ciao Danilo, grazie per la risposa, ho fatto tutto quello che c'è indicato. ti giro i report
1) malware byte non ha trovato alcuna minaccia
***************************************
2)adw cleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: (Cloud)
# Support:
https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-20-2018
# Duration: 00:01:01
# OS: Windows 10 Home
# Cleaned: 22
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Public\Pokki
Deleted C:\Program Files\Booking.com
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler
***** [ Registry ] *****
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\Amazon 1Button App Service
Deleted HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A1097E3-B44E-40CD-BF45-0E0597B2B62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
***** [ Chromium (and derivatives) ] *****
Deleted Amazon Assistant for Chrome
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock
AdwCleaner_Debug.log - [17345 octets] - [20/09/2018 15:53:23]
AdwCleaner[S00].txt - [3470 octets] - [20/09/2018 15:55:06]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
*******************
3)rogue killer
RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Gratuito) di Adlice Software
posta :
http://www.adlice.com/contact/
Commenti :
https://forum.adlice.com
Sito Web :
http://www.adlice.com/download/roguekiller/
Discussione :
http://www.adlice.com
Sistema Operativo : Windows 10 (10.0.17134) 64 bits version
Iniziato in : Modalità Normale
Utente : manu [Amministratore]
Iniziato da : C:\Users\manu\Downloads\RogueKiller_portable64.exe
Modalità : Scansione -- Data : 09/20/2018 16:21:59 (Durata : 01:46:08)
¤¤¤ Processi : 0 ¤¤¤
¤¤¤ Registro : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
http://acer15.msn.com/?pc=ACTE -> Trovato
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
http://acer15.msn.com/?pc=ACTE -> Trovato
¤¤¤ Attività : 0 ¤¤¤
¤¤¤ Archivi : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Archivio Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤
¤¤¤ Web Browser : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Amazon Assistant for Chrome [pbjikboenpfhbbejgkoklgkhjpfogcam] -> Trovato
¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] a96436fae8184cc377b3ba44f44b63e7
[BSP] 86dc774a608e7ea45f82b297193dcd05 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 476322 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 975747072 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK
*******************************
4)FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by manu (administrator) on LAPTOP-GSCBSUE1 (20-09-2018 18:20:12)
Running from C:\Users\manu\Desktop
Loaded Profiles: manu (Available Profiles: manu)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-23] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-01-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2437920 2017-10-02] (Acer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{848d29fb-5e62-47ce-aa9f-34e821114d16}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{ffeefb1b-1d4e-4699-b213-ba737a2d15f2}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
Edge:
======
Edge Session Restore: HKU\S-1-5-21-3776255190-1875878540-3223138195-1001 -> is enabled.
FireFox:
========
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\
abb-acer@amazon.com [2016-04-01] [Legacy]
FF Extension: (Italiano (IT) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\
langpack-it@firefox.mozilla.org [2016-04-01] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\
partnerdefaults@mozilla.com [2016-04-01] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.it/
CHR Profile: C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default [2018-09-20]
CHR Extension: (Presentazioni) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-20]
CHR Extension: (Documenti) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-20]
CHR Extension: (Google Drive) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19]
CHR Extension: (YouTube) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-19]
CHR Extension: (Fogli) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-20]
CHR Extension: (Blocco dei Popup) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-17]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2018-03-20]
CHR Extension: (Superblock - Adblocker) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\miijbmhjndcihicbljlcieiajhemmdeb [2018-03-23]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-09-20]
CHR Extension: (Gmail) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19]
CHR Extension: (Popup Blocker) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjolhppbbmaffkmidmihgjgcohhdnjfn [2017-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-20]
CHR Profile: C:\Users\manu\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-23] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-30] (Windows (R) Win 7 DDK provider) [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-08-23] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-09-17] (EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-11] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-11] (Acer Incorporated)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-09-17] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmdag.sys [36566432 2017-10-24] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmpag.sys [537504 2017-10-24] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [84224 2015-08-22] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-01-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [199712 2018-08-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229384 2018-08-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201320 2018-08-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59568 2018-08-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-21] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249016 2018-08-23] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163392 2018-09-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111864 2018-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87904 2018-08-31] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381560 2018-08-23] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320176 2018-01-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-01-24] (Advanced Micro Devices)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-09-20] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [175288 2015-04-14] (ELAN Microelectronic Corp.)
