35D08-C494-4FF0-B2E5-507657DD2C1D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [UDP Query User{11EBA21A-049D-487A-BAA1-9EE705FBFA3A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4F0BCF5D-CCD2-4D60-AE3C-37BC217BAEE9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [UDP Query User{74FAF3A2-5CF8-46C1-8F59-AC0C9CF07A3C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E15D168C-CC26-4A32-B51C-886EEE20DEAC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{AC18287C-1E1C-4B23-9623-1C83D04AA911}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F31765C3-3B93-4CD5-84E9-2082843F765D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{92F53BF5-A26D-4A69-BB06-10ED900AE675}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{89A1BD2E-622B-46B1-9955-59AA1D8703F3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{31F1A673-7365-444F-A69A-F64C81F5955B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{D64193AB-885F-42A1-9453-3E9F365C527E}] => (Allow) C:\Windows\system32\msiexec.exe
FirewallRules: [{1CB41579-D0E1-4DB6-8427-26CE5A8EBB49}] => (Allow) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
FirewallRules: [{E6F50F18-9172-4A83-BCF0-86E9E2E86741}] => (Allow) C:\Windows\baez.exe
FirewallRules: [TCP Query User{781951F3-CE59-48DE-92E1-8EDEBD90137C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{5D5B2897-5457-4179-8CE4-7132EA75DE9C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{A2C52868-EA32-4B97-B0DD-5D31242A5A29}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{AE748AF5-E878-4AE3-BD5C-01F101B8DF55}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{89927C6F-8F0B-4CA8-9CAB-2C6338065E78}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A0FA92B3-566B-4543-84F7-A40129B0D248}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [{260AFA4C-596B-4FDB-BD17-1CDBB3AF1681}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A6377F03-DFA9-41DA-9AFF-F6920ECBDC95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E4AD3274-34EA-40C1-82F4-1F821ED2750A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [{DF2DC5E4-6F46-493A-AF26-7CD14D565001}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{88AB60CC-7C60-4F36-A126-997E0ECB1B66}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{38CE9F11-2265-4102-AEE6-EA9B8F66FF6E}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{F53AAADD-9D0B-4F0C-9525-06D95B5403DA}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{9E0B0D69-E370-459B-AB16-C9B73CADEE86}] => (Allow) C:\Windows\system32\tracert.exe

==================== Restore Points =========================

26-07-2018 13:35:08 Punto di controllo pianificato
26-07-2018 13:46:27 Windows Update
30-07-2018 01:34:35 Windows Update
31-07-2018 16:05:47 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Scheda Microsoft Teredo Tunneling
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3136

Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3136

Error: (08/01/2018 11:08:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2091

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2091

Error: (08/01/2018 11:08:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2018 11:08:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/01/2018 11:08:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

System errors:
=============
Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:45:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:44:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Provider Gruppo Home dipende dal servizio Host provider di individuazione funzioni che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 11:44:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio WSearch con gli argomenti "" per eseguire il server
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/01/2018 11:44:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio WSearch con gli argomenti "" per eseguire il server
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/01/2018 11:44:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM ha ricevuto l'errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/01/2018 11:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Windows Defender:
===================================
Date: 2018-07-07 12:43:44.659
Description:
%1: il modulo è stato terminato a causa di un errore imprevisto.
Tipo errore:%5
Codice eccezione:%6
Risorsa:%3

Date: 2018-07-04 13:12:49.000
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:1.271.442.0
Versione firma precedente:1.269.1075.0
Origine aggiornamento:Utente
Tipo firma:Antispyware
Tipo aggiornamento

elta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2018-07-04 13:12:48.999
Description:
Windows Defender: errore durante il tentativo di aggiornare il modulo.
Nuova versione modulo:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Origine aggiornamento:Utente
Utente:NT AUTHORITY\SYSTEM
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===================================

Date: 2017-08-11 17:01:56.897
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.836
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.753
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.635
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.626
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.617
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.181
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.173
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II N830 Triple-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 3578.9 MB
Available physical RAM: 2585.5 MB
Total Virtual: 7156.15 MB
Available Virtual: 6217.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:43.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Shogun2 Disc 1) (CDROM) (Total:6.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 4455FAFA)
Partition 1: (Active) - (Size=232.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

ora eseguo con ccleaner

mazzazz · 01-08-2018, 16:14

Ho pulito tutto con ccleaner, poi ho eliminato due file seganti in rosso con roguekiller sebbene ce ne siano molti altri gialli.

Ecco il log di roguekiller:

RogueKiller V12.12.29.0 [Jul 30 2018] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniziato in : Modalità Sicura e connessione
Utente : Pietro [Amministratore]
Iniziato da : C:\Program Files\RogueKiller\RogueKiller.exe
Modalità : Scansione -- Data : 08/01/2018 16:13:47 (Durata : 00:28:48)

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 13 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Trovato
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[Suspicious.Path] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [7] -> Trovato
[PUP.HackTool|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato
[PUP.HackTool|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 2 ¤¤¤
[PUP.HackTool][Cartella] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Trovato
[PUP.HackTool][Cartella] C:\Program Files\KMSpico -> Trovato

