RISOLTO Malware Cadavers!

LupoVelenos · 1 Aprile 2018

.MaxTechnology ha detto:
Tienici aggiornati, forse avrò dimenticato/sbagliato qualcosa io ;) può capitare

Il processo continua a presentarsi ad ogni riavvio ! Ho provato a cancellare il file ma non ha prodotto risultati ! Però adesso se lo termino non si riproduce più !

.MaxTechnology · 1 Aprile 2018

LupoVelenos ha detto:
Il processo continua a presentarsi ad ogni riavvio ! Ho provato a cancellare il file ma non ha prodotto risultati ! Però adesso se lo termino non si riproduce più !

Per cortesia, i log forniti in precedenza(ADDITION,FRST) sono quelli aggiornati^ intendo con questo piccolo sviluppo, grazie. Forse ho individuato il motivo ma vorrei esserne certo

max

LupoVelenos · 1 Aprile 2018

.MaxTechnology ha detto:
Per cortesia, i log forniti in precedenza(ADDITION,FRST) sono quelli aggiornati^ intendo con questo piccolo sviluppo, grazie. Forse ho individuato il motivo ma vorrei esserne certo

max

te li faccio subito 30 sec

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 20:50:44)
Running from C:\Users\Peppe\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-09-30 11:46:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2921988991-613299845-3104574246-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2921988991-613299845-3104574246-501 - Limited - Disabled)
Peppe (S-1-5-21-2921988991-613299845-3104574246-1000 - Administrator - Enabled) => C:\Users\Peppe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1025 - DsNET Corp)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioniX Wallpaper Changer v9 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\BioniX Wallpaper Changer v9) (Version: - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canopus Codec Option 6.01 (HKLM-x32\...\{28C515CC-489B-4c02-898E-FE5B790E52FF}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Championify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Championify) (Version: 2.0.4 - Dustin Blackman)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DaVinci Resolve (HKLM\...\{993A1353-910B-41B1-9846-7BD2E15641D5}) (Version: 12.0.1006 - Blackmagic Design)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.118 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.118 - Polenter - Software Solutions)
Discord (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
EDIUS (HKLM\...\{E7CCB338-2A54-4F44-947B-958BD847A5D3}) (Version: 7.50 - Grass Valley K.K.)
EDIUS 6.01 (HKLM-x32\...\{B91A1230-C199-421e-8F63-7235731D925E}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
EDIUS Codec Option 7.50 (HKLM-x32\...\{7E4E5B65-9B8B-4ECE-9C1F-9C96DA0BC620}) (Version: 7.50 - Grass Valley K.K.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.1203 - Steinberg Media Technologies GmbH)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{7A92850A-3660-487C-BE6B-0D054942570B}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX100_TX100 Manuale (HKLM-x32\...\EPSON Stylus SX100_TX100 Guida utente) (Version: - )
EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
GitHub (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.2.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Heroes of the Storm Public Test (HKLM-x32\...\Heroes of the Storm Public Test) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HOTSLogsUploader (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Keep Talking and Nobody Explodes 1.1.4 (HKLM-x32\...\Keep Talking and Nobody Explodes 1.1.4) (Version: 1.1.4 - Steel Crate Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LCDSirReal - a multipurpose plugin for the Logitech G13/G15 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\LCDSirReal) (Version: - Link Data Stockholm)
League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes versione 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
M-Audio M-Track 2X2M 1.0.6 (HKLM\...\{A1AD4677-B615-4E51-B559-E0145F0FE3A7}) (Version: 1.0.6 - M-Audio)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Mozilla Firefox 56.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 it)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1040}) (Version: 8.3.465 - Nero AG)
Nier Automata (HKLM-x32\...\{0F48043A-5115-42C3-B1B3-958AC3A319CF}_is1) (Version: - Square Enix)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.1.2 - Duodian Technology Co. Ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (HKLM-x32\...\{43509E18-076E-40FE-AF38-CA5ED400A5A9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Redout Enhanced Edition Neptune Pack (HKLM-x32\...\Redout Enhanced Edition Neptune Pack_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.1.1 - ShareX Team)
Sky Go Download Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\690096451.skygo.sky.it) (Version: - skygo.sky.it)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart-X7 7.80 (HKLM\...\WheelMouse) (Version: - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
SoundSwitch 4.3.6643.23689 (HKLM\...\SoundSwitch_is1) (Version: 4.3.6643.23689 - Antoine Aflalo)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Startup Optimizer 1.6 (HKLM-x32\...\Startup Optimizer_is1) (Version: - Cyberlion Solutions Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE AI Elements 9 (HKLM\...\{E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}) (Version: 9.0.1 - Steinberg Media Technologies GmbH)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 Host (MSI Wrapper) (HKLM-x32\...\{146C4A0D-592D-4D7E-A637-6BC18BA614F8}) (Version: 12.1.6829 - TeamViewer)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Thimbleweed Park (HKLM-x32\...\1325604411_is1) (Version: 1.0.955 - GOG.com)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
TunesKit Spotify Converter 1.2.1.100 (HKLM-x32\...\TunesKit Spotify Converter_is1) (Version: - TunesKit, Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.52 - VSO Software)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WarRock (HKLM-x32\...\Warrock EU) (Version: - )
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {342C16A9-1225-4A48-96C0-6212CDE49072} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-13] ()
Task: {43ECB724-D5A7-43E2-B4AE-EB0B718CEDAF} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {50D67F8C-89B8-415C-83B7-E1159DFDC2BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-01] (AVAST Software)
Task: {52C11248-CFEA-40C6-AE02-C23BB533A609} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {54876FB3-2555-4A3D-A4D2-4C2BD6BC7AEC} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {5A5F73DE-5F06-41B8-985A-8CFB1D002B18} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {5CF391B2-9CD8-45A6-AD15-4098F6ADB9CD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {6083B581-E2C7-497B-A55A-ED50BE8D6E8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-05] (AVAST Software)
