(RISOLTO) Pagine che si aprono da sole

davidinop85

Posted on 21/3/2016, 12:27

User deleted

Salve ho seguito i vostri consigli ma mi appaiono sempre gli annunci pubblicitari vi allego i file testo

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Administrator (administrator) on SHEEP-5C557A5BF (21-03-2016 12:19:12)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Inglese (Stati Uniti)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS.0\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxsrvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
(Stardock) C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wscntfy.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [Cpqset] => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [61440 2008-05-14] ()
HKLM\...\Run: [IgfxTray] => C:\WINDOWS.0\system32\igfxtray.exe [141848 2008-05-22] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS.0\system32\hkcmd.exe [166424 2008-05-22] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\WINDOWS.0\system32\igfxpers.exe [137752 2008-05-22] (Intel Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-18] (Intel Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [99064 2015-12-07] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe [254472 2015-11-06] (Visicom Media Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS.0\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS.0\system32\crypt32.dll [2013-09-11] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.0\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.0\system32\cscdll.dll [2013-09-11] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.0\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS.0\system32\igfxdev.dll [2008-03-17] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.0\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.0\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS.0\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS.0\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\Run: [ctfmon.exe] => C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-02-18] (Glarysoft Ltd)
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe [2094080 2016-03-15] (BitTorrent Inc.)
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\MountPoints2: {ae83eca4-9c4a-11e5-82e9-001f3bb7d803} - D:\AutoRun.exe
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\...\MountPoints2: {ae83eca7-9c4a-11e5-82e9-1c4bd6b517a2} - D:\AutoRun.exe
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2014-09-25]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS.0\system32\winrnr.dll [16896 2008-04-14] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS.0\system32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9419131C-1B57-49ED-8B7B-4575317707EB}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-2052111302-1202660629-1417001333-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
URLSearchHook: [S-1-5-21-2052111302-1202660629-1417001333-500] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-2052111302-1202660629-1417001333-500 - (No Name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oagedldt.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2052111302-1202660629-1417001333-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2016-02-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-22]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-09] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-10-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.blurum.it/Web/
CHR StartupUrls: Default -> "hxxps://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://pandasecurity.mystart.com/results.php?searchsource=omnibar&pr=vmn&id=pandasecuritytb&v=2_3&ent=ds_671&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Documenti Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Immagine di sfondo per Google™ Homepage) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2016-02-13]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Reaction Packs for Facebook) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djcfkadjljnkkbojdgocopcbdbnmpcan [2016-03-18]
CHR Extension: (Google News) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-02-13]
CHR Extension: (Yahoo!) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdhbkaahephniejapepaiggngjnedpci [2016-02-19]
CHR Extension: (Fogli Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Documenti offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]
CHR HKLM\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS.0\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINDOWS.0\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 AppMgmt; C:\WINDOWS.0\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS.0\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R3 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S2 Browser; C:\WINDOWS.0\System32\browser.dll [78336 2013-09-11] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS.0\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINDOWS.0\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS.0\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS.0\system32\rpcss.dll [401408 2013-09-11] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS.0\System32\dhcpcsvc.dll [126976 2013-09-11] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS.0\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINDOWS.0\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS.0\System32\dnsrslvr.dll [45568 2013-09-11] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS.0\System32\dot3svc.dll [132096 2013-09-11] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS.0\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS.0\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS.0\system32\services.exe [110592 2013-09-11] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [253952 2013-09-11] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-11] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS.0\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS.0\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS.0\System32\srvsvc.dll [99840 2013-09-11] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS.0\System32\wkssvc.dll [134144 2013-09-11] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS.0\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS.0\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS.0\System32\msiexec.exe [95744 2013-09-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-12-07] (Panda Security, S.L.)
S3 napagent; C:\WINDOWS.0\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINDOWS.0\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINDOWS.0\System32\mswsock.dll [245248 2013-09-11] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS.0\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PlugPlay; C:\WINDOWS.0\system32\services.exe [110592 2013-09-11] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-12-07] (Panda Security, S.L.)
S3 RasAuto; C:\WINDOWS.0\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS.0\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS.0\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS.0\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS.0\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS.0\system32\rpcss.dll [401408 2013-09-11] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS.0\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS.0\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS.0\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS.0\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINDOWS.0\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS.0\System32\ipnathlp.dll [330752 2013-09-11] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-11] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS.0\system32\spoolsv.exe [58880 2013-09-11] (Microsoft Corporation)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS.0\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS.0\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS.0\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS.0\System32\tapisrv.dll [249856 2013-09-11] (Microsoft Corporation)