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000035f]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 ATA Device +++++
--- User ---
[MBR] 09a04c6d1f22ff2f2dfb29351f5caee1
[BSP] 80a38fed0ab809015c13cee96c71d3db : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 237923 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Il log di FRST (che continua a non trovare nulla di sospetto):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by Pietro (administrator) on PC (01-08-2018 16:54:43)
Running from C:\Users\Pietro\Desktop
Loaded Profiles: Pietro (Available Profiles: Pietro)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [f.lux] => C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [utweb] => C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe [5179064 2018-03-29] (BitTorrent Inc.)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [Spotify Web Helper] => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-07-22] (Spotify Ltd)
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C11EF9E9-8CE1-4917-AA25-844B5D1D3F5F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ECC88173-E57E-4622-A400-1B9EE911E625}: [DhcpNameServer] 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default [2018-08-01]
CHR Extension: (Presentazioni) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documenti) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03]
CHR Extension: (Giovanni Ficarra) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicbnmkiaocihaoagfeccdlbhjegpbpp [2017-08-03]
CHR Extension: (YouTube) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03]
CHR Extension: (Adblock Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-19]
CHR Extension: (Fogli) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03]
CHR Extension: (Google Documenti offline) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-04]
CHR Extension: (AdBlock) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27]
CHR Extension: (Google Maps) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-08-03]
CHR Extension: (StudentiAristofane) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljalkpjbjhgagkobdehjlmpbnbgdbm [2017-08-03]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03]
CHR Extension: (Gmail) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-01]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2017-11-16] (The OpenVPN Project)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2017-08-03] (ATI Technologies, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2017-08-15] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2018-07-07] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2018-07-07] (Disc Soft Ltd)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2017-08-15] ()
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-01] (Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-08-01] ()
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 16:54 - 2018-08-01 16:56 - 000009750 _____ C:\Users\Pietro\Desktop\FRST.txt
2018-08-01 16:52 - 2018-08-01 16:52 - 000008072 _____ C:\Users\Pietro\Desktop\roguekille lol.txt
2018-08-01 16:13 - 2018-08-01 16:13 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-08-01 16:13 - 2018-08-01 16:13 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-01 16:12 - 2018-08-01 16:13 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-01 16:12 - 2018-08-01 16:11 - 036746192 _____ (Adlice Software ) C:\Users\Pietro\Desktop\RogueKiller_setup.exe
2018-08-01 16:11 - 2018-08-01 16:12 - 036716074 _____ C:\Users\Pietro\Desktop\bau.zip
2018-08-01 16:06 - 2018-08-01 16:20 - 000000320 _____ C:\Windows\ntbtlog.txt
2018-08-01 16:01 - 2018-08-01 16:01 - 000112040 _____ C:\Users\Pietro\Desktop\cc_20180801_160103.reg
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-01 15:54 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\CCleaner
2018-08-01 15:54 - 2018-08-01 15:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-01 15:54 - 2018-08-01 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-01 10:25 - 2018-08-01 15:58 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-31 21:06 - 2018-08-01 16:54 - 000000000 ____D C:\FRST
2018-07-31 21:05 - 2018-07-31 21:05 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-31 21:05 - 2018-07-31 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-31 21:04 - 2018-07-31 22:14 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-07-31 21:04 - 2018-07-31 21:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-31 20:46 - 2018-07-31 20:46 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\1655554A.sys
2018-07-31 20:43 - 2018-07-31 20:43 - 001773056 ____N (Farbar) C:\Users\Pietro\Desktop\FRST.exe
2018-07-31 18:29 - 2018-07-31 18:29 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\5272E707.sys
2018-07-31 16:17 - 2018-07-31 16:17 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\4C6306E4.sys
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-31 15:41 - 2018-07-31 20:46 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-07-31 15:41 - 2018-07-31 15:41 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6751C2EE.sys
2018-07-30 14:50 - 2018-07-30 14:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pietro\Desktop\HijackThis.exe
2018-07-30 12:29 - 2018-08-01 10:59 - 000000000 ____D C:\AdwCleaner
2018-07-30 12:29 - 2018-07-27 11:21 - 008206624 ____N (Malwarebytes) C:\Users\Pietro\Desktop\adwcleaner-7-0-7-0.exe
2018-07-23 11:12 - 2018-07-23 11:13 - 000028657 _____ C:\Users\Pietro\Desktop\modulo_disdetta_contratto_affitto.pdf
2018-07-20 15:57 - 2018-07-20 15:57 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-20 15:57 - 2018-07-20 15:57 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-17 19:24 - 2018-07-17 19:24 - 000000000 ____D C:\Users\Pietro\Documents\telecamera
2018-07-14 00:37 - 2018-07-14 00:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 23:54 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 23:54 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 23:54 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 23:54 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 23:54 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 23:54 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 23:54 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 23:54 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 23:54 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 23:54 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 23:54 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 23:54 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 23:54 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 23:54 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 23:54 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 23:54 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 23:54 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-07-11 23:54 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 23:54 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 23:54 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 23:54 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 23:54 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 23:54 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 23:54 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 23:54 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 23:54 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 23:54 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 23:54 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 23:54 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 23:53 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 23:53 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 23:53 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 23:53 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 23:53 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 23:53 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 23:53 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 23:53 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 23:53 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 23:53 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 23:53 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 23:53 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 23:53 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 23:53 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 23:53 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 23:53 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 23:53 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 23:53 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 23:53 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 23:53 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 23:53 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 23:53 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 23:53 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 23:53 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 23:53 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 23:53 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 23:53 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 23:53 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 23:53 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 23:53 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 23:53 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 23:53 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 23:53 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 23:53 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 23:53 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 23:53 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 23:52 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 23:52 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 23:52 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 23:52 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-08 12:25 - 2018-07-08 12:25 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\SUPERAntiSpyware.com
2018-07-08 12:24 - 2018-07-08 12:24 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-07-07 19:18 - 2018-07-07 19:18 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Steam
2018-07-07 19:10 - 2018-07-07 19:10 - 000001893 _____ C:\Users\Public\Desktop\Total War Attila.lnk
2018-07-07 18:39 - 2018-07-07 20:25 - 000000000 ____D C:\Program Files\Total War Attila
2018-07-07 18:35 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-07-07 18:34 - 2018-07-07 18:35 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-07-07 18:33 - 2018-07-07 18:36 - 000000000 ____D C:\Users\Pietro\AppData\Local\Disc_Soft_Ltd
2018-07-07 18:33 - 2018-07-07 18:33 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-07-07 18:31 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\DAEMON Tools Lite
2018-07-07 18:31 - 2018-07-07 18:33 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-07-07 18:30 - 2018-07-07 18:30 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-07-07 17:24 - 2018-07-07 18:02 - 000000000 ____D C:\Users\Pietro\Downloads\Total.War.Attila.RePack.by.Valdeni
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 16:03 - 2017-08-15 16:54 - 000000000 ____D C:\Program Files\Steam
2018-08-01 16:03 - 2011-01-15 13:33 - 000000000 ____D C:\Windows\Panther
2018-08-01 16:03 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-01 15:54 - 2017-11-10 18:40 - 000000000 ____D C:\Users\Pietro\Desktop\Foto
2018-08-01 15:53 - 2018-04-22 17:43 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\uTorrent Web
2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security
2018-08-01 15:52 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-01 15:51 - 2009-07-14 06:33 - 000464392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security
2018-07-31 21:04 - 2015-01-28 01:02 - 000000000 ____D C:\Users\Pietro\Desktop\mbar
2018-07-30 20:46 - 2018-03-12 21:15 - 000000000 ____D C:\Users\Pietro\Desktop\ricordati che ogni tanto sei anche un cazzo di scrittore
2018-07-30 14:51 - 2017-08-03 18:21 - 000000000 ____D C:\Users\Pietro\AppData\Local\Spotify
2018-07-30 14:39 - 2017-08-03 18:20 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Spotify
2018-07-29 02:26 - 2017-08-16 09:19 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-24 12:09 - 2011-01-15 13:50 - 001644010 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-24 12:09 - 2009-07-14 10:21 - 000744404 _____ C:\Windows\system32\perfh010.dat
2018-07-24 12:09 - 2009-07-14 10:21 - 000148734 _____ C:\Windows\system32\perfc010.dat
2018-07-20 15:56 - 2017-08-03 16:44 - 000000000 ____D C:\Program Files\Google
2018-07-20 15:54 - 2017-08-03 16:43 - 000000000 ____D C:\Users\Pietro\AppData\Local\Deployment
2018-07-17 00:02 - 2011-01-15 14:00 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-16 01:57 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2018-07-14 19:38 - 2017-10-19 19:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-14 19:17 - 2017-08-16 04:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-14 00:53 - 2017-08-02 23:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-07-14 00:34 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-11 19:02 - 2017-09-13 20:58 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-11 19:02 - 2017-08-16 09:19 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 18:10 - 2017-09-19 17:46 - 000002078 _____ C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-07 19:18 - 2017-08-16 09:19 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\The Creative Assembly
2018-07-07 14:33 - 2017-11-12 21:49 - 000000000 ____D C:\Users\Pietro\AppData\Local\Ubisoft Game Launcher
2018-07-07 14:31 - 2017-08-03 08:28 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-07-07 13:52 - 2017-08-15 16:50 - 000000000 ____D C:\Windows\system32\appmgmt
2018-07-06 13:32 - 2017-08-02 23:44 - 000000000 ____D C:\Users\Pietro
2018-07-06 13:12 - 2018-05-07 14:41 - 000000000 ____D C:\Users\Pietro\Documents\il gioco
2018-07-06 13:12 - 2017-12-05 15:20 - 000000000 ____D C:\Users\Pietro\Desktop\Cenerentola
2018-07-05 13:23 - 2009-07-14 04:04 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe
2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp
2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini

Some files in TEMP:
====================
2018-08-01 16:13 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Users\Pietro\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-27 12:30

==================== End of FRST.txt ============================

E l'additiondi FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by Pietro (01-08-2018 16:56:26)
Running from C:\Users\Pietro\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-08-02 21:19:48)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3475549784-737223174-1249760543-500 - Administrator - Disabled)
Guest (S-1-5-21-3475549784-737223174-1249760543-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3475549784-737223174-1249760543-1003 - Limited - Enabled)
Pietro (S-1-5-21-3475549784-737223174-1249760543-1000 - Administrator - Enabled) => C:\Users\Pietro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{AC904169-4386-A9F9-AC00-67D5C42133BF}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM\...\{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}) (Version: 2010.1028.1114.18274 - Nome società) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
f.lux (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - )
League of Legends (HKLM\...\{1976A709-EC16-419D-85D4-52FE64A3A5C7}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacchetto driver Windows - Broadcom (BCM43XX) Net (09/04/2014 6.34.223.5) (HKLM\...\2A31EA3D7C17F73EDC1C5275544C8B1D34746852) (Version: 09/04/2014 6.34.223.5 - Broadcom)
Pacchetto driver Windows - Broadcom (k57nd60x) Net (10/30/2013 15.6.0.14) (HKLM\...\D044F015E956FC855111BB167FC036B8BFCBB620) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Pacchetto driver Windows - Broadcom (k57w2k) Net (11/24/2011 14.8.0.6) (HKLM\...\6B2DB2AB78900DF8904260899A8081C43DAEDD3A) (Version: 11/24/2011 14.8.0.6 - Broadcom)
RogueKiller version 12.12.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.29.0 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype versione 8.17 (HKLM\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Spotify) (Version: 1.0.85.259.g4ab01679 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Total War Attila (HKLM\...\Total War Attila_is1) (Version: 1.6 - RePack by Valdeni)
uTorrent Web (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\utweb) (Version: 0.15.0 - BitTorrent, Inc.)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-10-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A12AAA6-08D3-4502-9F76-734579CB9F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35DE8FCE-5991-4F86-9677-9A68D72B0E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {35E77E7F-AAC8-4425-BB95-6AB7D2720B09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {590D3233-9A2A-414B-83C4-DE6574211224} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {76313147-2D04-4785-BE9F-298335A1A7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {83917107-974C-4689-ACE4-AB7256AD751F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {86C57075-EB8A-46C1-8863-2AF2D31AB737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {95660FD3-95AE-4F02-A987-83E395F12F7F} - System32\Tasks\{7FAC327B-162B-3D63-117E-5A1DCCA56CC9} => C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe [2009-07-14] (Microsoft Corporation)
Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)
Task: {C80FC050-04CA-4430-B0B8-B6DC5EE45264} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {D5F05977-A32E-4759-A355-ABCE66A8D0AC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {D8CB692F-A750-4556-A51B-82468351E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.)
Task: {FF7FB4FD-7E43-43BB-A93D-A940BC52A578} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {FFD2495D-6E4B-4D03-B6B0-6D36923EB299} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-07-31 21:04 - 2018-07-31 22:14 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-27 19:24 - 2018-06-27 19:24 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-08-01 15:55 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts

2.20.251.26 n4464433.iavs9x.u.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Spotify => C:\Users\Pietro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6BABEEEB-78C4-4285-981D-DBD80DD7598B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{AD892B7E-7293-46C5-BFF0-35DE1DF09D2C}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF89BE03-48A1-4719-85CF-66DA42718527}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2216C13B-D064-4C8E-80D3-941602FD363C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E38F1CA-2AAA-4442-A9D8-3147A7FDDFE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12481DF3-1CE6-4F2A-83BC-83B4A40CDF52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0E43F-C147-4B69-9944-14BA90D1B746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D893CBB8-B39D-4958-9AA6-314C867D1FE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{07D30D75-64E3-4FBC-9D15-59AE3874A30C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F303B6D-C51B-4210-9E7E-284B4A3BECC3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{96C3DE76-140C-400C-9F3F-4114C3A7D50F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8F7D49EF-F962-42C8-B0A3-06AF7B1205E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7688AEF3-7391-417A-8829-C4635E9B5D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F6D752B-76F1-45B0-8D41-4B3B063B8469}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{78CA0936-98B1-4233-AB94-99D96F47B20E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9FF35AD0-8A75-43CD-8829-46EA28BB2CA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30A3A1F4-0D6F-4716-9C46-7E9A5EA99A36}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{576DDD19-0100-443C-97C0-A12468F812DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3B0617D-2860-45B3-BE54-C156FC9C9630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{E63C56DD-E86B-41EC-8B7D-9C5C26384889}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F191430D-6395-4B3A-BEF5-611A00B26DD5}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{59C10FBF-E7F8-4B03-B4C0-62F4851CF127}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [{8518049A-2EF5-467F-96CB-6D43546D337F}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe
FirewallRules: [TCP Query User{F19525F0-C933-407D-9E05-338B555312A0}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [UDP Query User{D113A0C8-7A4D-4656-8BB5-0AFBF23CD20F}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [{D64193AB-885F-42A1-9453-3E9F365C527E}] => (Allow) C:\Windows\system32\msiexec.exe
FirewallRules: [{1CB41579-D0E1-4DB6-8427-26CE5A8EBB49}] => (Allow) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
FirewallRules: [{E6F50F18-9172-4A83-BCF0-86E9E2E86741}] => (Allow) C:\Windows\baez.exe
FirewallRules: [TCP Query User{781951F3-CE59-48DE-92E1-8EDEBD90137C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{5D5B2897-5457-4179-8CE4-7132EA75DE9C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [TCP Query User{A2C52868-EA32-4B97-B0DD-5D31242A5A29}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [UDP Query User{AE748AF5-E878-4AE3-BD5C-01F101B8DF55}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe
FirewallRules: [{260AFA4C-596B-4FDB-BD17-1CDBB3AF1681}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A6377F03-DFA9-41DA-9AFF-F6920ECBDC95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E4AD3274-34EA-40C1-82F4-1F821ED2750A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [{DF2DC5E4-6F46-493A-AF26-7CD14D565001}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{88AB60CC-7C60-4F36-A126-997E0ECB1B66}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{9E0B0D69-E370-459B-AB16-C9B73CADEE86}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [TCP Query User{F52EF858-3F47-4C97-8A53-A557449E53CF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E2FA60C7-FA51-470E-BD4D-F39D53F0C3E0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [{DEF95A84-9F64-48FD-84E5-D0F98E9F426E}] => (Allow) C:\Windows\system32\tracert.exe
FirewallRules: [{D9E3D654-454C-4DBC-9B4D-8D4C63DDE93C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{AC8BFD51-B8AB-42A8-A237-83974224C204}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

26-07-2018 13:35:08 Punto di controllo pianificato
26-07-2018 13:46:27 Windows Update
30-07-2018 01:34:35 Windows Update
31-07-2018 16:05:47 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Scheda Microsoft Teredo Tunneling
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.

