-
Diego Sichera.
User deleted
Buongiorno, pare purtroppo che ci risiamo. Stamani ho scaricato un file su una chiavetta e me lo ha dato infettato.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Diego (administrator) on DIEGO-PC (24-11-2017 10:04:58)
Running from C:UsersDiegoDesktop
Loaded Profiles: Diego (Available Profiles: Diego)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmc.exe
(Symantec Corporation) C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe
(Intel Corporation) C:WindowsSystem32igfxsrvc.exe
(Intel Corporation) C:WindowsSystem32igfxpers.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(Microsoft Corporation) C:WindowsSystem32wscript.exe
(Marvell Semiconductor, Inc.) C:Program FilesHewlett-PackardPrnStatusMXPrnStatusMX.exe
(Microsoft Corporation) C:WindowsSysWOW64svchost.exe
(Nokia) C:Program Files (x86)NokiaNokia PC Suite 7PCSuite.exe
(Symantec Corporation) C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmcGui.exe
(Hewlett-Packard Company) C:Program Files (x86)HPCommonHPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:Program FilesInteliCLS ClientHeciServer.exe
(Symantec Corporation) C:Program Files (x86)Common FilesSymantec SharedccApp.exe
(Hewlett-Packard) C:Program Files (x86)HPHP Software Updatehpwuschd2.exe
(Symantec Corporation) C:Program Files (x86)SymantecSymantec Endpoint ProtectionRtvscan.exe
(Hewlett-Packard) C:Program Files (x86)HPDigital ImagingbinHpqSRmon.exe
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(Symantec Corporation) C:Program Files (x86)SymantecSymantec Endpoint ProtectionProtectionUtilSurrogate.exe
(Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Intel Corporation) C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
(Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Intel Corporation) C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Microsoft Corporation) C:WindowsSysWOW64dllhost.exe
(Hewlett-Packard) D:Setup.exe
(Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAcroRd32.exe
(Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAcroRd32.exe
(Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAcroCEFRdrCEF.exe
(Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAcroCEFRdrCEF.exe
(Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAcroCEFRdrCEF.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
"Path" (C:Program Files (x86)PC Connectivity Solution;C:Program FilesCommon FilesMicrosoft SharedWindows Live;C:Program Files (x86)Common FilesMicrosoft SharedWindows Live;C:ProgramDataOracleJavajavapath;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)IntelOpenCL SDK3.0binx86;C:Program Files (x86)IntelOpenCL SDK3.0binx64;C:Program FilesIntelIntel(R) Management Engine ComponentsDAL;C:Program FilesIntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)Windows LiveShared;C:Program Files (x86)Calibre2 -> C:Program Files (x86)PC Connectivity Solution;C:Program FilesCommon FilesMicrosoft SharedWindows Live;C:Program Files (x86)Common FilesMicrosoft SharedWindows Live;C:ProgramDataOracleJavajavapath;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SystemRoot%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)IntelOpenCL SDK3.0binx86;C:Program Files (x86)IntelOpenCL SDK3.0binx64;C:Program FilesIntelIntel(R) Management Engine ComponentsDAL;C:Program FilesIntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)Windows LiveShared;C:Program Files (x86)Calibre2) <==== Repaired successfully
HKLM...Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM...Run: [IAStorIcon] => C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM...Run: [Microsoft Excel] => wscript.exe //B "C:UsersDiegoAppDataRoamingMicrosoft Office\Microsoft Excel.WsF"
HKLM...Run: [PrnStatusMX] => C:Program FilesHewlett-PackardPrnStatusMXPrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32...Run: [ccApp] => C:Program Files (x86)Common FilesSymantec SharedccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32...Run: [HP Software Update] => C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32...Run: [] => [X]
HKLM-x32...Run: [GrooveMonitor] => C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32...Run: [BlueStacks Agent] => C:Program Files (x86)BlueStacksHD-Agent.exe
HKLM-x32...Run: [hpqSRMon] => C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32...Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [587288 2017-09-05] (Oracle Corporation)
WinlogonNotifyigfxcui: C:WindowsSystem32igfxdev.dll (Intel Corporation)
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
HKUS-1-5-21-3891566836-2767221216-2343420741-1000...Run: [Adobe Reader Synchronizer] => C:UsersDiegoDesktopprogrammiAdobeReader 11.0ReaderAdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKUS-1-5-21-3891566836-2767221216-2343420741-1000...Run: [PC Suite Tray] => C:Program Files (x86)NokiaNokia PC Suite 7PCSuite.exe [1516632 2012-06-26] (Nokia)
HKUS-1-5-21-3891566836-2767221216-2343420741-1000...Run: [Microsoft Excel] => wscript.exe //B "C:UsersDiegoAppDataRoamingMicrosoft Office\Microsoft Excel.WsF"
HKUS-1-5-21-3891566836-2767221216-2343420741-1000...MountPoints2: {315dce90-5159-11e4-80ea-806e6f6e6963} - D:ASRSetup.exe
HKUS-1-5-21-3891566836-2767221216-2343420741-1000...MountPoints2: {d52e11c6-512a-11e4-9076-806e6f6e6963} - D:setup.exe
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma Loader.lnk [2017-03-06]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHP Digital Imaging Monitor.lnk [2017-11-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (Hewlett-Packard Co.)
CHR HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.1.1
TcpipParameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip..Interfaces{CAFB6284-F786-42BC-B30D-6602670D906D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.com
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = www.google.com
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.com
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page = www.google.com
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.com
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.com
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.google.com
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = www.google.com
HKUS-1-5-21-3891566836-2767221216-2343420741-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKUS-1-5-21-3891566836-2767221216-2343420741-1000SoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKUS-1-5-21-3891566836-2767221216-2343420741-1000 -> {E25C2999-5CE8-438D-BE18-0444C379C042} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:Program Files (x86)IObitIObit UninstallerUninstallExplorer.dll [2015-09-21] (IObit)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_151binssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_151binjp2ssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile:
FF DefaultProfile: lnzbe8wg.default-1494090878924
FF ProfilePath: C:UsersDiegoAppDataRoamingMozillaFirefoxProfileslnzbe8wg.default-1494090878924 [2017-11-24]
FF Extension: (Adblock Plus) - C:UsersDiegoAppDataRoamingMozillaFirefoxProfileslnzbe8wg.default-1494090878924Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Disable Media WMF NV12 format) - C:UsersDiegoAppDataRoamingMozillaFirefoxProfileslnzbe8wg.default-1494090878924features{38d628b0-0ab3-424e-8876-b27d6bffa4b3}[email protected] [2017-11-22] [Lagacy]
FF HKLM-x32...FirefoxExtensions: [[email protected]] - C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2017-11-09] [Lagacy] [not signed]
FF HKUS-1-5-21-3891566836-2767221216-2343420741-1000...FirefoxExtensions: [[email protected]] - C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:Program FilesMicrosoft Silverlight5.1.50907.0npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:WindowsSysWOW64AdobeDirectornp32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:Program Files (x86)Javajre1.8.0_151bindtpluginnpDeployJava1.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:Program Files (x86)Javajre1.8.0_151binplugin2npjp2.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:Program Files (x86)Microsoft Silverlight5.1.50907.0npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:UsersDiegoAppDataRoamingVisanpluginsnpRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-3891566836-2767221216-2343420741-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:UsersDiegoAppDataRoamingVisanpluginsnpRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
Chrome:
=======
CHR dev: Chrome dev build detected! <==== ATTENTION
CHR HKLM-x32...ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Fast search) - C:UsersDiegoAppDataRoamingOpera SoftwareOpera StableExtensionspbdpajcdgknpendpmecafmopknefafha [2017-02-03]
StartMenuInternet: (HKLM) OperaStable - C:Program Files (x86)OperaLauncher.exe hxxp://www.oursurfing.com/?type=sc&ts=1446929402&z=a658e861475b977b05dc680g1zez8qdt3o4t9cbb3g&from=nsbit&uid=MAXTORXSTM3250310AS_6RYBFHG5XXXX6RYBFHG5
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ccEvtMgr; C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 HPSupportSolutionsFrameworkService; C:Program Files (x86)HpCommonHPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:Program FilesInteliCLS ClientHeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:Program FilesInteliCLS ClientSocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 LiveUpdate; C:Program Files (x86)SymantecLiveUpdateLuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MBAMService; C:Program FilesMalwarebytesAnti-Malwarembamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:Windowssystem32HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:Windowssystem32HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 SmcService; C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:Program Files (x86)SymantecSymantec Endpoint ProtectionSNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:Program Files (x86)SymantecSymantec Endpoint ProtectionRtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S3 WinDefend; C:Program FilesWindows Defendermpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S2 ADSafeSvc; C:Program Files (x86)ADSafeADSafeSvc.exe [X]
S2 HPSLPSVC; C:UsersDiegoAppDataLocalTemp7zS6EC3hpslpsvc64.dll [X] <==== ATTENTION
S2 jhi_service; "C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe" [X]
S2 LMS; "C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AFS; C:WindowsSysWow64DriversAFS.sys [77004 2017-11-14] (Oak Technology Inc.) [File not signed]
R0 DMProtectEx; C:WindowsSystem32driversDMProtectEx64.sys [232192 2015-12-03] (Shanghai Damo Network Sci. & Tech. Co. Ltd.)