R2 TermService; C:\WINDOWS.0\System32\termsrv.dll [296960 2013-09-11] (Microsoft Corporation)
R2 Themes; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-11] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS.0\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS.0\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINDOWS.0\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S2 uzsvc; C:\Program Files\UltraZip\uzsvc.exe [45248 2016-03-16] ()
S2 uzupd; C:\Program Files\UltraZip\uzupd.exe [82624 2016-03-16] ()
S3 VSS; C:\WINDOWS.0\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175616 2013-09-11] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS.0\System32\webclnt.dll [68096 2013-09-11] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS.0\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS.0\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS.0\System32\advapi32.dll [618496 2013-09-11] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS.0\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [23064 2013-09-11] (Microsoft Corporation)
R2 WudfSvc; C:\WINDOWS.0\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS.0\System32\wzcsvc.dll [483328 2013-09-11] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS.0\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{24D0BF3D-9E07-400B-98DB-7C0A771C145F}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 a347bus; C:\WINDOWS.0\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( ) [File not signed]
R0 a347scsi; C:\WINDOWS.0\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed]
R0 ACPI; C:\WINDOWS.0\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
R0 ACPIEC; C:\WINDOWS.0\System32\DRIVERS\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINDOWS.0\System32\drivers\ADIHdAud.sys [281600 2008-04-24] (Analog Devices, Inc.)
R3 AEAudio; C:\WINDOWS.0\System32\drivers\AEAudio.sys [94976 2007-07-13] (Andrea Electronics Corporation)
S3 aec; C:\WINDOWS.0\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS.0\System32\drivers\afd.sys [138496 2013-09-11] (Microsoft Corporation)
S3 AsyncMac; C:\WINDOWS.0\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINDOWS.0\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed]
S3 Atmarpc; C:\WINDOWS.0\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINDOWS.0\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINDOWS.0\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
S4 cbidf2k; C:\WINDOWS.0\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS.0\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS.0\system32\Drivers\Cdaudio.sys [18688 2013-09-11] (Microsoft Corporation)
R4 Cdfs; C:\WINDOWS.0\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdrom; C:\WINDOWS.0\System32\DRIVERS\cdrom.sys [62976 2013-09-11] (Microsoft Corporation)
R3 CmBatt; C:\WINDOWS.0\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINDOWS.0\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Disk; C:\WINDOWS.0\System32\DRIVERS\disk.sys [36352 2013-09-11] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS.0\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINDOWS.0\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINDOWS.0\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS.0\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS.0\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 e1express; C:\WINDOWS.0\System32\DRIVERS\e1e5132.sys [250776 2007-04-12] (Intel Corporation)
S4 exFat; C:\WINDOWS.0\system32\Drivers\exFat.sys [133632 2013-09-11] (Microsoft Corporation)
S4 Fastfat; C:\WINDOWS.0\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
S1 Fdc; C:\WINDOWS.0\system32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINDOWS.0\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
S1 Flpydisk; C:\WINDOWS.0\system32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS.0\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS.0\system32\Drivers\Fs_Rec.sys [9216 2013-09-11] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS.0\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS.0\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
R1 GUBootStartup; C:\WINDOWS.0\System32\drivers\GUBootStartup.sys [17472 2015-05-28] (Glarysoft Ltd)
R3 HDAudBus; C:\WINDOWS.0\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 hidusb; C:\WINDOWS.0\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
R3 HTTP; C:\WINDOWS.0\System32\Drivers\HTTP.sys [265728 2013-09-11] (Microsoft Corporation)
R1 i8042prt; C:\WINDOWS.0\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
R3 ialm; C:\WINDOWS.0\System32\DRIVERS\igxpmp32.sys [5955872 2008-03-17] (Intel Corporation)
R0 iaStor; C:\WINDOWS.0\System32\DRIVERS\iaStor.sys [312344 2008-04-15] (Intel Corporation)
R0 iastor3; C:\WINDOWS.0\system32\Drivers\iastor3.sys [308248 2013-09-11] (Intel Corporation)
R1 Imapi; C:\WINDOWS.0\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R1 intelppm; C:\WINDOWS.0\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS.0\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS.0\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS.0\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS.0\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS.0\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS.0\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS.0\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS.0\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
R3 kmixer; C:\WINDOWS.0\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS.0\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINDOWS.0\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
S3 Modem; C:\WINDOWS.0\system32\Drivers\Modem.sys [30080 2013-09-11] (Microsoft Corporation)
R1 Mouclass; C:\WINDOWS.0\System32\DRIVERS\mouclass.sys [23040 2013-09-11] (Microsoft Corporation)
R3 mouhid; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [12160 2013-09-11] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS.0\system32\Drivers\MountMgr.sys [42752 2013-09-11] (Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS.0\System32\DRIVERS\mrxdav.sys [180096 2013-09-11] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS.0\System32\DRIVERS\mrxsmb.sys [457856 2013-09-11] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS.0\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS.0\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS.0\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS.0\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS.0\System32\DRIVERS\mssmbios.sys [15488 2013-09-11] (Microsoft Corporation)
S3 MSTEE; C:\WINDOWS.0\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINDOWS.0\system32\Drivers\Mup.sys [105472 2013-09-11] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS.0\system32\Drivers\mv61xxmm.sys [14184 2013-09-11] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS.0\system32\Drivers\mv64xxmm.sys [5632 2013-09-11] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS.0\system32\Drivers\mvxxmm.sys [14184 2013-09-11] (Marvell Semiconductor Inc.)
