hanstrackr.com

volpege

Nuovo Utente
50
1
ciao tutti. sono infestata da hanstrackr.com,
me lo segnalano l'antivirus e due antimalware. mi viene bloccato ad ogni avvio di chrome e al lancio di ogni nuova scheda.
vorrei eliminarlo definitivamente, ma le procedure suggerite nn funzionano: non lo trovo tra i programmi da disinstallare, nè nelle applicazioni di chrome, nè nel registro, sia come hanstrack.com che come js.miner. l'antimalware non lo trova al momento della scansione, lo blocca solo quando si attiva...
inoltre nel messaggio mi da il percorso, ma termina con chrome.exe, non so più come/dove scovarlo
suggerimenti? grazie
 

Blume.

Moderatore
Staff Forum
Utente Èlite
24,330
11,203
CPU
I7 8700K
Dissipatore
Silent loop B-Quiet 360
Scheda Madre
Fatal1ty Z370 Gaming K6
HDD
3 Tera su Western Digital 3 Tera su Toshiba p300 3Ssd da 500Gb
RAM
Corsair Vengeance DDR4 LPX 4X4Gb 2666Mhz
GPU
Msi Gtx 1080Ti Gaming Trio X
Audio
Integrata
Monitor
SyncMaster P2470HD
PSU
Evga Supernova 650W G2
Case
Dark Base 700 B-Quiet
Net
100/50 Ftth Fastweb
OS
Windows 10Pro. 64Bit
ciao tutti. sono infestata da hanstrackr.com,
me lo segnalano l'antivirus e due antimalware. mi viene bloccato ad ogni avvio di chrome e al lancio di ogni nuova scheda.
vorrei eliminarlo definitivamente, ma le procedure suggerite nn funzionano: non lo trovo tra i programmi da disinstallare, nè nelle applicazioni di chrome, nè nel registro, sia come hanstrack.com che come js.miner. l'antimalware non lo trova al momento della scansione, lo blocca solo quando si attiva...
inoltre nel messaggio mi da il percorso, ma termina con chrome.exe, non so più come/dove scovarlo
suggerimenti? grazie
@danilo79 questa credo proprio sia materia tua...:asd:
 

volpege

Nuovo Utente
50
1
ciao Danilo, grazie per la risposa, ho fatto tutto quello che c'è indicato. ti giro i report

1) malware byte non ha trovato alcuna minaccia
***************************************

2)adw cleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-20-2018
# Duration: 00:01:01
# OS: Windows 10 Home
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Pokki
Deleted C:\Program Files\Booking.com

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\Amazon 1Button App Service
Deleted HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A1097E3-B44E-40CD-BF45-0E0597B2B62D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

AdwCleaner_Debug.log - [17345 octets] - [20/09/2018 15:53:23]
AdwCleaner[S00].txt - [3470 octets] - [20/09/2018 15:55:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


*******************
3)rogue killer

RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.17134) 64 bits version
Iniziato in : Modalità Normale
Utente : manu [Amministratore]
Iniziato da : C:\Users\manu\Downloads\RogueKiller_portable64.exe
Modalità : Scansione -- Data : 09/20/2018 16:21:59 (Durata : 01:46:08)

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer15.msn.com/?pc=ACTE -> Trovato
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer15.msn.com/?pc=ACTE -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Amazon Assistant for Chrome [pbjikboenpfhbbejgkoklgkhjpfogcam] -> Trovato

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] a96436fae8184cc377b3ba44f44b63e7
[BSP] 86dc774a608e7ea45f82b297193dcd05 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 476322 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 975747072 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

*******************************
4)FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by manu (administrator) on LAPTOP-GSCBSUE1 (20-09-2018 18:20:12)
Running from C:\Users\manu\Desktop
Loaded Profiles: manu (Available Profiles: manu)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-23] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-01-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2437920 2017-10-02] (Acer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{848d29fb-5e62-47ce-aa9f-34e821114d16}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{ffeefb1b-1d4e-4699-b213-ba737a2d15f2}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3776255190-1875878540-3223138195-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE

Edge:
======
Edge Session Restore: HKU\S-1-5-21-3776255190-1875878540-3223138195-1001 -> is enabled.