R3 Kb9xI2c; C:\WINDOWS\System32\drivers\Kb9xI2c.sys [37888 2015-05-19] (ENE TECHNOLOGY INC.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21408 2016-03-11] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-09-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-09-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-09-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-09-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-09-20] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14752 2016-03-11] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-02-06] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2018-01-24] (Realsil Semiconductor Corporation)
R0 stormmc; C:\WINDOWS\System32\drivers\stormmc.sys [43912 2018-01-24] (Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-20 18:20 - 2018-09-20 18:22 - 000015455 _____ C:\Users\manu\Desktop\FRST.txt
2018-09-20 18:20 - 2018-09-20 18:20 - 000000000 ____D C:\FRST
2018-09-20 18:18 - 2018-09-20 18:18 - 002413568 _____ (Farbar) C:\Users\manu\Desktop\FRST64.exe
2018-09-20 18:14 - 2018-09-20 18:14 - 000003578 _____ C:\Users\manu\Desktop\rogue.txt
2018-09-20 16:22 - 2018-09-20 16:22 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-09-20 16:20 - 2018-09-20 18:15 - 000000000 ____D C:\ProgramData\RogueKiller
2018-09-20 16:16 - 2018-09-20 16:16 - 000003470 _____ C:\Users\manu\Desktop\AdwCleaner[C00].txt
2018-09-20 16:14 - 2018-09-20 16:15 - 027149880 _____ (Adlice Software) C:\Users\manu\Downloads\RogueKiller_portable64.exe
2018-09-20 15:51 - 2018-09-20 15:56 - 000000000 ____D C:\AdwCleaner
2018-09-20 15:48 - 2018-09-20 15:48 - 007571152 _____ (Malwarebytes) C:\Users\manu\Downloads\adwcleaner_7.2.3.1.exe
2018-09-20 13:07 - 2018-09-20 13:07 - 000000000 ____D C:\Users\manu\AppData\Roaming\Google
2018-09-19 09:31 - 2018-09-19 09:31 - 000054281 _____ C:\Users\manu\Desktop\terza rata 18.pdf
2018-09-17 23:17 - 2018-09-17 23:17 - 000001971 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-09-17 23:01 - 2018-08-23 00:04 - 000379608 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-09-17 22:58 - 2018-09-20 16:02 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-17 22:57 - 2018-09-17 22:57 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-17 22:56 - 2018-09-17 22:56 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-17 22:56 - 2018-09-17 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-17 22:56 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-17 22:55 - 2018-09-17 22:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-17 22:55 - 2018-09-17 22:55 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-17 22:48 - 2018-09-17 22:49 - 076534856 _____ (Malwarebytes ) C:\Users\manu\Downloads\mb3-setup-35891.35891-3.5.1.2522-1.0.365-1.0.5292.exe
2018-09-17 12:42 - 2018-09-20 16:04 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-09-17 12:40 - 2018-09-17 23:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-09-17 12:40 - 2018-09-17 12:40 - 000001059 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-09-17 12:40 - 2018-09-17 12:40 - 000000000 ____D C:\sh5ldr
2018-09-17 12:40 - 2018-09-17 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-09-17 12:36 - 2018-09-17 12:36 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-09-17 12:10 - 2018-09-17 17:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-09-10 16:25 - 2018-09-10 16:25 - 000053760 _____ C:\Users\manu\Downloads\MovimentiCC_2018_09_10_1536589550050.xls
2018-09-10 16:22 - 2018-09-10 16:22 - 000057344 _____ C:\Users\manu\Downloads\MovimentiCC_2018_09_10_1536589331874.xls
2018-08-28 22:41 - 2018-09-17 10:54 - 000000000 ____D C:\Users\manu\AppData\Local\D3DSCache
2018-08-28 11:50 - 2018-08-28 11:50 - 000000000 ____D C:\Users\manu\Desktop\CELL20180828
2018-08-26 09:03 - 2018-08-26 22:33 - 000000000 ____D C:\Users\manu\AppData\Local\PlaceholderTileLogoFolder
2018-08-21 23:24 - 2018-08-21 23:24 - 000000000 ____D C:\ProgramData\Packages
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-20 18:12 - 2018-08-17 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-20 17:17 - 2018-08-17 07:12 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{372954F5-818B-4C55-BE48-E01A266760F7}
2018-09-20 16:36 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-20 16:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-20 16:22 - 2018-08-17 07:12 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 16:03 - 2018-08-17 07:12 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-09-20 16:00 - 2018-08-17 07:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-20 15:59 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-20 15:59 - 2016-09-25 04:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-09-20 15:55 - 2018-08-17 07:12 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2018-09-20 15:30 - 2017-05-29 15:03 - 000000000 ____D C:\Users\manu\AppData\LocalLow\Mozilla
2018-09-20 14:59 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-19 18:53 - 2018-08-17 07:12 - 000004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2018-09-19 18:53 - 2018-08-17 07:12 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2018-09-19 18:53 - 2018-08-17 07:12 - 000003692 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2018-09-19 18:53 - 2018-08-17 07:12 - 000003598 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-19 18:53 - 2018-08-17 07:12 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-19 18:53 - 2018-08-17 07:12 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3776255190-1875878540-3223138195-1001