S3 NABTSFEC; C:\WINDOWS.0\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS.0\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS.0\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS.0\System32\DRIVERS\ndistapi.sys [10496 2013-09-11] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS.0\System32\DRIVERS\ndisuio.sys [14592 2013-09-11] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS.0\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS.0\system32\Drivers\NDProxy.sys [40960 2013-09-11] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS.0\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS.0\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS.0\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R1 NNSALPC; C:\WINDOWS.0\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS.0\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS.0\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS.0\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS.0\System32\DRIVERS\NNSNAHS.sys [46480 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS.0\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS.0\System32\DRIVERS\NNSPihs.sys [52088 2015-12-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS.0\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS.0\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS.0\System32\DRIVERS\NNSPrv.sys [209016 2015-12-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS.0\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS.0\System32\DRIVERS\NNSStrm.sys [240376 2015-12-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS.0\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
R1 Npfs; C:\WINDOWS.0\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS.0\system32\Drivers\Ntfs.sys [576384 2008-11-18] (Microsoft Corporation)
R1 Null; C:\WINDOWS.0\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINDOWS.0\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS.0\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
S3 Parport; C:\WINDOWS.0\system32\Drivers\Parport.sys [80128 2013-09-11] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS.0\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
S2 ParVdm; C:\WINDOWS.0\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)
R0 PCI; C:\WINDOWS.0\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS.0\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
S4 Pcmcia; C:\WINDOWS.0\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS.0\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINDOWS.0\System32\DRIVERS\psched.sys [70272 2013-09-11] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS.0\System32\DRIVERS\PSINAflt.sys [141304 2015-11-29] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS.0\System32\DRIVERS\PSINFile.sys [102136 2015-11-29] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS.0\System32\DRIVERS\psinknc.sys [172792 2015-11-22] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS.0\System32\DRIVERS\PSINProc.sys [114680 2015-12-04] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS.0\System32\DRIVERS\PSINProt.sys [126200 2015-11-29] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS.0\System32\DRIVERS\PSINReg.sys [100600 2015-11-29] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS.0\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R3 Ptilink; C:\WINDOWS.0\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINDOWS.0\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS.0\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS.0\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS.0\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS.0\System32\DRIVERS\rdbss.sys [174848 2013-09-11] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)
R3 rdpdr; C:\WINDOWS.0\System32\DRIVERS\rdpdr.sys [195712 2009-09-04] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS.0\system32\Drivers\RDPWD.sys [139784 2013-09-11] (Microsoft Corporation)
R1 redbook; C:\WINDOWS.0\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R2 rspndr; C:\WINDOWS.0\System32\DRIVERS\rspndr.sys [62848 2013-09-11] (Microsoft Corporation)
S3 Secdrv; C:\WINDOWS.0\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S2 Serial; C:\WINDOWS.0\system32\Drivers\Serial.sys [64512 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS.0\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
S3 SLIP; C:\WINDOWS.0\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINDOWS.0\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINDOWS.0\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINDOWS.0\System32\DRIVERS\srv.sys [357888 2013-09-11] (Microsoft Corporation)
S3 streamip; C:\WINDOWS.0\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R3 swenum; C:\WINDOWS.0\System32\DRIVERS\swenum.sys [4352 2013-09-11] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS.0\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS.0\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINDOWS.0\System32\DRIVERS\tcpip.sys [361600 2013-09-11] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS.0\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINDOWS.0\system32\Drivers\TDTCP.sys [22024 2013-09-11] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS.0\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S4 Udfs; C:\WINDOWS.0\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINDOWS.0\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
S3 usbccgp; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [30464 2013-03-06] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS.0\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS.0\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
S3 usbstor; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [20736 2013-03-06] (Microsoft Corporation)
S3 usbvideo; C:\WINDOWS.0\System32\Drivers\usbvideo.sys [121984 2008-04-13] (Microsoft Corporation)
S3 usb_rndisx; C:\WINDOWS.0\System32\DRIVERS\usb8023x.sys [12928 2013-02-12] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS.0\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R0 VolSnap; C:\WINDOWS.0\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINDOWS.0\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS.0\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINDOWS.0\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINDOWS.0\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation)
R1 WS2IFSL; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation)
S3 WSTCODEC; C:\WINDOWS.0\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
R0 WudfPf; C:\WINDOWS.0\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINDOWS.0\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S1 avipbb; system32\DRIVERS\avipbb.sys [X]
S1 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S4 IntelIde; no ImagePath
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 12:17 - 2016-03-21 12:19 - 00000000 ____D C:\FRST
2016-03-21 12:13 - 2015-05-22 09:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS.0\system32\Drivers\PSKMAD.sys
2016-03-21 12:05 - 2016-03-21 12:09 - 00000000 ____D C:\AdwCleaner
2016-03-20 14:54 - 2016-03-20 14:54 - 00278152 _____ C:\WINDOWS.0\system32\FNTCACHE.DAT
2016-03-20 14:54 - 2016-03-20 14:54 - 00070384 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-03-19 19:31 - 2016-03-19 19:31 - 00078126 _____ C:\Documents and Settings\Administrator\My Documents\fac-simile-disdetta-contratto-di-locazione.pdf
2016-03-19 14:52 - 2016-03-19 16:53 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\bandi