FireFox:
========
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2016-04-01] [Legacy]
FF Extension: (Italiano (IT) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-it@firefox.mozilla.org [2016-04-01] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2016-04-01] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR Profile: C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default [2018-09-20]
CHR Extension: (Presentazioni) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-20]
CHR Extension: (Documenti) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-20]
CHR Extension: (Google Drive) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19]
CHR Extension: (YouTube) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-19]
CHR Extension: (Fogli) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-20]
CHR Extension: (Blocco dei Popup) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-17]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2018-03-20]
CHR Extension: (Superblock - Adblocker) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\miijbmhjndcihicbljlcieiajhemmdeb [2018-03-23]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-09-20]
CHR Extension: (Gmail) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19]
CHR Extension: (Popup Blocker) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjolhppbbmaffkmidmihgjgcohhdnjfn [2017-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-20]
CHR Profile: C:\Users\manu\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-23] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-30] (Windows (R) Win 7 DDK provider) [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-05] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-08-23] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278616 2017-03-20] (Acer Incorporated)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-09-17] (EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-11] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-11] (Acer Incorporated)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-09-17] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmdag.sys [36566432 2017-10-24] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0319312.inf_amd64_1bd7dae294b3987b\atikmpag.sys [537504 2017-10-24] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [84224 2015-08-22] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-01-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [199712 2018-08-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229384 2018-08-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201320 2018-08-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59568 2018-08-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-21] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249016 2018-08-23] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163392 2018-09-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111864 2018-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87904 2018-08-31] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381560 2018-08-23] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320176 2018-01-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-01-24] (Advanced Micro Devices)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-09-20] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [175288 2015-04-14] (ELAN Microelectronic Corp.)