S3 DMRedirect; C:Windowssystem32driversDMRedirect.sys [49920 2015-12-03] (Billion)
R1 eeCtrl; C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R0 iaStorF; C:WindowsSystem32DRIVERSiaStorF.sys [28656 2013-04-30] (Intel Corporation)
R0 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [253880 2017-11-16] (Malwarebytes)
R3 NAVENG; C:ProgramDataSymantecDefinitionsVirusDefs20150105.019eng64.sys [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:ProgramDataSymantecDefinitionsVirusDefs20150105.019ex64.sys [2137304 2014-09-24] (Symantec Corporation)
S3 SNPSTD3; C:WindowsSystem32DRIVERSsnpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R1 SRTSP; C:WindowsSystem32DriversSRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:WindowsSysWOW64DriversSRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:WindowsSystem32DriversSRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:WindowsSysWOW64DriversSRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:WindowsSystem32DriversSRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:WindowsSysWOW64DriversSRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:Windowssystem32DriversSYMEVENT64x86.SYS [172592 2014-10-11] (Symantec Corporation)
R3 Teefer2; C:WindowsSystem32DRIVERSteefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 VBoxNetAdp; C:WindowsSystem32DRIVERSVBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:WindowsSystem32DRIVERSVBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:WindowsSystem32DriversVBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
R1 WPS; C:Windowssystem32driverswpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:Windowssystem32driversWpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 VGPU; System32driversrdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 10:04 - 2017-11-24 10:05 - 000021297 _____ C:UsersDiegoDesktopFRST.txt
2017-11-24 10:04 - 2017-11-24 10:04 - 000000000 ____D C:UsersDiegoDesktopFRST-OlderVersion
2017-11-24 07:26 - 2017-11-24 07:26 - 001054835 _____ C:UsersDiegoDownloadsHOTEL.ES_LIBRO DE TEXTO.pdf
2017-11-23 22:04 - 2017-11-23 22:04 - 000000000 ____D C:UsersDiegoDownloadsFilm_iTALiAN_completo_HDrip_720p[TeamPremium]
2017-11-23 21:41 - 2017-10-17 23:14 - 000000123 _____ C:UsersDiegoDownloadsScarica Password Link.url
2017-11-23 10:47 - 2017-11-23 10:58 - 1576883245 _____ C:UsersDiegoDownloadsIl Libro della Giungla (2016).ita.eng.sub.ita.iCV-MIRCrew.mkv
2017-11-22 10:01 - 2017-11-22 10:01 - 000000000 _____ C:t14g.2
2017-11-22 10:01 - 2017-11-22 10:01 - 000000000 _____ C:t14g.1
2017-11-19 14:56 - 2017-11-19 16:50 - 000000000 ____D C:UsersDiegoDownloadsBlack Country Communion_discography_mp3_
2017-11-19 08:14 - 2017-11-19 08:14 - 000000235 _____ C:UsersDiegoAppDataRoamingdevices.xml
2017-11-19 08:14 - 2017-11-19 08:14 - 000000012 _____ C:UsersDiegoAppDataRoamingsettings.xml
2017-11-16 21:05 - 2017-11-16 21:05 - 000253880 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys
2017-11-14 22:23 - 2017-11-19 16:29 - 000000000 ____D C:UsersDiegoDesktopHP
2017-11-14 21:50 - 2017-11-14 21:50 - 000000000 ____D C:Program FilesHewlett-Packard
2017-11-14 21:50 - 2012-12-07 13:28 - 000053248 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32CP1215EWS.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000552448 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32HPIPMX.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000231936 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32HPIPMXRes.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000182784 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32CP1215LI.DLL
2017-11-14 21:50 - 2012-07-04 15:43 - 000175104 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32CP1215LM.DLL
2017-11-14 21:50 - 2012-07-04 15:43 - 000139264 _____ (Marvell Semiconductor, Inc.) C:Windowssystem32HPMCoSetup.dll
2017-11-14 19:55 - 2017-11-14 19:55 - 000077004 _____ (Oak Technology Inc.) C:WindowsSysWOW64DriversAFS.SYS
2017-11-14 19:55 - 2017-11-14 19:55 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHewlett-Packard
2017-11-14 14:52 - 2017-11-14 14:53 - 002306152 _____ C:UsersDiegoDownloadshppiw software installazione stampante.exe
2017-11-14 13:41 - 2017-11-14 13:41 - 000001867 _____ C:UsersPublicDesktopMalwarebytes.lnk
2017-11-14 13:41 - 2017-11-14 13:41 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes
2017-11-14 13:41 - 2017-11-01 08:54 - 000077432 _____ C:Windowssystem32Driversmbae64.sys
2017-11-14 13:40 - 2017-11-14 13:40 - 000000000 ____D C:ProgramDataMB3CoreBackup
2017-11-13 18:00 - 2017-11-13 18:00 - 000002008 _____ C:UsersDiegoDocumentsHP Print and Scan Doctor.lnk
2017-11-13 17:45 - 2017-11-13 17:52 - 000000000 ____D C:UsersDiegoAppDataLocalIIIQF
2017-11-13 10:51 - 2017-11-13 10:51 - 001013221 _____ C:UsersDiegoDownloadsil medioevo-la fauna.pdf
2017-11-13 08:57 - 2017-11-13 08:57 - 000001178 _____ C:UsersDiegoDesktopEroe Per Caso copia finale corretta 19-08-2017 - collegamento.lnk
2017-11-09 11:26 - 2017-11-09 11:26 - 000001433 _____ C:UsersDiegoDocumentsCentro soluzioni HP.lnk
2017-11-09 11:26 - 2017-11-09 11:26 - 000000000 ____D C:ProgramDataHP Product Assistant
2017-11-09 11:24 - 2010-01-06 14:33 - 000138752 _____ (Hewlett-Packard Company) C:Windowssystem32hpf3l101.dll
2017-11-09 11:23 - 2017-11-09 11:27 - 000180354 _____ C:Windowshpoins51.dat
2017-11-09 11:23 - 2010-05-28 19:42 - 000000572 ____N C:Windowshpomdl51.dat