2016-03-17 11:19 - 2016-03-21 10:48 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\curriculum
2016-03-17 10:39 - 2016-03-17 10:39 - 00463569 _____ C:\Documents and Settings\Administrator\Desktop\curriculum davide 2016.pdf
2016-03-17 09:42 - 2016-03-17 09:42 - 00000000 _____ C:\ctapi_out_gr.txt
2016-03-16 16:11 - 2016-03-16 15:55 - 01000960 _____ C:\Documents and Settings\Administrator\Desktop\Network Configuration Plan_VDS_Sicilia_A05_Enna_v1.8.xls
2016-03-16 16:02 - 2016-03-16 16:05 - 00000024 _____ C:\Documents and Settings\Administrator\Desktop\telecom.txt
2016-03-15 21:01 - 2016-03-15 21:02 - 1635127114 _____ C:\Documents and Settings\Administrator\My Documents\Magic in the Moonlight (2014) 1080p ENG-ITA MultiSub x264 BluRay [email protected]
2016-03-10 09:37 - 2016-03-14 12:41 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\materiale tesi
2016-03-09 19:10 - 2016-03-15 19:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-05 12:44 - 2016-03-20 14:33 - 00065536 _____ C:\WINDOWS.0\system32\config\ODiag.evt
2016-03-05 12:44 - 2016-03-05 12:44 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Office
2016-03-05 12:44 - 2016-03-05 12:44 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Office
2016-03-05 12:44 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\msonpmon.dll
2016-03-05 12:41 - 2016-03-05 12:41 - 00000000 ____D C:\Program Files\Microsoft Works
2016-03-05 12:41 - 2016-03-05 12:41 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2016-03-05 12:41 - 2016-03-05 12:41 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-05 12:37 - 2016-03-05 12:37 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-03-05 12:36 - 2016-03-05 12:45 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2016-03-05 12:36 - 2016-03-05 12:45 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2016-03-05 12:36 - 2016-03-05 12:41 - 00000000 ____D C:\WINDOWS.0\SHELLNEW
2016-03-05 12:36 - 2016-03-05 12:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2016-03-05 12:35 - 2016-03-05 12:35 - 00000000 __RHD C:\MSOCache
2016-02-28 16:04 - 2016-02-28 16:04 - 00000291 _____ C:\Documents and Settings\Administrator\Desktop\Schermo.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 12:20 - 2014-04-28 14:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-21 12:19 - 2015-11-16 01:37 - 00000000 ____D C:\WINDOWS.0\TEMP
2016-03-21 12:18 - 2014-04-28 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-03-21 12:16 - 2015-11-16 01:56 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\UltraZip
2016-03-21 12:16 - 2015-11-16 01:56 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\UltraZip
2016-03-21 12:14 - 2015-05-28 19:03 - 00000330 _____ C:\WINDOWS.0\Tasks\GlaryInitialize 5.job
2016-03-21 12:13 - 2016-02-13 10:03 - 00001148 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 12:13 - 2015-05-28 19:01 - 00000000 ____D C:\Program Files\Glary Utilities 5
2016-03-21 12:13 - 2014-04-28 14:42 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2016-03-21 12:12 - 2016-02-18 22:46 - 00065536 _____ C:\WINDOWS.0\system32\config\Nano.evt
2016-03-21 12:12 - 2014-04-28 14:43 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-21 12:12 - 2014-04-28 14:42 - 00032616 _____ C:\WINDOWS.0\SchedLgU.Txt
2016-03-21 12:09 - 2014-04-28 16:19 - 00000000 ____D C:\WINDOWS.0\system32
2016-03-21 12:08 - 2016-02-13 10:03 - 00001152 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 10:18 - 2014-04-28 14:43 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-03-20 14:54 - 2014-04-28 16:19 - 00000000 ____D C:\WINDOWS.0
2016-03-20 14:33 - 2014-04-28 14:43 - 00000000 ____D C:\Documents and Settings\Administrator
2016-03-20 14:33 - 2014-04-28 14:35 - 00065536 _____ C:\WINDOWS.0\system32\config\Internet.evt
2016-03-20 13:59 - 2016-01-20 23:17 - 00000000 ____D C:\WINDOWS.0\Minidump
2016-03-20 02:16 - 2014-04-28 14:43 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-03-17 10:43 - 2015-12-01 11:38 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\desktop hp nov 2015
2016-03-17 10:17 - 2014-05-08 08:33 - 00150528 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-16 15:54 - 2015-11-16 01:30 - 00000000 ____D C:\Program Files\UltraZip
2016-03-16 10:51 - 2015-11-16 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\UltraZipTemp
2016-03-16 10:51 - 2015-11-16 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\UltraZipTemp
2016-03-16 10:46 - 2016-01-08 20:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-15 23:49 - 2014-05-01 11:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2016-03-15 10:24 - 2016-02-13 10:05 - 00001817 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:24 - 2016-02-13 10:05 - 00001817 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:24 - 2016-02-13 10:05 - 00001811 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
2016-03-14 09:09 - 2016-01-04 14:58 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\bicchieri
2016-03-10 09:02 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2016-03-10 09:01 - 2016-01-08 21:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-09 11:58 - 2016-01-08 21:08 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Silverlight
2016-03-09 11:58 - 2016-01-08 21:08 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Silverlight
2016-03-06 10:24 - 2015-04-27 11:41 - 00000000 ____D C:\Program Files\Dropbox
2016-03-05 12:41 - 2015-10-13 09:09 - 00000000 ____D C:\Program Files\MSBuild
2016-03-05 12:41 - 2014-05-06 18:56 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-05 12:41 - 2014-04-28 16:26 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-05 12:40 - 2014-04-28 16:19 - 00000000 ____D C:\WINDOWS.0\pchealth
2016-03-05 12:37 - 2014-04-28 14:33 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-05 12:37 - 2008-04-14 13:00 - 00000582 _____ C:\WINDOWS.0\win.ini
2016-03-05 12:25 - 2015-04-27 11:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox
2016-03-05 12:24 - 2016-02-18 18:53 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-03-05 12:24 - 2015-12-04 14:36 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg
2016-03-05 12:24 - 2015-12-04 14:36 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg
2016-03-05 12:21 - 2014-05-12 15:14 - 00000682 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
2016-03-05 12:19 - 2015-05-28 19:03 - 00000761 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Glary Utilities 5.lnk
2016-03-05 12:19 - 2015-05-28 19:03 - 00000761 _____ C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Glary Utilities 5.lnk
2016-03-05 12:19 - 2015-05-28 19:03 - 00000755 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Glary Utilities 5.lnk
2016-03-05 12:15 - 2014-05-01 11:35 - 00000719 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\VLC media player.lnk
2016-03-05 10:30 - 2016-01-20 20:03 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\i 2 laboratori
2016-02-27 20:37 - 2014-06-24 00:14 - 00007783 _____ C:\Documents and Settings\Administrator\Desktop\acroos the uniiverse.wpl
2016-02-27 20:36 - 2014-04-28 14:43 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2016-02-27 20:29 - 2014-05-15 19:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Spotify
2016-02-27 20:28 - 2014-05-15 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify
2016-02-20 10:41 - 2010-01-06 21:32 - 00000325 ___SH C:\boot.ini
2016-02-20 10:41 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS.0\system.ini
2016-02-20 09:22 - 2015-04-27 11:43 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox

==================== Files in the root of some directories =======

2015-07-16 01:30 - 2015-07-16 01:31 - 6420480 _____ () C:\Program Files\GUT141.tmp
2014-05-08 08:33 - 2016-03-17 10:17 - 0150528 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-13 09:51 - 2015-10-13 09:51 - 0000888 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
2016-02-18 21:02 - 2016-02-18 21:03 - 0000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\{F634DD48-6375-4E8C-AE8E-2A13A0758859}

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS.0\explorer.exe => File is digitally signed
C:\WINDOWS.0\system32\winlogon.exe => File is digitally signed
C:\WINDOWS.0\system32\svchost.exe => File is digitally signed
C:\WINDOWS.0\system32\services.exe => File is digitally signed
C:\WINDOWS.0\system32\User32.dll => File is digitally signed
C:\WINDOWS.0\system32\userinit.exe => File is digitally signed
C:\WINDOWS.0\system32\rpcss.dll => File is digitally signed
C:\WINDOWS.0\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS.0\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

File Allegato

Addition.txt
(Number of downloads: 96)

mcliven

Posted on 24/3/2016, 23:37

User deleted

ciao davidinop85 hai il file hosts infetto prova a scaricare questo tool clicca su Restore MS Hosts File e poi su su Make read only
chiudi il programma e riavvia

fai una scansione con FARBAR RECOVERY SCAN TOOL trovi le istruzioni in questa guida

allega i due log

mcliven

Posted on 25/3/2016, 12:22

User deleted

scusa non avevo visto lo spoiler

esegui quel tool che ti ho linkato nel post precedente poi scarica il file in allegato sul desktop, apri il programma frst e premi fix - allega il log fixlog.txt

prima di eseguire la procedura con frst trascina il programma dalla cartella Downloads al desktop

Edited by mcliven - 25/3/2016, 22:25

File Allegato

fixlist.txt
(Number of downloads: 81)

tremebondo

Posted on 19/7/2016, 16:22

User deleted

Ciao a tutti,
ho il problema dell'apertura della pagina ad.zanox. Ho fatto diverse scansioni con antivirus (tra cui adwcleaner) ma non risolvo il problema. Ho windows 10, cosa devo fare? Intanto allego il log di FRST.
Grazie mille.

Edited by tremebondo - 19/7/2016, 17:52

File Allegato

FRST.txt
(Number of downloads: 109)

tremebondo

Posted on 19/7/2016, 16:58

User deleted

aggiungo il file addition.