Task: {7255F974-1275-4EB5-BDBB-CD9CE21C6267} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8225076B-9A2D-476B-83DD-81FAB6A4C075} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {885BD0A2-A46A-4762-82DA-6F7AEFC07730} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {8B940028-C506-4B94-A223-83055C1545FB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8B940028-C506-4B94-A223-83055C1545FB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8B940028-C506-4B94-A223-83055C1545FB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ACA6B3AF-306E-464F-A234-11E19E1F6F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B92FB331-15EC-45A3-BA12-7BB323F6BBFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {C161BAEC-D415-45CC-9167-024E993F966F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {CAFB815E-F7AA-4A1A-A32F-09CDF204E458} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {D6A18C6F-323B-469B-B06B-A9A9FBA57729} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {DB2DCE1D-C1FC-48F9-A4A6-1FE43D01A41F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {E8C62854-E833-47D8-9BB1-2155662F50CC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 001225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-30 15:24 - 2013-07-24 10:16 - 001425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2017-07-12 13:22 - 2017-07-12 13:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 13:22 - 2017-07-12 13:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 000866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 001050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 000242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-11-13 14:10 - 2000-01-01 02:00 - 000196608 _____ () C:\Program Files\Mouse\Amoumain.exe
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-06 23:58 - 2018-03-06 23:58 - 000089984 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2015-07-18 22:00 - 2016-07-31 21:53 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-01 05:36 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2011-06-21 11:14 - 2011-06-21 11:14 - 000207872 _____ () C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
2018-03-21 03:13 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2018-04-01 05:24 - 2018-04-01 05:24 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-01 14:40 - 2018-04-01 14:40 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18040100\algo.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-30 15:26 - 2013-08-13 20:46 - 002745344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-30 15:24 - 2013-08-08 10:44 - 001139200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-30 15:25 - 2013-06-24 15:59 - 001173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-09-30 15:24 - 2013-06-04 19:41 - 000662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-30 15:24 - 2013-07-31 20:05 - 005773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-30 15:24 - 2010-06-21 15:21 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-09-30 15:09 - 2018-04-01 20:37 - 000027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2018-04-01 05:25 - 2018-04-01 05:25 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-11 16:38 - 2000-01-01 02:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{66007900-6900-6800-6200-470032003600} [192]
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} [748]
AlternateDataStreams: C:\Users\Peppe:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-23 19:48 - 2018-04-01 06:25 - 000000511 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 mpa.one.microsoft.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spoti15Autostart => "C:\Users\Peppe\Downloads\Spoti15_fix_by_nima158\Release\Spoti15.exe" -autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peppe\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A3A59915-427B-494E-A622-82A59F4DA8BD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{64E16E3D-C230-4491-8D5C-C2A5F9E5056B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F26BE04-A505-4ABF-919D-AD642F27D51B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D81436F-15FB-4143-99C8-DB261813F64B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F1C2A98-ABB7-4575-914B-606C0AA9587C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3087EB8-F16E-45EE-9302-CEC891FC9C29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF88EC1-A8F0-499C-960F-2FFBF618EFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2B4B39B-08A1-4A5B-BCF9-AE941F330A97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{225B4C9A-F34D-4B7B-A6B0-9325D1776C18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63950430-0921-4779-9FA9-053A0E421B51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D72CD56-2E16-4316-AD2F-A85CEBD0E05E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7A7B648F-36AC-4213-A91B-88872A590AB0}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8D46AAEE-D439-48BC-9247-C24EA9E9905B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2F6FDF15-D135-4909-BF3C-5AF866BB97AF}] => (Allow) LPort=4481
FirewallRules: [{FA0DB5FA-25C0-45A7-A522-1D414818A12B}] => (Allow) LPort=4481
FirewallRules: [{A892D951-F776-4DE4-B8B8-61CFF450DAA3}] => (Allow) LPort=4482
FirewallRules: [{BF3E8268-5D92-4949-903D-446E3D373AA1}] => (Allow) LPort=4482
FirewallRules: [{E7E639A6-305A-473B-8384-584BAAFD8912}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D61D3BAC-5ECC-48BA-9F2D-16B24C159237}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B4627E5-3559-4A53-A14F-4808F7263E77}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [UDP Query User{5E6A5FA4-2169-48C2-88B6-749E8DB2395B}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [TCP Query User{55ACBA91-B223-4FD7-8862-793CC72A47FD}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F3A79791-5DA0-49FD-A6A2-1009648B510E}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{51FDE9D4-A93B-4123-8303-1D960759709C}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA910F7A-8C41-4688-B933-4B0F65299C98}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0454318D-3FE4-4FA8-8931-A99D8A27EF22}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8C18AFBE-A306-4DFA-A461-CB98423960B5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{53E59F4A-37F9-47A6-B8AB-F27DDDD4D3C1}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C8F88B47-E566-41EF-B047-5B91C0A2E337}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8C753392-D2C2-461C-8659-2AF2B09319A7}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B47133E7-0EB5-464D-9B7F-BEACFDCBDF4C}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92A2FF91-B16A-415F-B2EF-A654457F5E44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1142F39E-2025-4078-9DAE-5632983F608D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4D8EA730-DC2A-489D-A5F3-5586926F4DEA}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [UDP Query User{7B346264-1CD7-4EEC-9567-6B7F8E228619}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [{FFCAFFFF-EDDF-4F07-A09B-4348A4E258E8}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DE892CE3-1897-4C67-AC36-54BA20D93958}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F93DB709-E6FA-4AAF-8F24-3B47AFEAE821}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1AC1AD2D-B6D5-4137-B489-7E76DA727340}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC1D5F44-B451-4684-8110-D8EF51CD8891}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{FAE21213-D420-44F2-AAFC-24EF77AE3859}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B93C6F4C-8CC5-4E85-84E5-F132F16D1B8F}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{23384FD3-E699-47B1-ACF7-0B0654EBC160}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{34B4986E-8092-4FCB-8DE8-FD0779B4BFFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6907BB7-AD03-4227-86D6-2A45F2BCA1FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F64BB74C-AE97-4D7E-A7D1-A4E501E1803F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7D29240D-05B6-4F27-A5E7-B4896EBFC6C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60F791D7-298A-46BF-8028-D07C47630670}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 07:16:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato.
.
L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente.