Windows Defender:
===================================
Date: 2018-07-07 12:43:44.659
Description:
%1: il modulo è stato terminato a causa di un errore imprevisto.
Tipo errore:%5
Codice eccezione:%6
Risorsa:%3

Date: 2018-07-04 13:12:49.000
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:1.271.442.0
Versione firma precedente:1.269.1075.0
Origine aggiornamento:Utente
Tipo firma:Antispyware
Tipo aggiornamento

elta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2018-07-04 13:12:48.999
Description:
Windows Defender: errore durante il tentativo di aggiornare il modulo.
Nuova versione modulo:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Origine aggiornamento:Utente
Utente:NT AUTHORITY\SYSTEM
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===================================

Date: 2017-08-11 17:01:56.897
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.836
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.753
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.635
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.626
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.617
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.181
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-08-11 17:01:56.173
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II N830 Triple-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 3578.9 MB
Available physical RAM: 2434.5 MB
Total Virtual: 7156.15 MB
Available Virtual: 6399.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:40.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Shogun2 Disc 1) (CDROM) (Total:6.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Cosa faccio con il resto dei file trovati da roguekiller?

Dan1979 · 03-08-2018, 08:00

Ciao

Allora primo elimina queste voci di roguekiller se ancora non l hai fatto:
¤¤¤ Registro : 13 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Trovato
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[PUP.Gen0] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato
[Suspicious.Path] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe|Name=uTorrent Web| [7] -> Trovato
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato

-Poi se non conosci o utilizzi disinstalla queste estensioni in chrome:
-CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03]
-CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03]

-Poi posiziona sul desktop frst.exe e il file allegato sotto fixlist.txt (mi raccomando sul desktop)
tasto dx sopra frst---->esegui come amministratore
quando si apre clicca su fix
attendi che finisca e che il pc si riavvii ( se non si riavvia fallo te)
posta il fixlog.txt (lo trovi sul desktop)

-Resetta i browser vedi qui http://it.ccm.net/faq/1767-come-ripristinare-il-browser
dopo questa operazione dovrai reimpostare la pagina iniziale dei browser vedi qui http://it.ccm.net/faq/2175-come-camb...le-del-browser
prima di resettare i browser salvati i segnalibri e password se ti interessano....

-Fai pulizia con ccleaner sia sistema che registro (importante)

Fa sapere come va il pc ......e che eventuali problemi restano...

mazzazz · 03-08-2018, 12:09

Ho fatto tutto, il problema sembra essere finalmente scomparso. Ora posso reinstallare un antivirus?

Questo è il fixlog di FRST:

Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by Pietro (03-08-2018 12:48:17) Run:1
Running from C:\Users\Pietro\Desktop
Loaded Profiles: Pietro (Available Profiles: Pietro)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION

Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com

URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File

S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini
2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security
2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security
2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe
2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp
2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe
2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly
Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0
Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation)

C:\Windows\baez.exe

HOSTS:
Removeproxy:
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: ipconfig /flushdns
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
Reboot:

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda" => removed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda_XP" => removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\System\CurrentControlSet\Services\panda_url_filteringd" => removed successfully.
panda_url_filteringd => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\Users\Pietro\AppData\Local\WMI.ini => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\Users\Pietro\AppData\Roaming\Panda Security => moved successfully
C:\Users\Pietro\AKKZk.exe => moved successfully
C:\Program Files\GUT7D73.tmp => moved successfully
C:\Program Files\GUTFA49.tmp => moved successfully
C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe => moved successfully
"C:\Users\Pietro\AppData\Local\WMI.ini" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => not found
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully.
C:\Windows\System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{273197F8-CB33-493E-9FF5-3F0858A98994}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully.
C:\Windows\System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully.
C:\Windows\System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCFB33EC-4A33-9817-0B3C-2C2C38358829}" => removed successfully.
C:\Windows\baez.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.

========= End of RemoveProxy: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Informazioni: Ripristino delle impostazioni dei contatori di prestazioni dall'archivio di backup del sistema completato
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Impossibile trovare il percorso specificato.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.
Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
Avvio del gruppo o del servizio di dipendenza non riuscito.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12680601 B
Java, Flash, Steam htmlcache => 15198739 B
Windows/system/drivers => 943842 B
Edge => 0 B
Chrome => 47954077 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55863087 B
LocalService => 66228 B
NetworkService => 72344 B
Pietro => 102637997 B

RecycleBin => 0 B
EmptyTemp: => 224.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:49:54 ====

Dan1979 · 03-08-2018, 12:30

Ok....

adesso puoi reinstallare un antivirus....

Occhio a vetificare che windows defender sia disabilitato una volta installata l antivirus di terze parti...

testa il pc per un po e se andra bene seguiranno le ultime pulizie dei log e dei programmi usati per effettuare scansioni...

Dan1979 · 06-08-2018, 07:30

Ok..
se il pc funziona bene...

Scarica delfix da qui https://www.bleepingcomputer.com/download/delfix/
Posizionalo sul desktop...poi tasto dx del mouse sopra l eseguibile e fai esegui come amministratore....
Quando si apre metti la spunta a :
Remove disinfection tool
Clicca su run
Attendi che finisca...

Se non ci son piu problemi abbiamo finito....