File Allegato

Addition.txt
(Number of downloads: 143)

Carlo Galli1

Posted on 27/7/2016, 14:37

User deleted

Ciao ragazzi,purtroppo anche io ho il problema che mi si apre adzanox e mi manda su meetic.it o williamhill
ho provato un sacco di programmi e procedure,mi potete aiutare?

noto che FBDOWNLOADER c'è ma non tra i programmi installati e non riesco a eliminarlo,ho chrome che va anche piano.
ho usato una miriade di programmi,ma da dove lo prendo questo "virus" ?

allelo log

File Allegato

FRST.txt
(Number of downloads: 69)

vicky67

Posted on 27/7/2016, 18:56

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

Ciao Carlo
Disinstalla ultrazip.
Disinstalla e reinstalla chrome.
Facci sapere se il problema è risolto

Carlo Galli1

Posted on 27/7/2016, 19:26

User deleted

purtroppo no,mi esce sempre questo

[SPOILER][/SPOILER]# AdwCleaner v5.201 - File registro eventi creato 27/07/2016 a 20:18:48
# Aggiornato 30/06/2016 by ToolsLib
# Database : 2016-07-27.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (X64)
# Nome utente : Utente - UTENTE-PC
# In esecuzione da : C:\Users\Utente\Desktop\PROCEDURA ADWARE MALWARE\4 adwcleaner_5.201.exe
# Opzione : Scansione
# Supporto : https://toolslib.net/forum

***** [ Servizi ] *****

***** [ Cartelle ] *****

***** [ File ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Collegamenti ] *****

***** [ Attività pianificate ] *****

***** [ Registro ] *****

***** [ Browser web ] *****

[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Trovato : hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7577 byte] - [19/07/2016 17:34:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [1531 byte] - [27/07/2016 10:02:45]
C:\AdwCleaner\AdwCleaner[C3].txt - [1819 byte] - [27/07/2016 11:23:17]
C:\AdwCleaner\AdwCleaner[C4].txt - [1990 byte] - [27/07/2016 14:38:26]
C:\AdwCleaner\AdwCleaner[C5].txt - [1971 byte] - [27/07/2016 16:31:49]
C:\AdwCleaner\AdwCleaner[R0].txt - [10419 byte] - [19/11/2014 19:00:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [8534 byte] - [19/11/2014 19:09:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [7806 byte] - [19/07/2016 17:08:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [7878 byte] - [19/07/2016 17:30:51]
C:\AdwCleaner\AdwCleaner[S3].txt - [1354 byte] - [27/07/2016 09:55:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1498 byte] - [27/07/2016 10:10:05]
C:\AdwCleaner\AdwCleaner[S5].txt - [1570 byte] - [27/07/2016 10:29:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [1642 byte] - [27/07/2016 11:14:52]
C:\AdwCleaner\AdwCleaner[S7].txt - [1813 byte] - [27/07/2016 14:34:53]
C:\AdwCleaner\AdwCleaner[S8].txt - [1957 byte] - [27/07/2016 16:20:11]
C:\AdwCleaner\AdwCleaner[S9].txt - [1951 byte] - [27/07/2016 20:18:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2023 byte] ##########

vicky67

Posted on 28/7/2016, 05:26

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

Puoi rieseguire nuovamente una scansione con frst mettendo la spunta a additional.txt ed allegando i 2 log
(Avevi disinstallato chrome?)

Carlo Galli1

Posted on 28/7/2016, 17:39

User deleted

si si ho seguita la procedura da te suggerita:
ecco i nuovi risultati

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by Utente (2016-07-28 18:33:52)
Running from C:\Users\Utente\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-04-26 19:57:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2058689014-2298015885-3016078390-500 - Administrator - Disabled)
Guest (S-1-5-21-2058689014-2298015885-3016078390-501 - Limited - Disabled)
Utente (S-1-5-21-2058689014-2298015885-3016078390-1000 - Administrator - Enabled) => C:\Users\Utente