Operazione:
Raccolta dei dati del processo di scrittura

Contesto:
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {9746529f-53b9-4f10-aa3b-f0efdd5d2146}

Error: (04/01/2018 02:01:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Cadavers.exe versione 9.5.8.166 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1c50

Ora di avvio: 01d3c9af2e792f65

Ora di chiusura: 3

Percorso applicazione: C:\Users\Peppe\AppData\Local\Cadavers.exe

ID segnalazione: 5437df03-35a4-11e8-97b5-00ac31a303cd

Error: (04/01/2018 12:15:59 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (1964) Tentativo di apertura del file "C:\Users\Peppe\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" per accesso in sola lettura non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (01/01/2000 12:05:59 AM) (Source: TracerX - SoundSwitch) (EventID: 10004) (User: )
Description: 23:05:58.862 <null> SoundSwitch+ Exception while getting release Exception type: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System
StackTrace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Inner Exception type: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
StackTrace:
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Error: (04/01/2018 04:19:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Explorer.EXE versione 6.1.7601.17567 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1390

Ora di avvio: 01d3c95ef8043115

Ora di chiusura: 60000

Percorso applicazione: C:\Windows\Explorer.EXE

ID segnalazione: d4f02294-3552-11e8-af03-00ac31a303cd

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (04/01/2018 08:39:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni predefinite del computer non concedono l'autorizzazione di Attivazione Locale per l'applicazione server COM con CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
e APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (04/01/2018 08:38:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
VBoxNetAdp

Error: (04/01/2018 08:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Origin Web Helper Service non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 08:38:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Origin Web Helper Service.

Error: (04/01/2018 08:38:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Mobizen plugin non è stato avviato per il seguente errore:
Impossibile trovare il file specificato.

Error: (04/01/2018 08:37:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Intel(R) Host Controller Interface (non-volatile memory) terminato con l'errore:
Impossibile trovare il modulo specificato.

Error: (04/01/2018 08:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Windows Firewall dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore:
Impossibile avviare il servizio. Il servizio è disabilitato oppure non è associato ad alcun dispositivo attivo.

Error: (04/01/2018 08:29:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Windows Defender:
===================================
Date: 2015-04-16 02:37:00.595
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4212;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:39:00.772
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:37:00.653
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 11:17:40.482
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 02:39:01.254
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4424;process:pid:7588;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

CodeIntegrity:
===================================

Date: 2018-04-01 18:37:09.290
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.249
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.094
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.056
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 34%
Total physical RAM: 8130.15 MB
Available physical RAM: 5295.71 MB
Total Virtual: 16258.5 MB
Available Virtual: 12316.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:209.73 GB) NTFS