2017-11-09 11:23 - 2010-01-21 10:03 - 001412224 _____ (Hewlett-Packard Co.) C:Windowssystem32hpost_p04h.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 001179776 _____ (Hewlett-Packard) C:Windowssystem32hposwia_p04h.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 000643200 _____ (Hewlett-Packard) C:Windowssystem32hpzids40.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 000525440 _____ (Hewlett-Packard Co.) C:Windowssystem32hposc_p04a.dll
2017-11-09 11:21 - 2017-11-09 11:22 - 157187048 _____ C:UsersDiegoDownloadsPS_AIO_07_B010_NonNet_Full_Win_WW_140_276-4.exe
2017-11-09 10:59 - 2017-11-09 10:59 - 000000000 ____D C:UsersDiegoAppDataRoamingHPPSDr
2017-11-09 10:47 - 2017-11-15 14:19 - 000004476 _____ C:WindowsSystem32TasksAdobe Acrobat Update Task
2017-11-09 10:47 - 2017-11-09 10:47 - 000000000 ____D C:UsersDiegoAppDataLocalCEF
2017-11-09 10:46 - 2017-11-15 14:19 - 000002441 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2017-11-09 10:46 - 2017-11-09 10:46 - 000002047 _____ C:UsersDiegoDocumentsAcrobat Reader DC.lnk
2017-11-09 10:46 - 2017-11-09 10:46 - 000000000 ____D C:Program Files (x86)Adobe
2017-11-09 10:42 - 2017-11-09 10:42 - 000846443 _____ C:UsersDiegoDownloadsmanuale HP psc1215
2017-10-30 14:30 - 2017-10-30 14:30 - 027694559 _____ C:UsersDiegoDownloadsAVSVideoEditorHelp.pdf
2017-10-29 19:17 - 2017-10-29 19:17 - 000673921 _____ C:UsersDiegoDownloadsQG_RE_Login.pdf
2017-10-26 12:14 - 2017-10-26 12:14 - 000003142 _____ C:WindowsSystem32Tasks{0F18A180-D047-4637-AB0D-4F0E85D594B5}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 10:04 - 2017-06-08 23:23 - 002393088 _____ (Farbar) C:UsersDiegoDesktopFRST64.exe
2017-11-24 10:04 - 2017-06-08 23:23 - 000000000 ____D C:FRST
2017-11-24 10:03 - 2017-08-21 22:48 - 000000000 ____D C:UsersDiegoDownloadsFRST-OlderVersion
2017-11-24 09:43 - 2015-04-24 15:00 - 000741290 _____ C:Windowssystem32perfh00C.dat
2017-11-24 09:43 - 2015-04-24 15:00 - 000150656 _____ C:Windowssystem32perfc00C.dat
2017-11-24 09:43 - 2015-04-24 14:48 - 000741030 _____ C:Windowssystem32perfh00A.dat
2017-11-24 09:43 - 2015-04-24 14:48 - 000159550 _____ C:Windowssystem32perfc00A.dat
2017-11-24 09:43 - 2015-04-24 08:26 - 000412352 _____ C:Windowssystem32perfh011.dat
2017-11-24 09:43 - 2015-04-24 08:26 - 000123176 _____ C:Windowssystem32perfc011.dat
2017-11-24 09:43 - 2010-11-21 16:30 - 000744868 _____ C:Windowssystem32perfh010.dat
2017-11-24 09:43 - 2010-11-21 16:30 - 000148728 _____ C:Windowssystem32perfc010.dat
2017-11-24 09:43 - 2009-07-14 06:13 - 003999414 _____ C:Windowssystem32PerfStringBackup.INI
2017-11-24 09:43 - 2009-07-14 04:20 - 000000000 ____D C:Windowsinf
2017-11-24 09:31 - 2016-11-18 11:02 - 000000000 ____D C:UsersDiegoAppDataLocalLowMozilla
2017-11-24 09:22 - 2015-10-06 16:23 - 000000000 ____D C:UsersDiego.VirtualBox
2017-11-24 09:20 - 2009-07-14 05:45 - 000026576 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-24 09:20 - 2009-07-14 05:45 - 000026576 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-24 08:29 - 2009-07-14 06:08 - 000000006 ____H C:WindowsTasksSA.DAT
2017-11-23 23:28 - 2014-10-12 12:34 - 000000000 ____D C:UsersDiegoAppDataRoaminguTorrent
2017-11-23 23:28 - 2014-10-11 22:52 - 000000000 ____D C:UsersDiegoDesktopvideo anime
2017-11-23 23:27 - 2017-07-28 22:28 - 000000000 ____D C:UsersDiegoAppDataRoamingvlc
2017-11-23 10:32 - 2016-03-20 14:02 - 000000000 ____D C:UsersDiegoAppDataLocalLowuTorrent
2017-11-21 21:52 - 2014-10-12 11:33 - 000000000 ____D C:UsersDiegoDesktopmusica
2017-11-19 23:58 - 2015-06-10 17:07 - 000046054 _____ C:UsersDiegoDesktopdatabase DVD anime.xlsx
2017-11-19 14:29 - 2014-10-27 14:30 - 000000000 ____D C:UsersDiegoDesktopmusica anime
2017-11-17 09:02 - 2017-09-29 19:51 - 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2017-11-17 09:02 - 2017-09-29 19:51 - 000000000 ____D C:Program Files (x86)Mozilla Firefox
2017-11-16 22:06 - 2014-10-11 14:08 - 000000000 ____D C:UsersDiegoAppDataRoamingMozilla
2017-11-16 21:53 - 2014-11-11 23:58 - 000000270 __RSH C:ProgramDatantuser.pol
2017-11-14 19:55 - 2015-05-11 16:59 - 000000000 ____D C:Program Files (x86)Hewlett-Packard
2017-11-14 19:51 - 2009-07-14 03:34 - 000000810 _____ C:Windowswin.ini
2017-11-14 17:34 - 2013-12-26 18:02 - 000803328 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2017-11-14 17:34 - 2013-12-26 18:02 - 000144896 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2017-11-14 17:34 - 2013-12-26 18:02 - 000004460 _____ C:WindowsSystem32TasksAdobe Flash Player Updater
2017-11-14 17:34 - 2013-12-26 18:02 - 000000000 ____D C:WindowsSysWOW64Macromed
2017-11-14 17:34 - 2013-12-26 18:02 - 000000000 ____D C:Windowssystem32Macromed
2017-11-14 16:01 - 2017-06-20 20:03 - 000000000 ____D C:UsersDiegoAppDataLocalElevatedDiagnostics
2017-11-14 14:37 - 2014-10-11 10:21 - 000000000 ____D C:UsersDiegoAppDataRoamingAdobe
2017-11-14 14:37 - 2013-12-26 18:19 - 000000000 ____D C:ProgramDataAdobe
2017-11-14 13:25 - 2014-10-06 10:23 - 000000000 ____D C:UsersDiegoDesktopImmagini
2017-11-13 17:52 - 2017-10-06 18:32 - 000002904 _____ C:WindowsSystem32TasksUninstaller_SkipUac_Diego
2017-11-13 08:42 - 2014-10-12 11:04 - 000000000 ____D C:UsersDiegoDesktopracconto
2017-11-09 18:14 - 2014-11-29 17:34 - 000000000 ____D C:Program FilesMicrosoft Silverlight
2017-11-09 18:14 - 2014-11-29 17:34 - 000000000 ____D C:Program Files (x86)Microsoft Silverlight
2017-11-09 12:04 - 2014-11-29 17:34 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Silverlight
2017-11-09 12:00 - 2014-10-11 10:15 - 000113840 _____ C:UsersDiegoAppDataLocalGDIPFONTCACHEV1.DAT
2017-11-09 11:59 - 2009-07-14 05:45 - 000450232 _____ C:Windowssystem32FNTCACHE.DAT
2017-11-09 11:27 - 2015-03-06 12:03 - 000000000 ____D C:Program Files (x86)HP
2017-11-09 11:27 - 2014-11-25 18:10 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHP
2017-11-09 11:26 - 2015-08-18 16:24 - 000001439 _____ C:ProgramDataMicrosoftWindowsStart MenuCentro soluzioni HP.lnk
2017-11-09 11:26 - 2015-03-06 12:02 - 000000000 ____D C:ProgramDataHP
2017-11-09 10:59 - 2015-03-06 12:11 - 000000000 ____D C:UsersDiegoAppDataLocalHP
2017-11-09 10:47 - 2014-10-11 10:21 - 000000000 ____D C:UsersDiegoAppDataLocalAdobe
2017-11-06 23:11 - 2014-10-11 10:15 - 000000000 ____D C:UsersDiego
2017-11-06 23:09 - 2016-04-12 09:47 - 000000000 ____D C:UsersDiegoAppDataRoamingMicrosoft Office
2017-11-06 23:09 - 2015-05-13 14:08 - 000000000 ____D C:UsersDiegoAppDataRoamingHP Photo Creations
2017-11-06 23:09 - 2009-07-14 04:20 - 000000000 ____D C:Windowsregistration
2017-10-26 12:13 - 2014-10-23 10:48 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2017-10-26 12:13 - 2014-10-23 10:48 - 000000000 ____D C:Program Files (x86)Java
2017-10-26 12:13 - 2014-10-11 11:20 - 000000000 ____D C:ProgramDataOracle
2017-10-26 12:12 - 2014-10-23 10:48 - 000097856 _____ (Oracle Corporation) C:WindowsSysWOW64WindowsAccessBridge-32.dll
2017-10-25 09:08 - 2009-07-14 06:08 - 000032556 _____ C:WindowsTasksSCHEDLGU.TXT
==================== Files in the root of some directories =======
2017-03-06 15:40 - 2017-03-06 15:40 - 000001290 _____ () C:Program Files (x86)metadata
2017-03-06 15:40 - 2017-03-06 15:40 - 000000040 _____ () C:Program Files (x86)settings.dat
2017-11-19 08:14 - 2017-11-19 08:14 - 000000235 _____ () C:UsersDiegoAppDataRoamingdevices.xml
2014-09-01 09:18 - 2014-09-01 09:18 - 000002086 _____ () C:UsersDiegoAppDataRoamingFJPZBC
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:UsersDiegoAppDataRoamingHLJFJQ
2014-10-17 22:18 - 2017-06-21 22:04 - 000006391 _____ () C:UsersDiegoAppDataRoamingPrimoPDFSet.xml
2017-11-19 08:14 - 2017-11-19 08:14 - 000000012 _____ () C:UsersDiegoAppDataRoamingsettings.xml
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:UsersDiegoAppDataRoamingUBEJ
2015-02-14 18:34 - 2015-02-15 14:46 - 000000066 _____ () C:UsersDiegoAppDataRoamingWB.CFG
2015-11-17 14:49 - 2015-12-02 20:40 - 000000119 _____ () C:UsersDiegoAppDataRoamingMicrosoft{F703E141-EA90-418B-AC1B-BE05A07FD209}
2015-11-19 19:05 - 2015-12-09 23:39 - 000008704 _____ () C:UsersDiegoAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 22:20 - 2014-10-12 22:20 - 000627560 _____ (CMI Limited) C:UsersDiegoAppDataLocalnspFB7.tmp
Some files in TEMP:
====================
2017-11-09 11:00 - 2017-11-13 17:59 - 011097040 _____ () C:UsersDiegoAppDataLocalTempHPInstaller.exe
2017-10-26 12:11 - 2017-10-26 12:11 - 001856576 _____ (Oracle Corporation) C:UsersDiegoAppDataLocalTempjre-8u151-windows-au.exe
2017-11-10 18:11 - 2009-11-18 02:15 - 000878432 _____ (Microsoft Corporation) C:UsersDiegoAppDataLocalTempMSNBD9C.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed
LastRegBack: 2017-11-19 09:24
==================== End of FRST.txt ============================
questo è di stamattina, spero tu possa aiutarmi, grazie.. -
.
Ciao diego sichera
Rifai la scansione di frst....e riposta il log
nel log mancano tutte le / tra una parola e l altra...
Grazie ciao. -
Diego Sichera.
User deleted
L'ho rifatto ora, spero vada bene.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Diego (administrator) on DIEGO-PC (24-11-2017 14:33:29)
Running from C:\Users\Diego\Desktop\FRST-OlderVersion
Loaded Profiles: Diego (Available Profiles: Diego)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Adobe Reader Synchronizer] => C:\Users\Diego\Desktop\programmi\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {315dce90-5159-11e4-80ea-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {d52e11c6-512a-11e4-9076-806e6f6e6963} - D:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-03-06]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-11-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{CAFB6284-F786-42BC-B30D-6602670D906D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3891566836-2767221216-2343420741-1000 -> {E25C2999-5CE8-438D-BE18-0444C379C042} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-21] (IObit)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile:
FF DefaultProfile: lnzbe8wg.default-1494090878924
FF ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\lnzbe8wg.default-1494090878924 [2017-11-24]
FF Extension: (Adblock Plus) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\lnzbe8wg.default-1494090878924\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\lnzbe8wg.default-1494090878924\features\{38d628b0-0ab3-424e-8876-b27d6bffa4b3}\[email protected] [2017-11-22] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-11-09] [Lagacy] [not signed]
FF HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Diego\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3891566836-2767221216-2343420741-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Diego\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
Chrome:
=======
CHR dev: Chrome dev build detected! <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Fast search) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-02-03]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.oursurfing.com/?type=sc&ts=1446929402&z=a658e861475b977b05dc680g1zez8qdt3o4t9cbb3g&from=nsbit&uid=MAXTORXSTM3250310AS_6RYBFHG5XXXX6RYBFHG5
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSafeSvc.exe [X]
S2 HPSLPSVC; C:\Users\Diego\AppData\Local\Temp\7zS6EC3\hpslpsvc64.dll [X] <==== ATTENTION
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2017-11-14] (Oak Technology Inc.) [File not signed]
R0 DMProtectEx; C:\Windows\System32\drivers\DMProtectEx64.sys [232192 2015-12-03] (Shanghai Damo Network Sci. & Tech. Co. Ltd.)