01-08-2018, 16:14	#22
mazzazz Junior Member Iscritto dal: Jul 2018 Messaggi: 11	Ho pulito tutto con ccleaner, poi ho eliminato due file seganti in rosso con roguekiller sebbene ce ne siano molti altri gialli. Ecco il log di roguekiller: RogueKiller V12.12.29.0 [Jul 30 2018] (Gratuito) di Adlice Software posta : http://www.adlice.com/contact/ Commenti : https://forum.adlice.com Sito Web : http://www.adlice.com/download/roguekiller/ Discussione : http://www.adlice.com Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Iniziato in : Modalità Sicura e connessione Utente : Pietro [Amministratore] Iniziato da : C:\Program Files\RogueKiller\RogueKiller.exe Modalità : Scansione -- Data : 08/01/2018 16:13:47 (Durata : 00:28:48) ¤¤¤ Processi : 0 ¤¤¤ ¤¤¤ Registro : 13 ¤¤¤ [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Trovato [PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar \| {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Safe Web -> Trovato [PUP.Gen0] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks \| {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato [PUP.Gen0] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks \| {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato [PUP.Gen0] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks \| {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : -> Trovato [Suspicious.Path] HKEY_USERS\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Windows\CurrentVersion\Run \| utweb : "C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [7] -> Trovato [PUP.HackTool\|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato [PUP.HackTool\|VT.Detected] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trovato [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules \| {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=6\|Profile=Private\|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe\|Name=uTorrent Web\| [7] -> Trovato [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules \| {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=17\|Profile=Private\|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe\|Name=uTorrent Web\| [7] -> Trovato [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules \| {59C10FBF-E7F8-4B03-B4C0-62F4851CF127} : v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=6\|Profile=Private\|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe\|Name=uTorrent Web\| [7] -> Trovato [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules \| {8518049A-2EF5-467F-96CB-6D43546D337F} : v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=17\|Profile=Private\|App=C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe\|Name=uTorrent Web\| [7] -> Trovato [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System \| ConsentPromptBehaviorAdmin : 0 -> Trovato ¤¤¤ Attività : 0 ¤¤¤ ¤¤¤ Archivi : 2 ¤¤¤ [PUP.HackTool][Cartella] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Trovato [PUP.HackTool][Cartella] C:\Program Files\KMSpico -> Trovato ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Archivio Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000035f]) ¤¤¤ ¤¤¤ Web Browser : 0 ¤¤¤ ¤¤¤ Controllo MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 ATA Device +++++ --- User --- [MBR] 09a04c6d1f22ff2f2dfb29351f5caee1 [BSP] 80a38fed0ab809015c13cee96c71d3db : Windows Vista/7/8\|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 \| Size: 237923 MB [Windows Vista/7/8 Bootstrap \| Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK Il log di FRST (che continua a non trovare nulla di sospetto): Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018 Ran by Pietro (administrator) on PC (01-08-2018 16:54:43) Running from C:\Users\Pietro\Desktop Loaded Profiles: Pietro (Available Profiles: Pietro) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Adlice Software) C:\Program Files\RogueKiller\RogueKiller.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [f.lux] => C:\Users\Pietro\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [utweb] => C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe [5179064 2018-03-29] (BitTorrent Inc.) HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [Spotify Web Helper] => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-07-22] (Spotify Ltd) HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f GroupPolicyScripts: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{C11EF9E9-8CE1-4917-AA25-844B5D1D3F5F}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{ECC88173-E57E-4622-A400-1B9EE911E625}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/ URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] () FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-06-12] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-20] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default [2018-08-01] CHR Extension: (Presentazioni) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Documenti) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03] CHR Extension: (Giovanni Ficarra) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicbnmkiaocihaoagfeccdlbhjegpbpp [2017-08-03] CHR Extension: (YouTube) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03] CHR Extension: (Adblock Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18] CHR Extension: (Adobe Acrobat) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-19] CHR Extension: (Fogli) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Ripples) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjgbmalioedafbpahlobnkgbjkllod [2017-08-03] CHR Extension: (Google Documenti offline) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-04] CHR Extension: (AdBlock) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27] CHR Extension: (Google Maps) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-08-03] CHR Extension: (StudentiAristofane) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljalkpjbjhgagkobdehjlmpbnbgdbm [2017-08-03] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Dusky Waves) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckedjlckloojeaklbodeeoblnkmhkhn [2017-08-03] CHR Extension: (Gmail) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03] CHR Extension: (Chrome Media Router) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07] CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-01] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2017-11-16] (The OpenVPN Project) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2017-08-03] (ATI Technologies, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2017-08-15] () S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2018-07-07] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2018-07-07] (Disc Soft Ltd) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2017-08-15] () R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-01] (Malwarebytes) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-08-01] () S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-01 16:54 - 2018-08-01 16:56 - 000009750 _____ C:\Users\Pietro\Desktop\FRST.txt 2018-08-01 16:52 - 2018-08-01 16:52 - 000008072 _____ C:\Users\Pietro\Desktop\roguekille lol.txt 2018-08-01 16:13 - 2018-08-01 16:13 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-08-01 16:13 - 2018-08-01 16:13 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\RogueKiller 2018-08-01 16:13 - 2018-08-01 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-08-01 16:12 - 2018-08-01 16:13 - 000000000 ____D C:\Program Files\RogueKiller 2018-08-01 16:12 - 2018-08-01 16:11 - 036746192 _____ (Adlice Software ) C:\Users\Pietro\Desktop\RogueKiller_setup.exe 2018-08-01 16:11 - 2018-08-01 16:12 - 036716074 _____ C:\Users\Pietro\Desktop\bau.zip 2018-08-01 16:06 - 2018-08-01 16:20 - 000000320 _____ C:\Windows\ntbtlog.txt 2018-08-01 16:01 - 2018-08-01 16:01 - 000112040 _____ C:\Users\Pietro\Desktop\cc_20180801_160103.reg 2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software 2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software 2018-08-01 15:54 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\CCleaner 2018-08-01 15:54 - 2018-08-01 15:54 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-08-01 15:54 - 2018-08-01 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-08-01 10:25 - 2018-08-01 15:58 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-07-31 21:06 - 2018-08-01 16:54 - 000000000 ____D C:\FRST 2018-07-31 21:05 - 2018-07-31 21:05 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-07-31 21:05 - 2018-07-31 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-07-31 21:04 - 2018-07-31 22:14 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2018-07-31 21:04 - 2018-07-31 21:04 - 000000000 ____D C:\Program Files\Malwarebytes 2018-07-31 20:46 - 2018-07-31 20:46 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\1655554A.sys 2018-07-31 20:43 - 2018-07-31 20:43 - 001773056 ____N (Farbar) C:\Users\Pietro\Desktop\FRST.exe 2018-07-31 18:29 - 2018-07-31 18:29 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\5272E707.sys 2018-07-31 16:17 - 2018-07-31 16:17 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\4C6306E4.sys 2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-07-31 15:41 - 2018-07-31 21:04 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-31 15:41 - 2018-07-31 20:46 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2018-07-31 15:41 - 2018-07-31 15:41 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\6751C2EE.sys 2018-07-30 14:50 - 2018-07-30 14:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pietro\Desktop\HijackThis.exe 2018-07-30 12:29 - 2018-08-01 10:59 - 000000000 ____D C:\AdwCleaner 2018-07-30 12:29 - 2018-07-27 11:21 - 008206624 ____N (Malwarebytes) C:\Users\Pietro\Desktop\adwcleaner-7-0-7-0.exe 2018-07-23 11:12 - 2018-07-23 11:13 - 000028657 _____ C:\Users\Pietro\Desktop\modulo_disdetta_contratto_affitto.pdf 2018-07-20 15:57 - 2018-07-20 15:57 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-07-20 15:57 - 2018-07-20 15:57 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-07-17 19:24 - 2018-07-17 19:24 - 000000000 ____D C:\Users\Pietro\Documents\telecamera 2018-07-14 00:37 - 2018-07-14 00:37 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-07-11 23:54 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-07-11 23:54 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-07-11 23:54 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-07-11 23:54 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-07-11 23:54 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-07-11 23:54 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-07-11 23:54 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-07-11 23:54 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-07-11 23:54 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-07-11 23:54 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-07-11 23:54 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-07-11 23:54 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-07-11 23:54 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-07-11 23:54 