\\?\Volume{ef14e60e-4896-11e4-992e-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BB9EC00)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peppe (administrator) on ADMINISTRATOR (01-04-2018 20:49:58)
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe (Available Profiles: Peppe & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(M-Audio) C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Mouse\Amoumain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
() C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-04-01] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1008832 2018-03-10] (SoundSwitch)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0ab1aa23-1432-11e5-ac98-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0c848b72-d75e-11e7-98ea-00ac31a303cd} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {3ae279b5-f628-11e4-9c0a-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {58ce6838-f2d4-11e7-8e9d-00ac31a303cd} - H:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {9c599feb-1b35-11e5-90f3-10c37b50a90d} - G:\stp-fifa18.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {beab5097-c1bc-11e7-8195-00ac31a303cd} - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {e1a26777-41b7-11e5-aca0-10c37b50a90d} - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {f8d5210f-cc95-11e7-aed9-00ac31a303cd} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-03-31]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-01] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-12-14] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: s1qci7f5.default
FF ProfilePath: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default [2018-04-01]
FF user.js: detected! => C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\s1qci7f5.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF NewTab: Mozilla\Firefox\Profiles\s1qci7f5.default -> about:newtab
FF Extension: (System Table) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Extension: (Avast SafePrice) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\sp@avast.com.xpi [2017-08-15]
FF Extension: (Avast Online Security) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\wrc@avast.com.xpi [2018-02-07]
FF SearchPlugin: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\searchplugins\google-avast.xml [2016-09-17]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-12-22] (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-12-14] (Perfect World Entertainment Inc)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2921988991-613299845-3104574246-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peppe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://ibfhiehdjpogpbdcicjnphklppinghjj/index.html"
CHR Profile: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Presentazioni) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2000-01-01]
CHR Extension: (Google Drive) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-22]
CHR Extension: (Google Search) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Fogli) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2000-01-01]
CHR Extension: (Google Documenti offline) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Speed Dial 3™(APP)) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfhiehdjpogpbdcicjnphklppinghjj [2015-06-11]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speechnotes - Dettatura Notepad) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekipbefdbacebgkjjdgoiofdbhocok [2018-01-13]
CHR Extension: (Gmail) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Teddy Protection Lite) - C:\Users\Peppe\AppData\Roaming\Opera Software\Opera Stable\Extensions\nojkagbjbhgnilkopgljfkhddmdjcjfn [2017-03-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-09] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-12-14] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-04-01] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-04-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-15] ()
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68832 2015-03-30] (Grass Valley K.K.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-20] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MTrack2X2MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe [595032 2016-12-13] (M-Audio)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-25] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-07-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-07-31] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsaudio; C:\Windows\SysWOW64\wsaudio.dll [1072128 2015-07-22] () [File not signed]
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-04-01] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-01] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-01] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-01] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-04-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-01] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-01] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-01] (AVAST Software)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-05] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
S3 maxjoypad; C:\Windows\System32\DRIVERS\maxjoypad.sys [18880 2016-08-05] (Windows (R) Win 7 DDK provider)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2000-01-01] (Intel Corporation)
S3 MTRACK2X2M; C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys [569432 2016-12-13] (M-Audio)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [38432 2017-07-24] (SoftEther Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125520 2015-10-02] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-08-22] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R2 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [270608 2018-01-24] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 20:49 - 2018-04-01 20:50 - 000030230 _____ C:\Users\Peppe\Desktop\FRST.txt
2018-04-01 19:28 - 2018-04-01 20:39 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-01 19:16 - 2018-04-01 19:19 - 000007660 _____ C:\Users\Peppe\Desktop\Fixlog.txt
2018-04-01 19:13 - 2018-04-01 19:13 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\AMD
2018-04-01 19:10 - 2018-04-01 19:16 - 000000000 ____D C:\Users\Peppe\AppData\Local\AMD
2018-04-01 19:03 - 2018-04-01 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2018-04-01 19:03 - 2018-04-01 19:03 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-04-01 19:03 - 2018-04-01 19:03 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-01 19:01 - 2018-04-01 19:01 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-04-01 19:00 - 2018-04-01 19:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-01 19:00 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-04-01 19:00 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-04-01 18:59 - 2018-04-01 18:59 - 000000000 ____D C:\Users\Peppe\AppData\Local\RadeonInstaller
2018-04-01 18:58 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files\AMD
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\settings
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\DDU Logs
2018-04-01 18:51 - 2018-04-01 18:51 - 000000000 ____D C:\Users\Peppe\Desktop\x64
2018-04-01 18:51 - 2018-02-27 20:36 - 000615936 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.pdb
2018-04-01 18:51 - 2015-09-06 13:26 - 000000224 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.exe.config
2018-04-01 18:49 - 2018-04-01 18:52 - 000309986 _____ C:\Windows\ntbtlog.txt
2018-04-01 18:46 - 2018-04-01 18:46 - 051965752 _____ (AMD Inc.) C:\Users\Peppe\Downloads\radeon-crimson-relive-17.7.2-minimalsetup-170727_web.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 004179293 _____ (Lavalys, Inc. ) C:\Users\Peppe\Downloads\everesthome220.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 000001102 _____ C:\Users\Administrator\Desktop\EVEREST Home Edition.lnk
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\Program Files (x86)\Lavalys