2018-09-19 18:53 - 2018-08-17 07:12 - 000002820 _____ C:\WINDOWS\System32\Tasks\ACC
2018-09-19 18:53 - 2018-08-17 07:12 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2018-09-19 18:53 - 2018-08-17 07:12 - 000002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2018-09-19 18:53 - 2018-08-17 07:12 - 000002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2018-09-19 18:53 - 2018-08-17 07:12 - 000002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2018-09-19 18:53 - 2018-08-17 07:12 - 000002264 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (manu)
2018-09-19 18:53 - 2018-08-17 07:12 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2018-09-19 18:53 - 2018-08-17 07:12 - 000002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2018-09-19 18:53 - 2018-08-17 07:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-09-19 17:35 - 2016-09-19 21:54 - 000000000 ____D C:\Users\manu\AppData\Local\CrashDumps
2018-09-19 11:31 - 2018-08-17 06:36 - 000000000 ____D C:\Users\manu
2018-09-19 02:03 - 2016-09-19 21:59 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 22:31 - 2018-02-06 15:06 - 000000000 ____D C:\Users\manu\Desktop\conteggi famiglia
2018-09-17 23:17 - 2016-11-04 18:24 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-09-17 23:01 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-09-17 21:05 - 2016-09-20 19:17 - 000000000 ____D C:\Users\manu\AppData\Roaming\vlc
2018-09-17 14:04 - 2017-07-09 23:19 - 000000000 ____D C:\Users\manu\Desktop\videocanzoni bimbi
2018-09-17 11:57 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-09-15 16:27 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-13 17:40 - 2018-08-17 06:54 - 001751752 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-13 17:40 - 2018-04-12 18:25 - 000779338 _____ C:\WINDOWS\system32\perfh010.dat
2018-09-13 17:40 - 2018-04-12 18:25 - 000145864 _____ C:\WINDOWS\system32\perfc010.dat
2018-09-13 17:40 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-12 21:08 - 2016-11-04 18:23 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-09-11 20:08 - 2016-11-04 18:23 - 000163392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-09-08 00:16 - 2018-08-17 06:36 - 000002414 _____ C:\Users\manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-08 00:14 - 2016-09-20 12:34 - 000000000 ___RD C:\Users\manu\OneDrive
2018-09-05 08:47 - 2016-09-22 12:14 - 000000000 ____D C:\Users\manu\Desktop\foto da salvare
2018-09-05 08:16 - 2017-09-01 03:15 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-09-04 20:13 - 2016-11-04 18:23 - 000467320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-09-01 22:51 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-31 17:41 - 2016-11-04 18:23 - 000087904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-27 22:35 - 2016-10-04 18:33 - 000015360 _____ C:\Users\manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-08-26 09:05 - 2018-02-02 18:01 - 000000000 ____D C:\Users\manu\AppData\Local\Packages
2018-08-26 06:56 - 2018-08-10 21:33 - 000000000 ____D C:\Users\manu\Desktop\greyarea
2018-08-24 10:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-08-23 00:04 - 2017-11-17 04:56 - 000199712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000381560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000111864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-23 00:03 - 2016-11-04 18:22 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-23 00:02 - 2018-01-06 00:10 - 000249016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000229384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000201320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000059568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-21 14:17 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-21 07:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\appcompat
==================== Files in the root of some directories =======
2017-08-02 10:29 - 2005-11-10 12:13 - 000109495 _____ () C:\Program Files\audacity-1.2-help.htb
2017-08-02 10:29 - 2005-11-14 15:53 - 005255168 _____ () C:\Program Files\audacity.exe
2017-08-02 10:29 - 2003-06-29 16:25 - 000018759 _____ () C:\Program Files\LICENSE.txt
2017-08-02 10:29 - 2005-11-13 21:11 - 000028976 _____ () C:\Program Files\README.txt
2016-10-04 18:33 - 2018-08-27 22:35 - 000015360 _____ () C:\Users\manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-12 23:22 - 2018-07-12 23:22 - 000000017 _____ () C:\Users\manu\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2018-09-20 16:20 - 2018-08-03 05:38 - 001945792 _____ (Microsoft Corporation) C:\Users\manu\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-17 06:27
==================== End of FRST.txt ============================
Post unito automaticamente: 20 Settembre 2018
Post unito automaticamente: 20 Settembre 2018
a occhio ha risolto ADWCLEANER e aveva a che fare con amazon ma possibile?? non dovrebbero essere siti supercontrollati?
ad ogni buon conto grazie mille davvero
Post unito automaticamente: 20 Settembre 2018
aggiungo che la "pulizia" ha rimosso dalle estensioni adremover for google chrome TM, anche questa cosa mi sembra incredibile, nemmeno le app di google cono sicure?