S3 DMRedirect; C:\Windows\system32\drivers\DMRedirect.sys [49920 2015-12-03] (Billion)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-16] (Malwarebytes)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-09-24] (Symantec Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-10-11] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 10:04 - 2017-11-24 14:33 - 000000000 ____D C:\Users\Diego\Desktop\FRST-OlderVersion
2017-11-24 07:26 - 2017-11-24 07:26 - 001054835 _____ C:\Users\Diego\Downloads\HOTEL.ES_LIBRO DE TEXTO.pdf
2017-11-23 22:04 - 2017-11-23 22:04 - 000000000 ____D C:\Users\Diego\Downloads\Film_iTALiAN_completo_HDrip_720p[TeamPremium]
2017-11-23 21:41 - 2017-10-17 23:14 - 000000123 _____ C:\Users\Diego\Downloads\Scarica Password Link.url
2017-11-23 10:47 - 2017-11-23 10:58 - 1576883245 _____ C:\Users\Diego\Downloads\Il Libro della Giungla (2016).ita.eng.sub.ita.iCV-MIRCrew.mkv
2017-11-22 10:01 - 2017-11-22 10:01 - 000000000 _____ C:\t14g.2
2017-11-22 10:01 - 2017-11-22 10:01 - 000000000 _____ C:\t14g.1
2017-11-19 14:56 - 2017-11-19 16:50 - 000000000 ____D C:\Users\Diego\Downloads\Black Country Communion_discography_mp3_
2017-11-19 08:14 - 2017-11-19 08:14 - 000000235 _____ C:\Users\Diego\AppData\Roaming\devices.xml
2017-11-19 08:14 - 2017-11-19 08:14 - 000000012 _____ C:\Users\Diego\AppData\Roaming\settings.xml
2017-11-16 21:05 - 2017-11-16 21:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-14 22:23 - 2017-11-19 16:29 - 000000000 ____D C:\Users\Diego\Desktop\HP
2017-11-14 21:50 - 2017-11-14 21:50 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-11-14 21:50 - 2012-12-07 13:28 - 000053248 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\CP1215EWS.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000552448 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\HPIPMX.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000231936 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\HPIPMXRes.dll
2017-11-14 21:50 - 2012-07-04 15:43 - 000182784 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\CP1215LI.DLL
2017-11-14 21:50 - 2012-07-04 15:43 - 000175104 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\CP1215LM.DLL
2017-11-14 21:50 - 2012-07-04 15:43 - 000139264 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\HPMCoSetup.dll
2017-11-14 19:55 - 2017-11-14 19:55 - 000077004 _____ (Oak Technology Inc.) C:\Windows\SysWOW64\Drivers\AFS.SYS
2017-11-14 19:55 - 2017-11-14 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2017-11-14 14:52 - 2017-11-14 14:53 - 002306152 _____ C:\Users\Diego\Downloads\hppiw software installazione stampante.exe
2017-11-14 13:41 - 2017-11-14 13:41 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-14 13:41 - 2017-11-14 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-14 13:41 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-14 13:40 - 2017-11-14 13:40 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-13 18:00 - 2017-11-13 18:00 - 000002008 _____ C:\Users\Diego\Documents\HP Print and Scan Doctor.lnk
2017-11-13 17:45 - 2017-11-13 17:52 - 000000000 ____D C:\Users\Diego\AppData\Local\IIIQF
2017-11-13 10:51 - 2017-11-13 10:51 - 001013221 _____ C:\Users\Diego\Downloads\il medioevo-la fauna.pdf
2017-11-13 08:57 - 2017-11-13 08:57 - 000001178 _____ C:\Users\Diego\Desktop\Eroe Per Caso copia finale corretta 19-08-2017 - collegamento.lnk
2017-11-09 11:26 - 2017-11-09 11:26 - 000001433 _____ C:\Users\Diego\Documents\Centro soluzioni HP.lnk
2017-11-09 11:26 - 2017-11-09 11:26 - 000000000 ____D C:\ProgramData\HP Product Assistant
2017-11-09 11:24 - 2010-01-06 14:33 - 000138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2017-11-09 11:23 - 2017-11-09 11:27 - 000180354 _____ C:\Windows\hpoins51.dat
2017-11-09 11:23 - 2010-05-28 19:42 - 000000572 ____N C:\Windows\hpomdl51.dat
2017-11-09 11:23 - 2010-01-21 10:03 - 001412224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04h.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 001179776 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04h.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 000643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2017-11-09 11:23 - 2010-01-21 10:03 - 000525440 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2017-11-09 11:21 - 2017-11-09 11:22 - 157187048 _____ C:\Users\Diego\Downloads\PS_AIO_07_B010_NonNet_Full_Win_WW_140_276-4.exe
2017-11-09 10:59 - 2017-11-09 10:59 - 000000000 ____D C:\Users\Diego\AppData\Roaming\HPPSDr
2017-11-09 10:47 - 2017-11-15 14:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 10:47 - 2017-11-09 10:47 - 000000000 ____D C:\Users\Diego\AppData\Local\CEF
2017-11-09 10:46 - 2017-11-15 14:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-09 10:46 - 2017-11-09 10:46 - 000002047 _____ C:\Users\Diego\Documents\Acrobat Reader DC.lnk
2017-11-09 10:46 - 2017-11-09 10:46 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-09 10:42 - 2017-11-09 10:42 - 000846443 _____ C:\Users\Diego\Downloads\manuale HP psc1215
2017-10-30 14:30 - 2017-10-30 14:30 - 027694559 _____ C:\Users\Diego\Downloads\AVSVideoEditorHelp.pdf
2017-10-29 19:17 - 2017-10-29 19:17 - 000673921 _____ C:\Users\Diego\Downloads\QG_RE_Login.pdf
2017-10-26 12:14 - 2017-10-26 12:14 - 000003142 _____ C:\Windows\System32\Tasks\{0F18A180-D047-4637-AB0D-4F0E85D594B5}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 14:33 - 2017-06-08 23:23 - 000000000 ____D C:\FRST
2017-11-24 12:11 - 2016-11-18 11:02 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\Mozilla
2017-11-24 11:45 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-24 11:45 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-24 11:43 - 2015-04-24 15:00 - 000741290 _____ C:\Windows\system32\perfh00C.dat
2017-11-24 11:43 - 2015-04-24 15:00 - 000150656 _____ C:\Windows\system32\perfc00C.dat
2017-11-24 11:43 - 2015-04-24 14:48 - 000741030 _____ C:\Windows\system32\perfh00A.dat
2017-11-24 11:43 - 2015-04-24 14:48 - 000159550 _____ C:\Windows\system32\perfc00A.dat
2017-11-24 11:43 - 2015-04-24 08:26 - 000412352 _____ C:\Windows\system32\perfh011.dat
2017-11-24 11:43 - 2015-04-24 08:26 - 000123176 _____ C:\Windows\system32\perfc011.dat
2017-11-24 11:43 - 2010-11-21 16:30 - 000744868 _____ C:\Windows\system32\perfh010.dat
2017-11-24 11:43 - 2010-11-21 16:30 - 000148728 _____ C:\Windows\system32\perfc010.dat
2017-11-24 11:43 - 2009-07-14 06:13 - 003999414 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-24 11:43 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-24 11:38 - 2014-10-11 22:52 - 000000000 ____D C:\Users\Diego\Desktop\video anime
2017-11-24 11:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-24 11:09 - 2017-08-23 21:13 - 000000000 ____D C:\Users\Diego\Documents\File FRST
2017-11-24 10:13 - 2017-08-21 22:48 - 000000000 ____D C:\Users\Diego\Downloads\FRST-OlderVersion
2017-11-24 09:22 - 2015-10-06 16:23 - 000000000 ____D C:\Users\Diego\.VirtualBox
2017-11-23 23:28 - 2014-10-12 12:34 - 000000000 ____D C:\Users\Diego\AppData\Roaming\uTorrent
2017-11-23 23:27 - 2017-07-28 22:28 - 000000000 ____D C:\Users\Diego\AppData\Roaming\vlc
2017-11-23 10:32 - 2016-03-20 14:02 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\uTorrent
2017-11-21 21:52 - 2014-10-12 11:33 - 000000000 ____D C:\Users\Diego\Desktop\musica
2017-11-19 23:58 - 2015-06-10 17:07 - 000046054 _____ C:\Users\Diego\Desktop\database DVD anime.xlsx
2017-11-19 14:29 - 2014-10-27 14:30 - 000000000 ____D C:\Users\Diego\Desktop\musica anime
2017-11-17 09:02 - 2017-09-29 19:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-17 09:02 - 2017-09-29 19:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-16 22:06 - 2014-10-11 14:08 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Mozilla
2017-11-16 21:53 - 2014-11-11 23:58 - 000000270 __RSH C:\ProgramData\ntuser.pol
2017-11-14 19:55 - 2015-05-11 16:59 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-11-14 19:51 - 2009-07-14 03:34 - 000000810 _____ C:\Windows\win.ini