2018-04-01 18:34 - 2018-04-01 18:34 - 001100518 _____ C:\Users\Peppe\Downloads\[Guru3D.com]-DDU (1).zip
2018-04-01 17:23 - 2018-04-01 17:23 - 000069011 _____ C:\Users\Peppe\Downloads\Addition.txt
2018-04-01 17:22 - 2018-04-01 20:49 - 000000000 ____D C:\FRST
2018-04-01 17:22 - 2018-04-01 17:23 - 000055091 _____ C:\Users\Peppe\Downloads\FRST.txt
2018-04-01 17:22 - 2018-04-01 17:22 - 002403328 _____ (Farbar) C:\Users\Peppe\Desktop\FRST64.exe
2018-04-01 17:06 - 2018-04-01 17:06 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\adwcleaner_7.0.8.0.exe
2018-04-01 16:57 - 2018-04-01 16:59 - 000000000 ____D C:\Program Files (x86)\Startup Optimizer
2018-04-01 16:57 - 2018-04-01 16:57 - 001147120 _____ (Cyberlion Solutions Inc. ) C:\Users\Peppe\Downloads\StartOpt.exe
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Peppe\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Administrator\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer
2018-04-01 16:48 - 2018-04-01 16:48 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashReportClient
2018-04-01 05:59 - 2018-04-01 12:19 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-01 05:57 - 2018-04-01 14:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-01 05:52 - 2018-04-01 05:56 - 036513656 _____ (Adlice Software ) C:\Users\Peppe\Downloads\RogueKiller_setup (1).exe
2018-04-01 05:50 - 2018-04-01 12:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\36659E07.sys
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\Users\Peppe\Desktop\mbar
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-01 05:49 - 2018-04-01 12:26 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-01 05:49 - 2018-04-01 05:49 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Peppe\Downloads\mbar-1.10.3.1001.exe
2018-04-01 05:48 - 2018-04-01 05:48 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\AdwCleaner.exe
2018-04-01 05:36 - 2018-04-01 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000448512 _____ (OldTimer Tools) C:\Users\Peppe\Downloads\TFC.exe
2018-04-01 05:36 - 2018-04-01 05:36 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-01 05:36 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-01 05:35 - 2018-04-01 05:35 - 071942408 _____ (Malwarebytes ) C:\Users\Peppe\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-01 05:25 - 2018-04-01 05:25 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 04:57 - 2018-04-01 04:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-01 03:13 - 2018-04-01 03:13 - 000000909 ____R C:\Windows\system32\Drivers\etc\hosts.20180401-031326.backup
2018-04-01 02:27 - 2018-04-01 02:45 - 000000000 ____D C:\ProgramData\e1604ea055
2018-04-01 02:27 - 2018-04-01 02:43 - 000000000 ____D C:\Program Files (x86)\hennigan
2018-04-01 02:27 - 2018-04-01 02:27 - 000000012 _____ C:\Windows\b81125234
2018-04-01 02:27 - 2018-04-01 02:27 - 000000000 ___HD C:\Program Files (x86)\testimonial
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2018-04-01 02:00 - 2018-04-01 02:00 - 058809515 _____ C:\Users\Peppe\Downloads\Microsoft Toolkit 2.6.3 Official Torrent.zip
2018-04-01 01:46 - 2018-04-01 01:46 - 000000134 _____ C:\Windows\wininit.ini
2018-04-01 01:44 - 2018-04-01 01:45 - 001797188 _____ C:\Users\Peppe\Downloads\Removewat 2.2.7 pass 123456 (1).rar
2018-04-01 01:10 - 2018-04-01 01:10 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-04-01 00:41 - 2018-04-01 00:41 - 000137728 _____ C:\Windows\inventors.exe
2018-03-31 23:23 - 2018-03-31 23:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-31 23:20 - 2018-03-31 23:20 - 015333512 _____ (Piriform Ltd) C:\Users\Peppe\Downloads\ccsetup541 (1).exe
2018-03-31 22:47 - 2018-03-31 22:52 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Peppe\Downloads\flashplayer29ppau_ha_install.exe
2018-03-31 22:43 - 2018-03-31 22:43 - 000017916 _____ C:\Windows\system32\results.xml
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD.rar
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD (1).rar
2018-03-30 16:05 - 2018-03-31 18:00 - 000000000 ____D C:\Users\Peppe\Desktop\VOD
2018-03-27 03:30 - 2018-03-27 03:30 - 006648319 ____R C:\Users\Peppe\Downloads\Stephen Covey - Le sette abitudini per avere successo.pdf
2018-03-27 03:27 - 2018-03-27 03:28 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\uTorrent
2018-03-27 03:27 - 2018-03-27 03:27 - 000001010 _____ C:\Users\Peppe\Downloads\Stephen R Covey - Le sette regole per avere successo.torrent
2018-03-23 12:28 - 2018-03-23 12:28 - 010269280 _____ C:\Users\Peppe\Desktop\3-Proteine_noanim.pdf
2018-03-18 16:07 - 2018-03-17 21:05 - 000000230 ___SH C:\Users\Public\Libraries.ini
2018-03-18 15:28 - 2018-03-18 15:28 - 032260096 _____ C:\Users\Peppe\Downloads\EpicInstaller-7.5.0-fortnite-c4899f16b6934760a534fe7ec70ae9b2.msi
2018-03-16 20:22 - 2018-03-16 20:22 - 044398486 _____ C:\Users\Peppe\Downloads\V3-Signed_ONE.PIECE.TREASURE.CRUISE_v.8.0.0o.apk
2018-03-16 19:38 - 2018-03-16 19:39 - 085022931 _____ C:\Users\Peppe\Downloads\Monster Legends RPG v6.2.2 FRsigned.apk
2018-03-16 19:32 - 2018-03-16 19:34 - 092931480 _____ C:\Users\Peppe\Downloads\m_l_v.5.0.2_mod_(1).apk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001031 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-15 20:29 - 2018-03-15 20:29 - 020361728 _____ (TeamViewer GmbH) C:\Users\Peppe\Downloads\TeamViewer_Setup.exe
2018-03-15 20:23 - 2018-03-15 20:24 - 020545618 _____ C:\Users\Peppe\Downloads\Summoners War v3.8.0 Mod v3 iHackedit.com.apk
2018-03-15 20:12 - 2018-03-15 20:12 - 000353023 _____ C:\Users\Peppe\Downloads\Office365RoadMap_Features_03-15-2018.xlsx
2018-03-13 03:23 - 2018-03-13 03:23 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Bad Seed SRL
2018-03-07 17:26 - 2018-03-07 17:26 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (3).pdf
2018-03-07 17:25 - 2018-03-07 17:25 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (2).pdf
2018-03-07 17:24 - 2018-03-07 17:24 - 000066208 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento (1).pdf
2018-03-07 15:55 - 2018-03-07 15:56 - 016093512 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.9 Mod iHackedit.com.apk
2018-03-06 22:04 - 2018-03-06 22:04 - 000154837 _____ C:\Users\Peppe\Downloads\ORDINAMENTO VVF.pptx
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Blizzard Entertainment
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2064-01-01 16:45 - 2017-11-16 16:39 - 000000000 ____D C:\ProgramData\eLicenser
2018-04-01 20:48 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 20:48 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 20:40 - 2017-07-11 22:19 - 000000318 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-04-01 20:38 - 2015-04-09 23:40 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-01 20:38 - 2014-10-17 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-01 20:37 - 2016-08-05 17:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-01 20:37 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 19:18 - 2018-01-08 21:33 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Temp
2018-04-01 19:09 - 2009-07-14 06:45 - 005075184 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-01 19:05 - 2014-09-30 15:09 - 000114824 _____ C:\Users\Peppe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-01 19:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-01 18:59 - 2014-09-30 15:38 - 000000000 ____D C:\AMD
2018-04-01 17:21 - 2015-10-01 13:31 - 000000000 ____D C:\Windows\pss
2018-04-01 17:08 - 2015-06-16 16:04 - 000000000 ____D C:\AdwCleaner
2018-04-01 16:23 - 2014-09-30 15:40 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-01 14:54 - 2016-03-22 22:21 - 000000000 ____D C:\Users\Peppe\Documents\ShareX
2018-04-01 14:40 - 2014-09-30 15:57 - 000000000 ____D C:\Users\Peppe\AppData\Local\Adobe
2018-04-01 13:59 - 2017-07-12 00:32 - 000000000 ____D C:\Users\Peppe\AppData\Local\Nox
2018-04-01 12:28 - 2015-01-03 17:22 - 000000000 ____D C:\Users\Peppe\.android
2018-04-01 12:27 - 2017-08-22 13:07 - 000000000 ____D C:\Users\Peppe\.BigNox