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2058689014-2298015885-3016078390-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Dropbox (HKU\S-1-5-21-2058689014-2298015885-3016078390-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Fitbit Connect (HKLM-x32\...\{A10EAD43-3001-4D46-8103-42705B02D0F4}) (Version: 2.0.1.6742 - Fitbit Inc.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Free Studio version 5.7.6.1015 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.6.1015 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}) (Version: - Microsoft)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version: - Microsoft)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 it)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{919635D1-5C0D-4B64-B724-BDDB31D11040}) (Version: 8.10.214 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058689014-2298015885-3016078390-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03400B64-A4A9-4DE3-BD22-4C7189512335} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {169E9858-4E82-4E63-9CF5-3AFA07F67EF8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {1E082DFE-DF72-41AA-872B-5F09D79147EF} - System32\Tasks\SafeZone scheduled Autoupdate 1468353288 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {74B81E6F-7DF3-43F7-80BE-4D2944BCCEBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2058689014-2298015885-3016078390-1000UA => C:\Users\Utente\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {75EA2972-E9EF-4A6A-9E81-2D5A01DF68B5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-23] (AVAST Software)
Task: {9214B8E1-7D5C-4144-A4AB-AD1F0E05C8E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {9E327F53-4226-4503-8111-59324F71008B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {ACF4E261-695D-4AA3-80E2-04A39B9A3633} - System32\Tasks\{5D580839-2304-489B-B82F-24C2F4040ADE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/it/abandoninstall?source=lightinstaller&page=tsBing
Task: {AD724E75-10C3-4BC2-8999-97407FD56D69} - System32\Tasks\{59509A9A-9E25-46C0-9E86-107762BD95E1} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B75ABAA4-053A-44E3-B3F0-79D1DF3D763A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2058689014-2298015885-3016078390-1000Core => C:\Users\Utente\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {BEEB4C85-2311-428E-8F3C-5E66BD9584C5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-12] (AVAST Software)
Task: {BF60D256-7909-47D3-A419-2F49D006B260} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {C4E224C2-4912-42EA-B3F2-A4645557A78F} - System32\Tasks\{99E9CC73-7C34-4E87-A3D4-3E271549E907} => pcalua.exe -a C:\Users\Utente\Desktop\chromeinstall-8u40.exe -d C:\Users\Utente\Desktop
Task: {ED1BF79B-DEED-4F3D-884D-81E2213DCA50} - System32\Tasks\{5F3428D2-2D6B-45CC-8C97-D6A1EAA21A75} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2058689014-2298015885-3016078390-1000Core.job => C:\Users\Utente\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2058689014-2298015885-3016078390-1000UA.job => C:\Users\Utente\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-12 18:39 - 2016-07-12 18:39 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-27 20:17 - 2016-07-27 20:17 - 03001856 _____ () C:\Program Files\AVAST Software\Avast\defs\16072706\algo.dll
2016-07-28 18:30 - 2016-07-28 18:30 - 03002368 _____ () C:\Program Files\AVAST Software\Avast\defs\16072801\algo.dll
2016-07-12 18:39 - 2016-07-12 18:39 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-07-12 18:40 - 2016-07-12 18:40 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-12 18:27 - 2016-06-07 03:58 - 00034768 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-07-12 18:31 - 2016-06-07 03:58 - 00134088 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-07-12 18:31 - 2016-06-07 03:59 - 00019408 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-07-12 18:31 - 2016-06-07 03:58 - 00116688 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-07-12 18:27 - 2016-06-07 03:58 - 00093640 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-07-12 18:27 - 2016-06-07 03:58 - 00018376 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\select.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00019760 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00105928 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-07-12 18:31 - 2016-06-07 03:58 - 00392144 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-07-12 18:27 - 2016-07-05 20:00 - 00381752 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-07-12 18:27 - 2016-06-07 03:58 - 00692688 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-07-12 18:31 - 2016-07-05 19:59 - 00020816 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-07-12 18:27 - 2016-06-07 03:59 - 00123856 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-07-12 18:31 - 2016-07-05 19:59 - 01682760 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-07-12 18:31 - 2016-07-05 19:59 - 00020808 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00021840 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00052024 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00038696 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-07-12 18:31 - 2016-06-07 04:00 - 00020936 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00024528 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00114640 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00124880 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00021832 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00024016 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00175560 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00030160 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00043472 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00048592 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00023872 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00026456 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00057808 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00024016 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-07-12 18:31 - 2016-07-05 19:59 - 00246592 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00028616 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00020800 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00019776 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00020800 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-07-12 18:27 - 2016-06-07 03:58 - 00134608 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-07-12 18:31 - 2016-06-07 03:59 - 00240584 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-07-12 18:31 - 2016-07-05 19:59 - 00020280 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00023376 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00350152 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00022352 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00024392 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-07-12 18:31 - 2016-06-07 04:01 - 00036296 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\librsync.dll
2016-07-12 18:31 - 2016-07-05 20:00 - 00084280 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-12 18:31 - 2016-07-05 20:00 - 01826096 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-07-12 18:27 - 2016-06-07 03:59 - 00083912 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\sip.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 03928880 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 01971504 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00531248 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00132912 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00223544 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00207672 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-07-12 18:27 - 2016-06-07 04:00 - 00060880 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-07-12 18:27 - 2016-07-05 20:00 - 00024904 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00546096 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-07-12 18:31 - 2016-07-05 20:00 - 00357680 _____ () C:\Users\Utente\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-07-27 15:48 - 00000698 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2058689014-2298015885-3016078390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: bdruninstaller => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F6000BD-EA6F-4E3C-95AD-19AF01DE5115}] => (Allow) C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A6886241-D975-4B68-9636-B865868848D7}] => (Allow) C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2CDE3158-4496-4077-AF01-5E3B486D659F}C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CF6F37D5-C67C-4312-800C-969F85EF43A5}C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CB9BC3DA-6999-45DE-931C-A45F9A8E126B}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4E09FE62-E860-4FD9-A22F-F02CCADE37E5}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9BE799A1-3A3C-4ACE-8366-605A1840D148}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9FCEAED8-0A0A-408F-9842-FC2A6D1E4088}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A3F0FF48-C5D8-4038-8819-79046387E792}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0DBB86A0-E1D6-4D36-81A6-F14F03D60D41}] => (Allow) C:\Users\Utente\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{41627F7D-047B-4CAD-95F6-BECB94991F82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{73DE0F9E-0B8D-47BE-8447-AF7401C1DBA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{708DA3B9-834D-43F4-93E9-B592CB6F3DF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69354203-C233-4BDA-984A-D62E3C4D3A66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F9EC4A02-07A0-4559-9D7F-9389E28F38F1}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{0894A704-11B6-4B82-A3F2-CB6DBF81DEE0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{EB9459E2-5E5C-423D-8F12-490E645F3645}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{06D6D5CB-9FB6-41C2-90CA-FFF36B4E03A5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{42CEDAAD-88FC-420D-A463-4C466BC18EFD}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98CF64D5-5CE3-463D-885C-C4BAB4228350}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD0DC317-2D98-40FE-B26B-877D2DA8103C}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6F05462-F0E2-41E9-959A-035A077DEBF7}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C8EDCEB-6211-41ED-B431-9EFAB01D325B}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{002255DC-6E49-4A51-B5B0-EA22DE16AE9C}] => (Allow) C:\Users\Utente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{378F89A0-C69F-4FBC-A265-A4BD86272C4A}C:\users\utente\appdata\local\temp\rar$ex00.941\formatfactory_setup_manager.exe] => (Allow) C:\users\utente\appdata\local\temp\rar$ex00.941\formatfactory_setup_manager.exe
FirewallRules: [UDP Query User{13B52E5B-19A0-4425-9B43-613062C64089}C:\users\utente\appdata\local\temp\rar$ex00.941\formatfactory_setup_manager.exe] => (Allow) C:\users\utente\appdata\local\temp\rar$ex00.941\formatfactory_setup_manager.exe
FirewallRules: [TCP Query User{B5829450-D772-4677-BA43-A2C35FF8EF19}C:\users\utente\appdata\local\temp\rar$ex00.909\formatfactory_setup_manager.exe] => (Allow) C:\users\utente\appdata\local\temp\rar$ex00.909\formatfactory_setup_manager.exe
FirewallRules: [UDP Query User{9990DA23-5403-45C9-BC17-94373713D80A}C:\users\utente\appdata\local\temp\rar$ex00.909\formatfactory_setup_manager.exe] => (Allow) C:\users\utente\appdata\local\temp\rar$ex00.909\formatfactory_setup_manager.exe
FirewallRules: [{A4C9D1A7-CA77-4922-A4AB-45909E4D15B3}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{F6AC4700-9E53-49EC-8737-E35090C25027}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A8AA5325-E8EE-4EC0-933C-2D2AD422AB37}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EC57EBDC-4E25-4D45-A344-DF260884117C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{BED415E1-0BE0-4526-8C16-D19ECDB10F4F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{37290517-5620-43BD-91C3-EC7DBF332CDB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8AC61D02-8C9F-4BEC-A8CF-B6BBF73B388A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{584894BD-47B3-401D-95AB-D4E69583EB02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-07-2016 18:38:48 Punto di controllo pianificato
27-07-2016 11:02:35 JRT Pre-Junkware Removal
27-07-2016 20:20:23 ASU_MSI_TRAN