2017-11-14 17:34 - 2013-12-26 18:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 17:34 - 2013-12-26 18:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 17:34 - 2013-12-26 18:02 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-14 17:34 - 2013-12-26 18:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-14 17:34 - 2013-12-26 18:02 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-14 16:01 - 2017-06-20 20:03 - 000000000 ____D C:\Users\Diego\AppData\Local\ElevatedDiagnostics
2017-11-14 14:37 - 2014-10-11 10:21 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Adobe
2017-11-14 14:37 - 2013-12-26 18:19 - 000000000 ____D C:\ProgramData\Adobe
2017-11-14 13:25 - 2014-10-06 10:23 - 000000000 ____D C:\Users\Diego\Desktop\Immagini
2017-11-13 17:52 - 2017-10-06 18:32 - 000002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Diego
2017-11-13 08:42 - 2014-10-12 11:04 - 000000000 ____D C:\Users\Diego\Desktop\racconto
2017-11-09 18:14 - 2014-11-29 17:34 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-11-09 18:14 - 2014-11-29 17:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-11-09 12:04 - 2014-11-29 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-09 12:00 - 2014-10-11 10:15 - 000113840 _____ C:\Users\Diego\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-09 11:59 - 2009-07-14 05:45 - 000450232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-09 11:27 - 2015-03-06 12:03 - 000000000 ____D C:\Program Files (x86)\HP
2017-11-09 11:27 - 2014-11-25 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-11-09 11:26 - 2015-08-18 16:24 - 000001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Centro soluzioni HP.lnk
2017-11-09 11:26 - 2015-03-06 12:02 - 000000000 ____D C:\ProgramData\HP
2017-11-09 10:59 - 2015-03-06 12:11 - 000000000 ____D C:\Users\Diego\AppData\Local\HP
2017-11-09 10:47 - 2014-10-11 10:21 - 000000000 ____D C:\Users\Diego\AppData\Local\Adobe
2017-11-06 23:11 - 2014-10-11 10:15 - 000000000 ____D C:\Users\Diego
2017-11-06 23:09 - 2016-04-12 09:47 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Microsoft Office
2017-11-06 23:09 - 2015-05-13 14:08 - 000000000 ____D C:\Users\Diego\AppData\Roaming\HP Photo Creations
2017-11-06 23:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-10-26 12:13 - 2014-10-23 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-26 12:13 - 2014-10-23 10:48 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-26 12:13 - 2014-10-11 11:20 - 000000000 ____D C:\ProgramData\Oracle
2017-10-26 12:12 - 2014-10-23 10:48 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-25 09:08 - 2009-07-14 06:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2017-03-06 15:40 - 2017-03-06 15:40 - 000001290 _____ () C:\Program Files (x86)\metadata
2017-03-06 15:40 - 2017-03-06 15:40 - 000000040 _____ () C:\Program Files (x86)\settings.dat
2017-11-19 08:14 - 2017-11-19 08:14 - 000000235 _____ () C:\Users\Diego\AppData\Roaming\devices.xml
2014-09-01 09:18 - 2014-09-01 09:18 - 000002086 _____ () C:\Users\Diego\AppData\Roaming\FJPZBC
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\Diego\AppData\Roaming\HLJFJQ
2014-10-17 22:18 - 2017-06-21 22:04 - 000006391 _____ () C:\Users\Diego\AppData\Roaming\PrimoPDFSet.xml
2017-11-19 08:14 - 2017-11-19 08:14 - 000000012 _____ () C:\Users\Diego\AppData\Roaming\settings.xml
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\Diego\AppData\Roaming\UBEJ
2015-02-14 18:34 - 2015-02-15 14:46 - 000000066 _____ () C:\Users\Diego\AppData\Roaming\WB.CFG
2015-11-17 14:49 - 2015-12-02 20:40 - 000000119 _____ () C:\Users\Diego\AppData\Roaming\Microsoft\{F703E141-EA90-418B-AC1B-BE05A07FD209}
2015-11-19 19:05 - 2015-12-09 23:39 - 000008704 _____ () C:\Users\Diego\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 22:20 - 2014-10-12 22:20 - 000627560 _____ (CMI Limited) C:\Users\Diego\AppData\Local\nspFB7.tmp
Some files in TEMP:
====================
2017-11-09 11:00 - 2017-11-13 17:59 - 011097040 _____ () C:\Users\Diego\AppData\Local\Temp\HPInstaller.exe
2017-10-26 12:11 - 2017-10-26 12:11 - 001856576 _____ (Oracle Corporation) C:\Users\Diego\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-11-10 18:11 - 2009-11-18 02:15 - 000878432 _____ (Microsoft Corporation) C:\Users\Diego\AppData\Local\Temp\MSNBD9C.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-19 09:24
==================== End of FRST.txt ============================. -
.
Si stavolta va bene....
Non ho il pc adesso appena posso ti fornisco il fix.. -
Diego Sichera.
User deleted
Ti ringrazio, fai pure con comodo. . -
.
Ciao Diego sichera
esegui questi passaggi :
-inserisci la chiavetta
-formatta la chiavetta o se vuoi recuperare i file che ci sono dentro segui la guida https://aiuto-pc.forumfree.it/?t=70998827 partendo dal punto due
-poi metti frst sul desktop assieme al file allegato fixlist.txt (mi raccomando nel desktop)
-apri frst e clicca su fix
-aspetta che finisca e che il pc si riavvi (se non si riavvia in automatico fallo te)
-riformatta la chiavetta per sicurezza
-posta il fixlog mi raccomando
vedi se hai risolto mettendo dei file dentro la chiavetta..File Allegato
. -
Diego Sichera.
User deleted
Ciao, ecco il il fixlog, ho eseguito alla lettera tutto ciò che mi hai indicato perciò...speriamo bene, altrimenti formatto il pc e buonanotte. sono due anni che ci litigo, virus preso dagli appunti di un professore di mia figlia. sono stato in una copisteria e lì mi hanno detto che la pennetta aveva il virus, un antivirus completo, non free, ha questa capacità? Grazie di tutto sei sempre gentilissimo.
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Diego (28-11-2017 13:45:20) Run:6
Running from C:\Users\Diego\Desktop
Loaded Profiles: Diego (Available Profiles: Diego)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {315dce90-5159-11e4-80ea-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {d52e11c6-512a-11e4-9076-806e6f6e6963} - D:\setup.exe
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF
HOSTS:
CMD: ipconfig /flushdns
Reboot:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Excel => value removed successfully
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Excel => value removed successfully
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315dce90-5159-11e4-80ea-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{315dce90-5159-11e4-80ea-806e6f6e6963} => key not found
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d52e11c6-512a-11e4-9076-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{d52e11c6-512a-11e4-9076-806e6f6e6963} => key not found
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF => moved successfully
"C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= ipconfig /flushdns =========
Configurazione IP di Windows
Cache del resolver DNS svuotata.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123438824 B
Java, Flash, Steam htmlcache => 4345 B
Windows/system/drivers => 631881 B
Edge => 0 B
Chrome => 0 B
Firefox => 396290865 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Diego => 2278150821 B
RecycleBin => 11321731171 B
EmptyTemp: => 13.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:47:09 ====. -
.
Verifica se inserendo dei file nella pennetta ti crea piu i collegamneti (se ho capito bene era quello il problema giusto??)....
Fa sapere.... -
Diego Sichera.
User deleted
Ho fatto la verifica su due pennette a caso, nessun segno di collegamenti. Il problema direi che è stato passato da una pennetta al PC e da quel momento è stato una rottura continua. Eri riuscito a sistemarlo ma a quanto pare c'era ancora una pennetta infetta. Ora ho formattatto tutto, prima e dopo, le prove le ho fatte e sembra andar bene tutto, stiamo a vedere. Nel caso formatterei anche il PC, sarà una cosa lunga ma va fatta.
Se le pennette sono a posto, formattando il PC risolverei il problema alla radice... o no... (questo solo se si ripresentasse il virus, altrimenti non farei nulla).