2018-04-01 12:27 - 2017-07-12 00:34 - 000000000 ____D C:\Users\Peppe\vmlogs
2018-04-01 06:26 - 2017-08-12 06:38 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2018-04-01 06:25 - 2016-09-16 19:12 - 000000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2018-04-01 06:25 - 2014-11-30 21:39 - 000000000 ____D C:\Program Files (x86)\2eb628ee-7327-4304-bd33-0abb95505b88
2018-04-01 06:25 - 2014-10-01 20:46 - 000000000 ____D C:\Program Files (x86)\Adobe Media Player
2018-04-01 06:06 - 2015-10-23 15:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\TeamViewer
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-01 05:26 - 2017-08-15 08:12 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-01 05:25 - 2018-02-07 21:08 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-01 05:24 - 2018-02-07 21:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-04-01 05:24 - 2014-09-30 16:21 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-01 04:56 - 2016-10-04 18:23 - 000472328 _____ C:\Windows\SysWOW64\win32_hlp
2018-04-01 04:52 - 2009-07-14 12:53 - 000744956 _____ C:\Windows\system32\perfh010.dat
2018-04-01 04:52 - 2009-07-14 12:53 - 000148628 _____ C:\Windows\system32\perfc010.dat
2018-04-01 04:52 - 2009-07-14 07:13 - 001671250 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-01 04:15 - 2015-08-09 05:50 - 000707595 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2018-04-01 03:47 - 2014-10-01 13:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-01 03:29 - 2014-10-01 13:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\DAEMON Tools Lite
2018-04-01 03:29 - 2014-09-30 16:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-01 03:28 - 2015-10-16 20:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashDumps
2018-04-01 02:49 - 2015-10-13 02:02 - 000000000 ____D C:\Program Files (x86)\BDO - English Please
2018-04-01 02:42 - 2017-11-15 00:54 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-01 02:27 - 2017-07-10 12:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-01 02:26 - 2014-09-30 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-01 02:18 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-01 02:16 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-01 02:16 - 2009-07-14 04:34 - 000000408 _____ C:\Windows\win.ini
2018-04-01 02:15 - 2009-07-14 13:19 - 000000000 ____D C:\Windows\ShellNew
2018-04-01 02:15 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-01 01:21 - 2016-02-19 20:10 - 000000000 ____D C:\Program Files\Epic Games
2018-04-01 00:55 - 2014-10-01 13:59 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-01 00:53 - 2016-05-30 00:16 - 000000000 ____D C:\Users\Peppe\Desktop\SoundBoard
2018-04-01 00:53 - 2014-10-02 15:03 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\vlc
2018-04-01 00:52 - 2017-09-07 14:50 - 000001001 _____ C:\Users\Public\Desktop\SoundSwitch.lnk
2018-04-01 00:52 - 2014-10-01 13:32 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-01 00:41 - 2018-01-14 23:39 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-04-01 00:41 - 2017-12-08 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-04-01 00:41 - 2017-09-16 14:22 - 000000000 ____D C:\ProgramData\GOG.com
2018-04-01 00:21 - 2014-10-17 19:37 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TeamViewer
2018-04-01 00:21 - 2014-10-01 13:57 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TS3Client
2018-04-01 00:21 - 2014-10-01 13:32 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\uTorrent
2018-04-01 00:05 - 2015-05-03 13:48 - 000000000 ____D C:\Windows\Minidump
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\Program Files\CCleaner
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\Program Files\ShareX
2018-03-31 22:43 - 2015-12-14 13:29 - 000000000 __SHD C:\Users\Peppe\IntelGraphicsProfiles
2018-03-31 22:36 - 2014-09-30 15:12 - 000000000 ____D C:\Intel
2018-03-30 22:42 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Spotify
2018-03-30 18:27 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Local\Spotify
2018-03-30 04:46 - 2017-07-11 22:19 - 000003302 _____ C:\Windows\System32\Tasks\iToolsDaemon
2018-03-30 04:46 - 2015-12-03 17:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-30 04:46 - 2014-12-25 13:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 04:46 - 2014-10-01 13:32 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 04:46 - 2014-09-30 15:26 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 04:46 - 2014-09-30 15:26 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-30 02:02 - 2017-06-15 22:26 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\discord
2018-03-21 20:44 - 2014-11-22 23:34 - 000000000 ____D C:\Users\Peppe\AppData\Local\ElevatedDiagnostics
2018-03-21 03:13 - 2014-09-30 15:27 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 16:02 - 2017-05-20 03:54 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\EasyAntiCheat
2018-03-18 16:02 - 2016-02-18 15:35 - 000000000 ____D C:\Users\Peppe\AppData\Local\UnrealEngine
2018-03-18 01:58 - 2016-07-16 04:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\YoloMouse
2018-03-17 20:07 - 2017-05-14 15:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Mozilla
2018-03-17 16:20 - 2017-09-07 14:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\Program Files\SoundSwitch
2018-03-17 01:42 - 2014-10-09 20:13 - 000000000 ____D C:\Users\Peppe\AppData\Local\Battle.net
2018-03-17 01:40 - 2014-10-09 20:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-14 19:13 - 2009-07-14 07:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-13 01:25 - 2015-07-18 22:11 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-03-13 01:06 - 2015-01-11 22:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-02 23:30 - 2015-08-04 18:26 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2009-04-03 13:09 - 2009-04-03 13:09 - 000142152 _____ (Microsoft Corporation) C:\Users\Peppe\oarpman.exe
2014-11-30 00:20 - 2014-11-30 00:20 - 000835843 _____ () C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx
2015-07-09 00:35 - 2015-07-09 00:35 - 000000050 _____ () C:\Users\Peppe\AppData\Roaming\Camdata.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamLayout.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamShapes.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000004521 _____ () C:\Users\Peppe\AppData\Roaming\CamStudio.cfg
2015-08-07 19:28 - 2015-08-08 15:48 - 000099384 _____ () C:\Users\Peppe\AppData\Roaming\inst.exe
2015-08-07 19:28 - 2015-08-08 15:48 - 000007859 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.cat
2015-08-07 19:28 - 2015-08-08 15:48 - 000001167 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.inf
2015-08-07 19:28 - 2015-08-08 15:48 - 000000055 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.log
2015-08-07 19:28 - 2015-08-08 15:48 - 000082816 _____ (VSO Software) C:\Users\Peppe\AppData\Roaming\pcouffin.sys
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-10 15:41 - 2014-11-10 15:41 - 000001153 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-30 03:36 - 2014-12-20 16:41 - 000000682 _____ () C:\Users\Peppe\AppData\Roaming\SpeedRunnersLog.txt
2015-08-07 19:27 - 2015-08-08 15:21 - 000001059 _____ () C:\Users\Peppe\AppData\Roaming\vso_ts_preview.xml
2014-11-30 22:27 - 2016-12-27 23:58 - 000000600 _____ () C:\Users\Peppe\AppData\Roaming\winscp.rnd
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ () C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ () C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2017-01-25 17:54 - 2017-01-25 22:20 - 000000072 _____ () C:\Users\Peppe\AppData\Local\MamaToGo.txt
2017-08-20 12:43 - 2017-08-20 12:43 - 000000882 _____ () C:\Users\Peppe\AppData\Local\Nox_crash.log
2017-01-25 17:38 - 2017-01-25 22:20 - 000000020 _____ () C:\Users\Peppe\AppData\Local\PapaToGo.txt
2015-04-18 13:35 - 2015-04-18 13:35 - 000000000 _____ () C:\Users\Peppe\AppData\Local\{45FD1050-0D15-4B13-8C02-0B27F8613971}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-30 17:10