R3 Kb9xI2c; C:\WINDOWS\System32\drivers\Kb9xI2c.sys [37888 2015-05-19] (ENE TECHNOLOGY INC.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21408 2016-03-11] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-09-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-09-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-09-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-09-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-09-20] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14752 2016-03-11] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-02-06] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2018-01-24] (Realsil Semiconductor Corporation)
R0 stormmc; C:\WINDOWS\System32\drivers\stormmc.sys [43912 2018-01-24] (Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-20 18:20 - 2018-09-20 18:22 - 000015455 _____ C:\Users\manu\Desktop\FRST.txt
2018-09-20 18:20 - 2018-09-20 18:20 - 000000000 ____D C:\FRST
2018-09-20 18:18 - 2018-09-20 18:18 - 002413568 _____ (Farbar) C:\Users\manu\Desktop\FRST64.exe
2018-09-20 18:14 - 2018-09-20 18:14 - 000003578 _____ C:\Users\manu\Desktop\rogue.txt
2018-09-20 16:22 - 2018-09-20 16:22 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-09-20 16:20 - 2018-09-20 18:15 - 000000000 ____D C:\ProgramData\RogueKiller
2018-09-20 16:16 - 2018-09-20 16:16 - 000003470 _____ C:\Users\manu\Desktop\AdwCleaner[C00].txt
2018-09-20 16:14 - 2018-09-20 16:15 - 027149880 _____ (Adlice Software) C:\Users\manu\Downloads\RogueKiller_portable64.exe
2018-09-20 15:51 - 2018-09-20 15:56 - 000000000 ____D C:\AdwCleaner
2018-09-20 15:48 - 2018-09-20 15:48 - 007571152 _____ (Malwarebytes) C:\Users\manu\Downloads\adwcleaner_7.2.3.1.exe
2018-09-20 13:07 - 2018-09-20 13:07 - 000000000 ____D C:\Users\manu\AppData\Roaming\Google
2018-09-19 09:31 - 2018-09-19 09:31 - 000054281 _____ C:\Users\manu\Desktop\terza rata 18.pdf
2018-09-17 23:17 - 2018-09-17 23:17 - 000001971 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-09-17 23:01 - 2018-08-23 00:04 - 000379608 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-09-17 22:58 - 2018-09-20 16:02 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-17 22:57 - 2018-09-20 16:02 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-17 22:57 - 2018-09-17 22:57 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-09-17 22:56 - 2018-09-17 22:56 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-17 22:56 - 2018-09-17 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-17 22:56 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-17 22:55 - 2018-09-17 22:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-17 22:55 - 2018-09-17 22:55 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-17 22:48 - 2018-09-17 22:49 - 076534856 _____ (Malwarebytes ) C:\Users\manu\Downloads\mb3-setup-35891.35891-3.5.1.2522-1.0.365-1.0.5292.exe
2018-09-17 12:42 - 2018-09-20 16:04 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-09-17 12:40 - 2018-09-17 23:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-09-17 12:40 - 2018-09-17 12:40 - 000001059 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-09-17 12:40 - 2018-09-17 12:40 - 000000000 ____D C:\sh5ldr
2018-09-17 12:40 - 2018-09-17 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-09-17 12:36 - 2018-09-17 12:36 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-09-17 12:10 - 2018-09-17 17:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-09-10 16:25 - 2018-09-10 16:25 - 000053760 _____ C:\Users\manu\Downloads\MovimentiCC_2018_09_10_1536589550050.xls
2018-09-10 16:22 - 2018-09-10 16:22 - 000057344 _____ C:\Users\manu\Downloads\MovimentiCC_2018_09_10_1536589331874.xls
2018-08-28 22:41 - 2018-09-17 10:54 - 000000000 ____D C:\Users\manu\AppData\Local\D3DSCache
2018-08-28 11:50 - 2018-08-28 11:50 - 000000000 ____D C:\Users\manu\Desktop\CELL20180828
2018-08-26 09:03 - 2018-08-26 22:33 - 000000000 ____D C:\Users\manu\AppData\Local\PlaceholderTileLogoFolder
2018-08-21 23:24 - 2018-08-21 23:24 - 000000000 ____D C:\ProgramData\Packages