Il problema con la FIXlist dovrebbe essersi risolta anche sul pc, giusto? Grazie ancora una volta per il tuo impegno con noi "Ignoranti" di informatica!!!. -
.
Si se non crea piu i collegamenti hai risolto....
Si il virus dovrebbe essere stato tolto anche dal pc, per vederlo postami il file fixlog.txt...
Non devi formattare per cosi poco,questo genere di virus non è da formattazione...
Poi se è una tua esigenza il format allora bene...
Non cè di che è un piacere poter aiutare...
Ciao per qualsiasi cosa sono qui. -
Diego Sichera.
User deleted
Sì grazie, scusami per il ritardo ma sono stato parecchio impegnato. ecco il fixlog.
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Diego (28-11-2017 13:45:20) Run:6
Running from C:\Users\Diego\Desktop
Loaded Profiles: Diego (Available Profiles: Diego)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {315dce90-5159-11e4-80ea-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\MountPoints2: {d52e11c6-512a-11e4-9076-806e6f6e6963} - D:\setup.exe
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF
HOSTS:
CMD: ipconfig /flushdns
Reboot:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Excel => value removed successfully
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Excel => value removed successfully
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315dce90-5159-11e4-80ea-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{315dce90-5159-11e4-80ea-806e6f6e6963} => key not found
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d52e11c6-512a-11e4-9076-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{d52e11c6-512a-11e4-9076-806e6f6e6963} => key not found
C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF => moved successfully
"C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= ipconfig /flushdns =========
Configurazione IP di Windows
Cache del resolver DNS svuotata.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123438824 B
Java, Flash, Steam htmlcache => 4345 B
Windows/system/drivers => 631881 B
Edge => 0 B
Chrome => 0 B
Firefox => 396290865 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Diego => 2278150821 B
RecycleBin => 11321731171 B
EmptyTemp: => 13.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:47:09 ====. -
.
Vedi se hai risolto con i collegamenti, inserendo qualche file nella penna...
Fa sapere. -
Diego Sichera.
User deleted
Buongiorno, a distanza di sei mesi si è ripresentato il problema dei collegamenti nelle pennette. ne ho messo una formattata nel pc per caricare un file da trasferire e alla fine della copia del file avevo nuovamente il collegamento. ne ho aperta un'altra che aveva usato mia figlia per trasferire delle immagini dal mio pc al suo e anche quella era così. Tu mi dicesti che per così poco non serve formattare ma io mi sto stufando della cosa, non posso sempre romperti le scatole. ecco l'ultima scansione fatta.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Diego (administrator) on DIEGO-PC (16-05-2018 16:06:18)
Running from C:\Users\Diego\Desktop\FRST-Older Version
Loaded Profiles: Diego (Available Profiles: Diego)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Adobe Reader Synchronizer] => C:\Users\Diego\Desktop\programmi\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\Diego\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-03-06]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{CAFB6284-F786-42BC-B30D-6602670D906D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3891566836-2767221216-2343420741-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3891566836-2767221216-2343420741-1000 -> {E25C2999-5CE8-438D-BE18-0444C379C042} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-21] (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-23] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile:
FF DefaultProfile: lnzbe8wg.default-1494090878924
FF ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\lnzbe8wg.default-1494090878924 [2018-05-16]
FF Extension: (Adblock Plus) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\lnzbe8wg.default-1494090878924\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Diego\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3891566836-2767221216-2343420741-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Diego\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Fast search) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-02-03]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.oursurfing.com/?type=sc&ts=1446929402&z=a658e861475b977b05dc680g1zez8qdt3o4t9cbb3g&from=nsbit&uid=MAXTORXSTM3250310AS_6RYBFHG5XXXX6RYBFHG5
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
S2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSafeSvc.exe [X]
S2 HPSLPSVC; C:\Users\Diego\AppData\Local\Temp\7zS6EC3\hpslpsvc64.dll [X] <==== ATTENTION
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
S2 WinPwRecoveryToolService; C:\Program Files (x86)\Windows Password Recovery Tool Ultimate\TenorshareWinPwRecoveryToolService [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 DMProtectEx; C:\Windows\System32\drivers\DMProtectEx64.sys [232192 2015-12-03] (Shanghai Damo Network Sci. & Tech. Co. Ltd.)
S3 DMRedirect; C:\Windows\system32\drivers\DMRedirect.sys [49920 2015-12-03] (Billion)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-26] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-09-24] (Symantec Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-10-11] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-16 14:44 - 2018-05-16 14:44 - 000093076 _____ C:\Users\Diego\Downloads\SICHERA 11.05.2018.pdf
2018-05-16 14:44 - 2018-05-16 14:44 - 000093076 _____ C:\Users\Diego\Downloads\SICHERA 11.05.2018(3).pdf
2018-05-16 14:44 - 2018-05-16 14:44 - 000093076 _____ C:\Users\Diego\Downloads\SICHERA 11.05.2018(2).pdf
2018-05-16 14:44 - 2018-05-16 14:44 - 000093076 _____ C:\Users\Diego\Downloads\SICHERA 11.05.2018(1).pdf
2018-05-16 11:03 - 2018-05-16 11:03 - 000000000 ____D C:\Program Files (x86)\FreeGamePick
2018-05-16 11:02 - 2018-05-16 11:02 - 005554352 _____ ( ) C:\Users\Diego\Downloads\8-ball-pool.exe
2018-05-16 10:49 - 2018-05-16 10:49 - 002307464 _____ ( ) C:\Users\Diego\Downloads\8-ball-pool_3777183855.exe
2018-05-14 23:56 - 2018-05-01 21:32 - 1359734298 _____ C:\Users\Diego\Desktop\Outrage.Coda.2017.BDRip.AC3.ITA.CB01.avi
2018-05-14 20:48 - 2008-08-18 18:18 - 000077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2018-05-14 20:47 - 2018-05-14 20:47 - 001786936 _____ ( ) C:\Users\Diego\Downloads\aTube_Catcher_0326908548.exe
2018-05-06 12:47 - 2018-05-06 12:47 - 000685333 _____ C:\Users\Diego\Downloads\Sostanze pure e miscugli.pdf
2018-05-06 00:23 - 2018-05-09 08:54 - 000001415 _____ C:\Users\Diego\Desktop\L'Intruso.lnk
2018-05-05 10:25 - 2018-05-05 11:10 - 3738552320 ____R C:\Users\Diego\Downloads\Windows.7.Starter.x86.iso
2018-04-22 18:00 - 2018-04-22 18:00 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Yahoo!