==================== End of FRST.txt ============================

forse non è meglio fare i log all'avvio con il malware aperto ? perche questi log li ho fatti con il processo terminato !

R16 · 1 Aprile 2018

Salve
Per cortesia posta il log di roguekiller.

LupoVelenos · 1 Aprile 2018

R16 ha detto:
Salve
Per cortesia posta il log di roguekiller.

Procedo, ci vorrà un po', stanotte la sua scan è durata 2 orette xD

R16 · 1 Aprile 2018

LupoVelenos ha detto:
Procedo, ci vorrà un po', stanotte la sua scan è durata 2 orette xD

La scansione hai detto di averla già fatta.
Posta solo il log che ha rilasciato.

LupoVelenos · 1 Aprile 2018

R16 ha detto:
La scansione hai detto di averla già fatta.
Posta solo il log che ha rilasciato.

ok non riuscivo ad accedere al log
eccolo

RogueKiller V12.12.10.0 (x64) [Mar 26 2018] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniziato in : Modalità Normale
Utente : Peppe [Amministratore]
Iniziato da : C:\Program Files\RogueKiller\RogueKiller64.exe
Modalità : Cancella -- Data : 04/01/2018 12:19:18 (Durata : 02:10:29)

¤¤¤ Processi : 3 ¤¤¤
[Proc.Injected] svchost.exe(3100) -- C:\Windows\SysWOW64\svchost.exe[7] -> [NoKill]
[Proc.RunPE] SearchProtocolHost.exe(5508) -- C:\Windows\System32\SearchProtocolHost.exe[7] -> [NoKill]
[VT.Detected] waysot.dll(1984) -- C:\Users\Peppe\AppData\Local\waysot.dll[-] -> Trovato

¤¤¤ Registro : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012} | DhcpNameServer : 172.20.10.1 ([]) -> Non selezionato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0454318D-3FE4-4FA8-8931-A99D8A27EF22} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Non selezionato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C18AFBE-A306-4DFA-A461-CB98423960B5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Non selezionato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0454318D-3FE4-4FA8-8931-A99D8A27EF22} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Non selezionato
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C18AFBE-A306-4DFA-A461-CB98423960B5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Non selezionato
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non selezionato
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non selezionato

¤¤¤ Attività : 1 ¤¤¤
[PUP.HackTool|VT.Detected] \AutoKMSCustom -- C:\Windows\AutoKMS\AutoKMS.exe -> Cancellato