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-20 18:12 - 2018-08-17 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-20 17:17 - 2018-08-17 07:12 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{372954F5-818B-4C55-BE48-E01A266760F7}
2018-09-20 16:36 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-20 16:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-20 16:22 - 2018-08-17 07:12 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 16:03 - 2018-08-17 07:12 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-09-20 16:00 - 2018-08-17 07:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-20 15:59 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-20 15:59 - 2016-09-25 04:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-09-20 15:55 - 2018-08-17 07:12 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2018-09-20 15:30 - 2017-05-29 15:03 - 000000000 ____D C:\Users\manu\AppData\LocalLow\Mozilla
2018-09-20 14:59 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-19 18:53 - 2018-08-17 07:12 - 000004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2018-09-19 18:53 - 2018-08-17 07:12 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2018-09-19 18:53 - 2018-08-17 07:12 - 000003692 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2018-09-19 18:53 - 2018-08-17 07:12 - 000003598 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-19 18:53 - 2018-08-17 07:12 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-19 18:53 - 2018-08-17 07:12 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3776255190-1875878540-3223138195-1001
2018-09-19 18:53 - 2018-08-17 07:12 - 000002820 _____ C:\WINDOWS\System32\Tasks\ACC
2018-09-19 18:53 - 2018-08-17 07:12 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2018-09-19 18:53 - 2018-08-17 07:12 - 000002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2018-09-19 18:53 - 2018-08-17 07:12 - 000002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2018-09-19 18:53 - 2018-08-17 07:12 - 000002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2018-09-19 18:53 - 2018-08-17 07:12 - 000002264 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (manu)
2018-09-19 18:53 - 2018-08-17 07:12 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2018-09-19 18:53 - 2018-08-17 07:12 - 000002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2018-09-19 18:53 - 2018-08-17 07:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-09-19 17:35 - 2016-09-19 21:54 - 000000000 ____D C:\Users\manu\AppData\Local\CrashDumps
2018-09-19 11:31 - 2018-08-17 06:36 - 000000000 ____D C:\Users\manu
2018-09-19 02:03 - 2016-09-19 21:59 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 22:31 - 2018-02-06 15:06 - 000000000 ____D C:\Users\manu\Desktop\conteggi famiglia
2018-09-17 23:17 - 2016-11-04 18:24 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-09-17 23:01 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-09-17 21:05 - 2016-09-20 19:17 - 000000000 ____D C:\Users\manu\AppData\Roaming\vlc
2018-09-17 14:04 - 2017-07-09 23:19 - 000000000 ____D C:\Users\manu\Desktop\videocanzoni bimbi
2018-09-17 11:57 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-09-15 16:27 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-13 17:40 - 2018-08-17 06:54 - 001751752 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-13 17:40 - 2018-04-12 18:25 - 000779338 _____ C:\WINDOWS\system32\perfh010.dat
2018-09-13 17:40 - 2018-04-12 18:25 - 000145864 _____ C:\WINDOWS\system32\perfc010.dat
2018-09-13 17:40 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-12 21:08 - 2016-11-04 18:23 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-09-11 20:08 - 2016-11-04 18:23 - 000163392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-09-08 00:16 - 2018-08-17 06:36 - 000002414 _____ C:\Users\manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-08 00:14 - 2016-09-20 12:34 - 000000000 ___RD C:\Users\manu\OneDrive
2018-09-05 08:47 - 2016-09-22 12:14 - 000000000 ____D C:\Users\manu\Desktop\foto da salvare
2018-09-05 08:16 - 2017-09-01 03:15 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-09-04 20:13 - 2016-11-04 18:23 - 000467320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-09-01 22:51 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-31 17:41 - 2016-11-04 18:23 - 000087904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-27 22:35 - 2016-10-04 18:33 - 000015360 _____ C:\Users\manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-08-26 09:05 - 2018-02-02 18:01 - 000000000 ____D C:\Users\manu\AppData\Local\Packages
2018-08-26 06:56 - 2018-08-10 21:33 - 000000000 ____D C:\Users\manu\Desktop\greyarea
2018-08-24 10:22 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-08-23 00:04 - 2017-11-17 04:56 - 000199712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000381560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000111864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-23 00:04 - 2016-11-04 18:23 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-23 00:03 - 2016-11-04 18:22 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-23 00:02 - 2018-01-06 00:10 - 000249016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000229384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000201320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-23 00:02 - 2017-03-05 03:43 - 000059568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-21 14:17 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-21 07:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2017-08-02 10:29 - 2005-11-10 12:13 - 000109495 _____ () C:\Program Files\audacity-1.2-help.htb
2017-08-02 10:29 - 2005-11-14 15:53 - 005255168 _____ () C:\Program Files\audacity.exe
2017-08-02 10:29 - 2003-06-29 16:25 - 000018759 _____ () C:\Program Files\LICENSE.txt
2017-08-02 10:29 - 2005-11-13 21:11 - 000028976 _____ () C:\Program Files\README.txt
2016-10-04 18:33 - 2018-08-27 22:35 - 000015360 _____ () C:\Users\manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-12 23:22 - 2018-07-12 23:22 - 000000017 _____ () C:\Users\manu\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-09-20 16:20 - 2018-08-03 05:38 - 001945792 _____ (Microsoft Corporation) C:\Users\manu\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-17 06:27

==================== End of FRST.txt ============================
Post unito automaticamente:


Post unito automaticamente:

a occhio ha risolto ADWCLEANER e aveva a che fare con amazon ma possibile?? non dovrebbero essere siti supercontrollati?
ad ogni buon conto grazie mille davvero
Post unito automaticamente:

aggiungo che la "pulizia" ha rimosso dalle estensioni adremover for google chrome TM, anche questa cosa mi sembra incredibile, nemmeno le app di google cono sicure?
 
Ultima modifica:

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!

Discussioni Simili