2018-04-22 17:59 - 2018-04-22 18:00 - 000176793 _____ C:\Windows\hphins32.dat
2018-04-22 17:59 - 2010-02-13 04:59 - 000000558 ____N C:\Windows\hphmdl32.dat
2018-04-22 17:59 - 2008-12-16 18:18 - 000145408 _____ (Hewlett-Packard Company) C:\Windows\system32\hpfll6en.dll
2018-04-22 17:58 - 2008-10-30 10:46 - 000362328 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2018-04-22 17:57 - 2018-04-22 17:58 - 119958240 _____ C:\Users\Diego\Downloads\DJ_SF_05_D2600_NonNet_Full_Win_WW_140_049-4.exe
2018-04-16 17:00 - 2018-04-16 17:00 - 000096256 _____ C:\Users\Diego\Downloads\fattura luce mamma stefania.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-16 16:06 - 2017-11-24 11:04 - 000000000 ____D C:\Users\Diego\Desktop\FRST-Older Version
2018-05-16 16:06 - 2017-06-09 00:23 - 000000000 ____D C:\FRST
2018-05-16 15:59 - 2015-04-24 16:00 - 000741290 _____ C:\Windows\system32\perfh00C.dat
2018-05-16 15:59 - 2015-04-24 16:00 - 000150656 _____ C:\Windows\system32\perfc00C.dat
2018-05-16 15:59 - 2015-04-24 15:48 - 000741030 _____ C:\Windows\system32\perfh00A.dat
2018-05-16 15:59 - 2015-04-24 15:48 - 000159550 _____ C:\Windows\system32\perfc00A.dat
2018-05-16 15:59 - 2015-04-24 09:26 - 000412352 _____ C:\Windows\system32\perfh011.dat
2018-05-16 15:59 - 2015-04-24 09:26 - 000123176 _____ C:\Windows\system32\perfc011.dat
2018-05-16 15:59 - 2010-11-21 17:30 - 000744868 _____ C:\Windows\system32\perfh010.dat
2018-05-16 15:59 - 2010-11-21 17:30 - 000148728 _____ C:\Windows\system32\perfc010.dat
2018-05-16 15:59 - 2009-07-14 07:13 - 003999414 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-16 15:59 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-05-16 14:57 - 2016-11-18 12:02 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\Mozilla
2018-05-16 10:52 - 2015-10-06 17:23 - 000000000 ____D C:\Users\Diego\.VirtualBox
2018-05-16 10:38 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-16 10:38 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-16 10:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 21:51 - 2017-07-28 23:28 - 000000000 ____D C:\Users\Diego\AppData\Roaming\vlc
2018-05-15 21:51 - 2014-10-11 23:52 - 000000000 ____D C:\Users\Diego\Desktop\video anime
2018-05-15 21:33 - 2017-11-24 15:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 21:33 - 2017-11-09 11:47 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-14 20:48 - 2018-01-21 23:44 - 000001190 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2018-05-14 20:48 - 2018-01-21 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2018-05-14 20:43 - 2014-10-12 12:33 - 000000000 ____D C:\Users\Diego\Desktop\musica
2018-05-11 02:30 - 2018-01-01 12:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-11 02:30 - 2018-01-01 12:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-10 22:15 - 2014-10-06 11:23 - 000000000 ____D C:\Users\Diego\Desktop\Immagini
2018-05-10 17:37 - 2014-10-12 12:04 - 000000000 ____D C:\Users\Diego\Desktop\racconto
2018-05-08 23:50 - 2014-10-06 11:21 - 000000000 ____D C:\Users\Diego\Desktop\immag. anime
2018-05-08 18:34 - 2018-03-14 20:34 - 000004610 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-08 18:34 - 2013-12-26 19:02 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 18:34 - 2013-12-26 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 18:34 - 2013-12-26 19:02 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 18:34 - 2013-12-26 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-08 18:34 - 2013-12-26 19:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-07 07:35 - 2018-02-06 00:18 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-05-06 00:36 - 2014-10-12 13:34 - 000000000 ____D C:\Users\Diego\AppData\Roaming\uTorrent
2018-05-05 10:12 - 2016-03-20 15:02 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\uTorrent
2018-05-01 12:03 - 2014-10-11 11:21 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Adobe
2018-05-01 12:03 - 2013-12-26 19:19 - 000000000 ____D C:\ProgramData\Adobe
2018-04-23 12:38 - 2014-10-23 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-23 12:38 - 2014-10-23 11:48 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-23 12:37 - 2014-10-23 11:48 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-04-22 20:53 - 2014-10-11 11:15 - 000113456 _____ C:\Users\Diego\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-22 20:51 - 2009-07-14 06:45 - 000441624 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-22 20:45 - 2014-11-25 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-04-22 20:44 - 2015-03-06 13:03 - 000000000 ____D C:\Program Files (x86)\HP
2018-04-22 20:44 - 2015-03-06 13:02 - 000000000 ____D C:\ProgramData\HP
2018-04-22 20:42 - 2017-10-06 19:32 - 000002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Diego
2018-04-22 18:00 - 2015-05-11 17:59 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-04-18 21:48 - 2018-02-06 19:31 - 000000000 ___HD C:\ProgramData\CanonIJMIG
==================== Files in the root of some directories =======
2017-03-06 16:40 - 2017-03-06 16:40 - 000001290 _____ () C:\Program Files (x86)\metadata
2017-03-06 16:40 - 2017-03-06 16:40 - 000000040 _____ () C:\Program Files (x86)\settings.dat
2017-11-19 09:14 - 2017-11-19 09:14 - 000000235 _____ () C:\Users\Diego\AppData\Roaming\devices.xml
2014-09-01 10:18 - 2014-09-01 10:18 - 000002086 _____ () C:\Users\Diego\AppData\Roaming\FJPZBC
2014-09-01 10:18 - 2014-09-01 10:18 - 000001248 _____ () C:\Users\Diego\AppData\Roaming\HLJFJQ
2014-10-17 23:18 - 2018-04-11 18:06 - 000006464 _____ () C:\Users\Diego\AppData\Roaming\PrimoPDFSet.xml
2017-11-19 09:14 - 2017-11-19 09:14 - 000000012 _____ () C:\Users\Diego\AppData\Roaming\settings.xml
2014-09-01 10:18 - 2014-09-01 10:18 - 000001248 _____ () C:\Users\Diego\AppData\Roaming\UBEJ
2015-02-14 19:34 - 2015-02-15 15:46 - 000000066 _____ () C:\Users\Diego\AppData\Roaming\WB.CFG
2015-11-17 15:49 - 2015-12-02 21:40 - 000000119 _____ () C:\Users\Diego\AppData\Roaming\Microsoft\{F703E141-EA90-418B-AC1B-BE05A07FD209}
2015-11-19 20:05 - 2015-12-10 00:39 - 000008704 _____ () C:\Users\Diego\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 23:20 - 2014-10-12 23:20 - 000627560 _____ (CMI Limited) C:\Users\Diego\AppData\Local\nspFB7.tmp
Some files in TEMP:
====================
2017-12-08 15:06 - 2017-12-08 15:06 - 011097040 _____ () C:\Users\Diego\AppData\Local\Temp\HPInstaller.exe
2018-01-26 14:24 - 2018-01-26 14:24 - 001864256 _____ (Oracle Corporation) C:\Users\Diego\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-23 12:36 - 2018-04-23 12:36 - 001884616 _____ (Oracle Corporation) C:\Users\Diego\AppData\Local\Temp\jre-8u171-windows-au.exe
2013-04-10 06:25 - 2013-04-10 06:25 - 001044048 ____N (CANON INC.) C:\Users\Diego\AppData\Local\Temp\MSETUP4.EXE
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-08 13:31
==================== End of FRST.txt ============================. -
.
Ciao Diego sichera
esegui questi passaggi :
-inserisci la chiavetta
-formatta la chiavetta o se vuoi recuperare i file che ci sono dentro segui la guida https://aiuto-pc.forumfree.it/?t=70998827 partendo dal punto due
-poi metti frst sul desktop assieme al file allegato fixlist.txt (mi raccomando nel desktop)
-apri frst e clicca su fix
-aspetta che finisca e che il pc si riavvi (se non si riavvia in automatico fallo te)
-riformatta la chiavetta per sicurezza
-posta il fixlog mi raccomando
vedi se hai risolto mettendo dei file dentro la chiavetta..File Allegato
. -
Diego Sichera.
User deleted
Ho fatto quello indicato ma quando clicco su fix mi dice: Fixlist non trovato. Sono uno di fianco all'altro sul desktop!
Ho provato a eliminare tutto ciò che avevo di FRST vecchi e altri fixlist precedenti ma non funziona ugualmente.
Domanda: se ho diverse pennette cosa devo fare? ripeto per "x" volte lo stesso procedimento formattandole tutte per poi far partire il fixlog oppure no?.
(RISOLTO) virus collegamenti su pennette |