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2018-07-11 23:54 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2018-07-11 23:54 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-07-11 23:54 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2018-07-11 23:54 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll 2018-07-11 23:54 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-07-11 23:54 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-07-11 23:54 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll 2018-07-11 23:54 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-07-11 23:54 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-07-11 23:54 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2018-07-11 23:54 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2018-07-11 23:54 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2018-07-11 23:54 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2018-07-11 23:54 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2018-07-11 23:54 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-07-11 23:54 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-07-11 23:54 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-07-11 23:54 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2018-07-11 23:54 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2018-07-11 23:54 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2018-07-11 23:54 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2018-07-11 23:54 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2018-07-11 23:54 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2018-07-11 23:54 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll 2018-07-11 23:54 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2018-07-11 23:53 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-07-11 23:53 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-07-11 23:53 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-07-11 23:53 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-07-11 23:53 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-07-11 23:53 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-07-11 23:53 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-07-11 23:53 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-07-11 23:53 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-07-11 23:53 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-07-11 23:53 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-07-11 23:53 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-07-11 23:53 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-07-11 23:53 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-07-11 23:53 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-07-11 23:53 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-07-11 23:53 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-07-11 23:53 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-07-11 23:53 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-07-11 23:53 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-07-11 23:53 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-07-11 23:53 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-07-11 23:53 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2018-07-11 23:53 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2018-07-11 23:53 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-07-11 23:53 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-07-11 23:53 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-07-11 23:53 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-07-11 23:53 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-07-11 23:53 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-07-11 23:53 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-07-11 23:53 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2018-07-11 23:53 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-07-11 23:53 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-07-11 23:53 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-07-11 23:53 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-07-11 23:53 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-07-11 23:53 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-07-11 23:53 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-07-11 23:53 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-07-11 23:53 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-07-11 23:53 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2018-07-11 23:53 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2018-07-11 23:53 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2018-07-11 23:53 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2018-07-11 23:53 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2018-07-11 23:53 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2018-07-11 23:53 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2018-07-11 23:52 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-07-11 23:52 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-07-11 23:52 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-07-11 23:52 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-07-08 12:25 - 2018-07-08 12:25 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\SUPERAntiSpyware.com 2018-07-08 12:24 - 2018-07-08 12:24 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2018-07-07 19:18 - 2018-07-07 19:18 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Steam 2018-07-07 19:10 - 2018-07-07 19:10 - 000001893 _____ C:\Users\Public\Desktop\Total War Attila.lnk 2018-07-07 18:39 - 2018-07-07 20:25 - 000000000 ____D C:\Program Files\Total War Attila 2018-07-07 18:35 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Public\Documents\Catch! 2018-07-07 18:34 - 2018-07-07 18:35 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2018-07-07 18:33 - 2018-07-07 18:36 - 000000000 ____D C:\Users\Pietro\AppData\Local\Disc_Soft_Ltd 2018-07-07 18:33 - 2018-07-07 18:33 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2018-07-07 18:31 - 2018-07-07 18:35 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\DAEMON Tools Lite 2018-07-07 18:31 - 2018-07-07 18:33 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2018-07-07 18:30 - 2018-07-07 18:30 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2018-07-07 17:24 - 2018-07-07 18:02 - 000000000 ____D C:\Users\Pietro\Downloads\Total.War.Attila.RePack.by.Valdeni 2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-01 16:03 - 2017-08-15 16:54 - 000000000 ____D C:\Program Files\Steam 2018-08-01 16:03 - 2011-01-15 13:33 - 000000000 ____D C:\Windows\Panther 2018-08-01 16:03 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-01 15:56 - 2018-02-21 18:39 - 000009984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-01 15:54 - 2017-11-10 18:40 - 000000000 ____D C:\Users\Pietro\Desktop\Foto 2018-08-01 15:53 - 2018-04-22 17:43 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\uTorrent Web 2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security 2018-08-01 15:52 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-01 15:51 - 2009-07-14 06:33 - 000464392 _____ C:\Windows\system32\FNTCACHE.DAT 2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security 2018-07-31 21:04 - 2015-01-28 01:02 - 000000000 ____D C:\Users\Pietro\Desktop\mbar 2018-07-30 20:46 - 2018-03-12 21:15 - 000000000 ____D C:\Users\Pietro\Desktop\ricordati che ogni tanto sei anche un cazzo di scrittore 2018-07-30 14:51 - 2017-08-03 18:21 - 000000000 ____D C:\Users\Pietro\AppData\Local\Spotify 2018-07-30 14:39 - 2017-08-03 18:20 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Spotify 2018-07-29 02:26 - 2017-08-16 09:19 - 000000000 ____D C:\Windows\system32\Macromed 2018-07-24 12:09 - 2011-01-15 13:50 - 001644010 _____ C:\Windows\system32\PerfStringBackup.INI 2018-07-24 12:09 - 2009-07-14 10:21 - 000744404 _____ C:\Windows\system32\perfh010.dat 2018-07-24 12:09 - 2009-07-14 10:21 - 000148734 _____ C:\Windows\system32\perfc010.dat 2018-07-20 15:56 - 2017-08-03 16:44 - 000000000 ____D C:\Program Files\Google 2018-07-20 15:54 - 2017-08-03 16:43 - 000000000 ____D C:\Users\Pietro\AppData\Local\Deployment 2018-07-17 00:02 - 2011-01-15 14:00 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2018-07-16 01:57 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache 2018-07-14 19:38 - 2017-10-19 19:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-07-14 19:17 - 2017-08-16 04:52 - 000000000 ____D C:\Windows\system32\appraiser 2018-07-14 00:53 - 2017-08-02 23:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-07-14 00:34 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-07-11 19:02 - 2017-09-13 20:58 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-07-11 19:02 - 2017-08-16 09:19 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-07-10 18:10 - 2017-09-19 17:46 - 000002078 _____ C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-07-07 19:18 - 2017-08-16 09:19 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\The Creative Assembly 2018-07-07 14:33 - 2017-11-12 21:49 - 000000000 ____D C:\Users\Pietro\AppData\Local\Ubisoft Game Launcher 2018-07-07 14:31 - 2017-08-03 08:28 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2018-07-07 13:52 - 2017-08-15 16:50 - 000000000 ____D C:\Windows\system32\appmgmt 2018-07-06 13:32 - 2017-08-02 23:44 - 000000000 ____D C:\Users\Pietro 2018-07-06 13:12 - 2018-05-07 14:41 - 000000000 ____D C:\Users\Pietro\Documents\il gioco 2018-07-06 13:12 - 2017-12-05 15:20 - 000000000 ____D C:\Users\Pietro\Desktop\Cenerentola 2018-07-05 13:23 - 2009-07-14 04:04 - 000000478 _____ C:\Windows\win.ini ==================== Files in the root of some directories ======= 2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe 2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp 2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe 2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini Some files in TEMP: ==================== 2018-08-01 16:13 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) C:\Users\Pietro\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-07-27 12:30 ==================== End of FRST.txt ============================ E l'additiondi FRST: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018 Ran by Pietro (01-08-2018 16:56:26) Running from C:\Users\Pietro\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-08-02 21:19:48) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3475549784-737223174-1249760543-500 - Administrator - Disabled) Guest (S-1-5-21-3475549784-737223174-1249760543-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3475549784-737223174-1249760543-1003 - Limited - Enabled) Pietro (S-1-5-21-3475549784-737223174-1249760543-1000 - Administrator - Enabled) => C:\Users\Pietro ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp) Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATI Catalyst Install Manager (HKLM\...\{AC904169-4386-A9F9-AC00-67D5C42133BF}) (Version: 3.0.795.0 - ATI Technologies, Inc.) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) ccc-core-static (HKLM\...\{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}) (Version: 2010.1028.1114.18274 - Nome società) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform) f.lux (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Flux) (Version: - f.lux Software LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - ) League of Legends (HKLM\...\{1976A709-EC16-419D-85D4-52FE64A3A5C7}) (Version: 4.2.1 - Riot Games) Hidden League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacchetto driver Windows - Broadcom (BCM43XX) Net (09/04/2014 6.34.223.5) (HKLM\...\2A31EA3D7C17F73EDC1C5275544C8B1D34746852) (Version: 09/04/2014 6.34.223.5 - Broadcom) Pacchetto driver Windows - Broadcom (k57nd60x) Net (10/30/2013 15.6.0.14) (HKLM\...\D044F015E956FC855111BB167FC036B8BFCBB620) (Version: 10/30/2013 15.6.0.14 - Broadcom) Pacchetto driver Windows - Broadcom (k57w2k) Net (11/24/2011 14.8.0.6) (HKLM\...\6B2DB2AB78900DF8904260899A8081C43DAEDD3A) (Version: 11/24/2011 14.8.0.6 - Broadcom) RogueKiller version 12.12.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.29.0 - Adlice Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Skype versione 8.17 (HKLM\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\Spotify) (Version: 1.0.85.259.g4ab01679 - Spotify AB) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Supporto applicazioni Apple (32 bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Total War Attila (HKLM\...\Total War Attila_is1) (Version: 1.6 - RePack by Valdeni) uTorrent Web (HKU\S-1-5-21-3475549784-737223174-1249760543-1000\...\utweb) (Version: 0.15.0 - BitTorrent, Inc.) WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-10-28] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2A12AAA6-08D3-4502-9F76-734579CB9F8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {35DE8FCE-5991-4F86-9677-9A68D72B0E43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {35E77E7F-AAC8-4425-BB95-6AB7D2720B09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated) Task: {590D3233-9A2A-414B-83C4-DE6574211224} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {76313147-2D04-4785-BE9F-298335A1A7D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated) Task: {83917107-974C-4689-ACE4-AB7256AD751F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd) Task: {86C57075-EB8A-46C1-8863-2AF2D31AB737} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.) Task: {95660FD3-95AE-4F02-A987-83E395F12F7F} - System32\Tasks\{7FAC327B-162B-3D63-117E-5A1DCCA56CC9} => C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe [2009-07-14] (Microsoft Corporation) Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0 Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation) Task: {C80FC050-04CA-4430-B0B8-B6DC5EE45264} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated) Task: {D5F05977-A32E-4759-A355-ABCE66A8D0AC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd) Task: {D8CB692F-A750-4556-A51B-82468351E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-07-20] (Google Inc.) Task: {FF7FB4FD-7E43-43BB-A93D-A940BC52A578} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {FFD2495D-6E4B-4D03-B6B0-6D36923EB299} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-07-31 21:04 - 2018-07-31 22:14 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-06-27 19:24 - 2018-06-27 19:24 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2018-08-01 15:55 - 000000864 _____ C:\Windows\system32\Drivers\etc\hosts 2.20.251.26 n4464433.iavs9x.u.avast.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe MSCONFIG\startupreg: Spotify => C:\Users\Pietro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pietro\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6BABEEEB-78C4-4285-981D-DBD80DD7598B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{AD892B7E-7293-46C5-BFF0-35DE1DF09D2C}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{FF89BE03-48A1-4719-85CF-66DA42718527}C:\users\pietro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pietro\appdata\roaming\spotify\spotify.exe FirewallRules: [{2216C13B-D064-4C8E-80D3-941602FD363C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9E38F1CA-2AAA-4442-A9D8-3147A7FDDFE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{12481DF3-1CE6-4F2A-83BC-83B4A40CDF52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{C1C0E43F-C147-4B69-9944-14BA90D1B746}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D893CBB8-B39D-4958-9AA6-314C867D1FE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{07D30D75-64E3-4FBC-9D15-59AE3874A30C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2F303B6D-C51B-4210-9E7E-284B4A3BECC3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{96C3DE76-140C-400C-9F3F-4114C3A7D50F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8F7D49EF-F962-42C8-B0A3-06AF7B1205E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{7688AEF3-7391-417A-8829-C4635E9B5D4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8F6D752B-76F1-45B0-8D41-4B3B063B8469}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{78CA0936-98B1-4233-AB94-99D96F47B20E}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{9FF35AD0-8A75-43CD-8829-46EA28BB2CA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{30A3A1F4-0D6F-4716-9C46-7E9A5EA99A36}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{576DDD19-0100-443C-97C0-A12468F812DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [UDP Query User{B3B0617D-2860-45B3-BE54-C156FC9C9630}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [{E63C56DD-E86B-41EC-8B7D-9C5C26384889}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{F191430D-6395-4B3A-BEF5-611A00B26DD5}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{59C10FBF-E7F8-4B03-B4C0-62F4851CF127}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe FirewallRules: [{8518049A-2EF5-467F-96CB-6D43546D337F}] => (Allow) C:\Users\Pietro\AppData\Roaming\uTorrent Web\utweb.exe FirewallRules: [TCP Query User{F19525F0-C933-407D-9E05-338B555312A0}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe FirewallRules: [UDP Query User{D113A0C8-7A4D-4656-8BB5-0AFBF23CD20F}C:\users\pietro\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pietro\appdata\roaming\utorrent web\utweb.exe FirewallRules: [{D64193AB-885F-42A1-9453-3E9F365C527E}] => (Allow) C:\Windows\system32\msiexec.exe FirewallRules: [{1CB41579-D0E1-4DB6-8427-26CE5A8EBB49}] => (Allow) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe FirewallRules: [{E6F50F18-9172-4A83-BCF0-86E9E2E86741}] => (Allow) C:\Windows\baez.exe FirewallRules: [TCP Query User{781951F3-CE59-48DE-92E1-8EDEBD90137C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe FirewallRules: [UDP Query User{5D5B2897-5457-4179-8CE4-7132EA75DE9C}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe FirewallRules: [TCP Query User{A2C52868-EA32-4B97-B0DD-5D31242A5A29}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe FirewallRules: [UDP Query User{AE748AF5-E878-4AE3-BD5C-01F101B8DF55}C:\program files\total war attila\attila.exe] => (Allow) C:\program files\total war attila\attila.exe FirewallRules: [{260AFA4C-596B-4FDB-BD17-1CDBB3AF1681}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{A6377F03-DFA9-41DA-9AFF-F6920ECBDC95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe FirewallRules: [UDP Query User{E4AD3274-34EA-40C1-82F4-1F821ED2750A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe FirewallRules: [{DF2DC5E4-6F46-493A-AF26-7CD14D565001}] => (Allow) C:\Windows\system32\tracert.exe FirewallRules: [{88AB60CC-7C60-4F36-A126-997E0ECB1B66}] => (Allow) C:\Windows\system32\tracert.exe FirewallRules: [{9E0B0D69-E370-459B-AB16-C9B73CADEE86}] => (Allow) C:\Windows\system32\tracert.exe FirewallRules: [TCP Query User{F52EF858-3F47-4C97-8A53-A557449E53CF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe FirewallRules: [UDP Query User{E2FA60C7-FA51-470E-BD4D-F39D53F0C3E0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe FirewallRules: [{DEF95A84-9F64-48FD-84E5-D0F98E9F426E}] => (Allow) C:\Windows\system32\tracert.exe FirewallRules: [{D9E3D654-454C-4DBC-9B4D-8D4C63DDE93C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{AC8BFD51-B8AB-42A8-A237-83974224C204}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe ==================== Restore Points ========================= 26-07-2018 13:35:08 Punto di controllo pianificato 26-07-2018 13:46:27 Windows Update 30-07-2018 01:34:35 Windows Update 31-07-2018 16:05:47 Malwarebytes Anti-Rootkit Restore Point ==================== Faulty Device Manager Devices ============= Name: Scheda Microsoft Teredo Tunneling Description: Scheda Microsoft Teredo Tunneling Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:56:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Error: (08/01/2018 04:50:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Browser di computer dipende dal servizio Server che non è stato avviato per il seguente errore: Avvio del gruppo o del servizio di dipendenza non riuscito. Windows Defender: =================================== Date: 2018-07-07 12:43:44.659 Description: %1: il modulo è stato terminato a causa di un errore imprevisto. Tipo errore:%5 Codice eccezione:%6 Risorsa:%3 Date: 2018-07-04 13:12:49.000 Description: Windows Defender: errore durante il tentativo di aggiornare le firme. Nuova versione firma:1.271.442.0 Versione firma precedente:1.269.1075.0 Origine aggiornamento:Utente Tipo firma:Antispyware Tipo aggiornamentoelta Utente:NT AUTHORITY\SYSTEM Versione modulo corrente:1.1.15000.2 Versione modulo precedente:1.1.14901.4 Codice errore:0x80070666 Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo. Date: 2018-07-04 13:12:48.999 Description: Windows Defender: errore durante il tentativo di aggiornare il modulo. Nuova versione modulo:1.1.15000.2 Versione modulo precedente:1.1.14901.4 Origine aggiornamento:Utente Utente:NT AUTHORITY\SYSTEM Codice errore:0x80070666 Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo. CodeIntegrity: =================================== Date: 2017-08-11 17:01:56.897 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.836 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.753 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.635 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.626 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.617 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.181 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-08-11 17:01:56.173 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume1\Program Files\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. ==================== Memory info =========================== Processor: AMD Phenom(tm) II N830 Triple-Core Processor Percentage of memory in use: 31% Total physical RAM: 3578.9 MB Available physical RAM: 2434.5 MB Total Virtual: 7156.15 MB Available Virtual: 6399.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.35 GB) (Free:40.77 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Shogun2 Disc 1) (CDROM) (Total:6.55 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ Cosa faccio con il resto dei file trovati da roguekiller?