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2016 07:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8112

Error: (07/27/2016 07:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8112

Error: (07/27/2016 07:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2016 07:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5616

Error: (07/27/2016 07:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5616

Error: (07/27/2016 07:50:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2016 07:50:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2948

Error: (07/27/2016 07:50:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2948

Error: (07/27/2016 07:50:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2016 07:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5626769

System errors:
=============
Error: (07/28/2016 06:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Avira Real-Time Protection non è stato avviato per il seguente errore:
%%2 = Impossibile trovare il file specificato.

Error: (07/28/2016 06:27:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Avira Pianificatore non è stato avviato per il seguente errore:
%%2 = Impossibile trovare il file specificato.

Error: (07/27/2016 08:36:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Windows Update terminato con l'errore:
%%-2147467243 = La classe è configurata per l'esecuzione con un ID di sicurezza (SID) diverso dal chiamante

Error: (07/27/2016 08:33:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Avira Real-Time Protection non è stato avviato per il seguente errore:
%%2 = Impossibile trovare il file specificato.

Error: (07/27/2016 08:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Avira Pianificatore non è stato avviato per il seguente errore:
%%2 = Impossibile trovare il file specificato.

Error: (07/27/2016 08:29:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Installer è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.

Error: (07/27/2016 08:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Servizio Google Update (gupdate). Questo evento si è già verificato 1 volta(e).

Error: (07/27/2016 08:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Servizio iPod. Questo evento si è già verificato 1 volta(e).

Error: (07/27/2016 08:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Machine Debug Manager. Questo evento si è già verificato 1 volta(e).

Error: (07/27/2016 08:29:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Fitbit Connect Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio.

CodeIntegrity:
===================================
Date: 2016-07-28 18:27:35.142
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\avipbb.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-28 18:27:35.142
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\avkmgr.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-28 18:27:34.908
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-28 18:27:34.830
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-28 18:26:16.783
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-27 20:32:31.660
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\avipbb.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-27 20:32:31.660
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\avkmgr.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-27 20:32:31.442
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-27 20:32:31.395
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2016-07-27 20:31:14.799
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 65%
Total physical RAM: 3070.06 MB
Available physical RAM: 1064.16 MB
Total Virtual: 6138.3 MB
Available Virtual: 4118.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.82 GB) (Free:131.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BF4BA55E)
Partition 1: (Active) - (Size=71 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

File Allegato

FRST.txt
(Number of downloads: 73)

vicky67

Posted on 29/7/2016, 05:25

Master Malware Expert