03-08-2018, 12:30	#25
Dan1979 Member Iscritto dal: Jun 2017 Messaggi: 175	Ok.... adesso puoi reinstallare un antivirus.... Occhio a vetificare che windows defender sia disabilitato una volta installata l antivirus di terze parti... testa il pc per un po e se andra bene seguiranno le ultime pulizie dei log e dei programmi usati per effettuare scansioni... Ultima modifica di Dan1979 : 03-08-2018 alle 12:35.

03-08-2018, 12:09	#24
mazzazz Junior Member Iscritto dal: Jul 2018 Messaggi: 11	Ho fatto tutto, il problema sembra essere finalmente scomparso. Ora posso reinstallare un antivirus? Questo è il fixlog di FRST: Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018 Ran by Pietro (03-08-2018 12:48:17) Run:1 Running from C:\Users\Pietro\Desktop Loaded Profiles: Pietro (Available Profiles: Pietro) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: *************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f GroupPolicyScripts: Restriction <==== ATTENTION Hosts: 2.20.251.26 n4464433.iavs9x.u.avast.com URLSearchHook: HKU\S-1-5-21-3475549784-737223174-1249760543-1000 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File BHO: No Name -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> No File Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\ProgramData\AVAST Software 2018-08-01 15:55 - 2018-08-01 15:55 - 000000000 ____D C:\Program Files\AVAST Software 2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ C:\Users\Pietro\AppData\Local\WMI.ini 2018-08-01 15:53 - 2017-08-02 23:29 - 000000000 ____D C:\ProgramData\Panda Security 2018-08-01 15:39 - 2017-08-03 08:51 - 000000000 ____D C:\Users\Pietro\AppData\Roaming\Panda Security 2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Pietro\AKKZk.exe 2018-05-17 23:03 - 2018-05-17 23:03 - 007649280 _____ () C:\Program Files\GUT7D73.tmp 2017-11-15 22:45 - 2017-11-15 22:45 - 007649280 _____ () C:\Program Files\GUTFA49.tmp 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe 2018-07-06 13:32 - 2018-07-06 13:32 - 000000002 _____ () C:\Users\Pietro\AppData\Local\WMI.ini ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File Task: {B4809495-BBD8-4FF8-8B1D-9F4F9173F676} - System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -c -runfromtemp -l0x0010 -removeonly Task: {B564C1A9-A6D4-4F71-AC9A-D909EF19A73F} - System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://newsupforu.com/cl/?guid=5a0h8naq5irvqni5wg56uodmg1ypcw48&prid=1&pid=4_1324_0 Task: {C5F630B8-54CB-4869-8398-F4389AE3EB79} - System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => C:\Windows\baez.exe [2009-07-14] (Microsoft Corporation) C:\Windows\baez.exe HOSTS: Removeproxy: CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: ipconfig /flushdns CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" CMD: Bitsadmin /Reset /Allusers Reboot: End *************** Error: Restore point can only be created in normal mode. Processes closed successfully. "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda" => removed successfully. "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda_XP" => removed successfully. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. "HKU\S-1-5-21-3475549784-737223174-1249760543-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found "HKLM\System\CurrentControlSet\Services\panda_url_filteringd" => removed successfully. panda_url_filteringd => service removed successfully. "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully. VGPU => service removed successfully. C:\ProgramData\AVAST Software => moved successfully C:\Program Files\AVAST Software => moved successfully C:\Users\Pietro\AppData\Local\WMI.ini => moved successfully C:\ProgramData\Panda Security => moved successfully C:\Users\Pietro\AppData\Roaming\Panda Security => moved successfully C:\Users\Pietro\AKKZk.exe => moved successfully C:\Program Files\GUT7D73.tmp => moved successfully C:\Program Files\GUTFA49.tmp => moved successfully C:\Users\Pietro\AppData\Local\TxiCYYmoEGki.exe => moved successfully "C:\Users\Pietro\AppData\Local\WMI.ini" => not found "HKLM\Software\Classes\\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully. HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found HKLM\Software\Classes\\ShellEx\ContextMenuHandlers\UAContextMenu => not found HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully. HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4809495-BBD8-4FF8-8B1D-9F4F9173F676}" => removed successfully. C:\Windows\System32\Tasks\{273197F8-CB33-493E-9FF5-3F0858A98994} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{273197F8-CB33-493E-9FF5-3F0858A98994}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B564C1A9-A6D4-4F71-AC9A-D909EF19A73F}" => removed successfully. C:\Windows\System32\Tasks\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B67FFD2-E9B2-7A8D-CC20-B402FC7B754F}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F630B8-54CB-4869-8398-F4389AE3EB79}" => removed successfully. C:\Windows\System32\Tasks\{BCFB33EC-4A33-9817-0B3C-2C2C38358829} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCFB33EC-4A33-9817-0B3C-2C2C38358829}" => removed successfully. C:\Windows\baez.exe => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. "HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\S-1-5-21-3475549784-737223174-1249760543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. ========= End of RemoveProxy: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Informazioni: Ripristino delle impostazioni dei contatori di prestazioni dall'archivio di backup del sistema completato ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Impossibile trovare il percorso specificato. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configurazione IP di Windows Cache del resolver DNS svuotata. ========= End of CMD: ========= ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale. Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x8007042c Avvio del gruppo o del servizio di dipendenza non riuscito. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12680601 B Java, Flash, Steam htmlcache => 15198739 B Windows/system/drivers => 943842 B Edge => 0 B Chrome => 47954077 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 55863087 B LocalService => 66228 B NetworkService => 72344 B Pietro => 102637997 B RecycleBin => 0 B EmptyTemp: => 224.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:49:54 ====

06-08-2018, 07:30	#26
Dan1979 Member Iscritto dal: Jun 2017 Messaggi: 175	Ok.. se il pc funziona bene... Scarica delfix da qui https://www.bleepingcomputer.com/download/delfix/ Posizionalo sul desktop...poi tasto dx del mouse sopra l eseguibile e fai esegui come amministratore.... Quando si apre metti la spunta a : Remove disinfection tool Clicca su run Attendi che finisca... Se non ci son piu problemi abbiamo finito....

Strumenti
Mostra una versione stampabile Invia questa pagina per email