¤¤¤ Archivi : 21 ¤¤¤
[PUP.HackTool][Cartella] C:\Windows\AutoKMS -> Cancellato
[PUP.HackTool][Archivio] C:\Windows\AutoKMS\AutoKMS.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Cancellato
[PUP.uTorrentAds][Archivio] C:\Users\Peppe\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Cancellato
[Adw.Syncopate][Cartella] C:\Users\Peppe\AppData\Local\THORN -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\7za.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\CoreX86.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\icudt53.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\icuin53.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\icuuc53.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\languages\thorn_en.qm -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\languages\thorn_ru.qm -> Cancellato
[Adw.Syncopate][Cartella] C:\Users\Peppe\AppData\Local\THORN\languages -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\libeay32.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\libEGL.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\libGLESv2.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\msvcp100.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\msvcr100.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\platforms\qwindows.dll -> Cancellato
[Adw.Syncopate][Cartella] C:\Users\Peppe\AppData\Local\THORN\platforms -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Qt5Core.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Qt5Gui.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Qt5Network.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Qt5Widgets.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Qt5Xml.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\QtSolutions_Service-head.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\ssleay32.dll -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\Thorn.exe -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\ThornHelper.exe -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\uninstgnautils.dll -> Cancellato
[Adw.Syncopate][Cartella] C:\Users\Peppe\AppData\Local\THORN\update -> Cancellato
[Adw.Syncopate][Archivio] C:\Users\Peppe\AppData\Local\THORN\UpdateSystemX86.dll -> Cancellato
[Tr.Gen0][Archivio] C:\Users\Peppe\Pictures\Adware-Removal-Tool-v3.9.1.exe -> Cancellato
[Tr.Gen0][Archivio] C:\Users\Peppe\Pictures\RocketDock-v1.3.5.exe -> Cancellato
[Tr.Gen0][Archivio] C:\Users\Peppe\Pictures\winscp556setup.exe -> Cancellato

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 4 ¤¤¤
[PUP.Gen2][Firefox:Addon] s1qci7f5.default : ???????? ???????? Mail.Ru [homepage@mail.ru] -> Non selezionato
[PUP.Gen2][Firefox:Addon] s1qci7f5.default : ?????@Mail.Ru [search@mail.ru] -> Non selezionato
[PUP.Gen2][Firefox:Addon] s1qci7f5.default : ?????????? ???????? @Mail.Ru [{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}] -> Non selezionato
[PUM.HomePage][Firefox:Config] s1qci7f5.default : user_pref("browser.startup.homepage", "https://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000"); -> Non selezionato

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00L4HB0 SCSI Disk Device +++++
--- User ---
[MBR] 7c73ac60e09df3387fd5d19587117fbf
[BSP] e691f5015521dc5d1ab995c511a756af : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

R16 · 1 Aprile 2018

Segui queste istruzioni:
Disinstalla completamente Chrome. (è infetto)
Per la disinstallazione corretta:
Disinstallare google chrome da Programmi e funzionalità.
Nella finestra che si apre, metti il segno di spunta accanto alla voce "Eliminare anche i tuoi dati di navigazione"?
Clicca sul pulsante Disinstalla per eliminare sia Chrome che la cronologia del browser dal PC.
Se vuoi salvare i Segnalibri PRIMA della disinstallazione:
Come salvare i preferiti/segnalibri di Chrome:
https://support.google.com/chrome/answer/96816?hl=it

Fai un Ripristino di Firefox: (anche se non lo usi)
https://support.mozilla.org/it/kb/funzione-ripristino-firefox

Per ultimo:
Scarica questo file sul desktop: (dove si trova FRST)
http://wikisend.com/download/457910/fixlist.txt
Avvia FRST e clicca su FIX.
Attendi la fine della scansione.
Se il pc non si riavvia da solo, lo devi riavviare tu.
Posta il file fixlog.txt.
Fai sapere come funziona il pc.

LupoVelenos · 1 Aprile 2018

R16 ha detto:
Segui queste istruzioni:
Disinstalla completamente Chrome. (è infetto)
Per la disinstallazione corretta:
Disinstallare google chrome da Programmi e funzionalità.
Nella finestra che si apre, metti il segno di spunta accanto alla voce "Eliminare anche i tuoi dati di navigazione"?
Clicca sul pulsante Disinstalla per eliminare sia Chrome che la cronologia del browser dal PC.
Se vuoi salvare i Segnalibri PRIMA della disinstallazione:
Come salvare i preferiti/segnalibri di Chrome:
https://support.google.com/chrome/answer/96816?hl=it

Fai un Ripristino di Firefox: (anche se non lo usi)
https://support.mozilla.org/it/kb/funzione-ripristino-firefox

Per ultimo:
Scarica questo file sul desktop: (dove si trova FRST)
http://wikisend.com/download/457910/fixlist.txt
Avvia FRST e clicca su FIX.
Attendi la fine della scansione.
Se il pc non si riavvia da solo, lo devi riavviare tu.
Posta il file fixlog.txt.
Fai sapere come funziona il pc.

Ripristinato Mozilla
Disinstallato Chrome
Applicato il Fix
Riavvio
Non si presenta più il processo Cadavers.exe

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 21:54:26) Run:2
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe & Administrator (Available Profiles: Peppe & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0ab1aa23-1432-11e5-ac98-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0c848b72-d75e-11e7-98ea-00ac31a303cd} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {3ae279b5-f628-11e4-9c0a-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {58ce6838-f2d4-11e7-8e9d-00ac31a303cd} - H:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {9c599feb-1b35-11e5-90f3-10c37b50a90d} - G:\stp-fifa18.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {beab5097-c1bc-11e7-8195-00ac31a303cd} - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {e1a26777-41b7-11e5-aca0-10c37b50a90d} - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {f8d5210f-cc95-11e7-aed9-00ac31a303cd} - G:\setup.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2018-04-01 00:41 - 2017-09-16 14:22 - 000000000 ____D C:\ProgramData\GOG.com
2014-11-30 00:20 - 2014-11-30 00:20 - 000835843 _____ () C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{66007900-6900-6800-6200-470032003600} [192]
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} [748]
AlternateDataStreams: C:\Users\Peppe:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\sony.com -> sony.com
C:\Users\Peppe\AppData\Local\Cadavers.exe
hosts:
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ab1aa23-1432-11e5-ac98-10c37b50a90d}" => removed successfully
HKLM\Software\Classes\CLSID\{0ab1aa23-1432-11e5-ac98-10c37b50a90d} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c848b72-d75e-11e7-98ea-00ac31a303cd}" => removed successfully
HKLM\Software\Classes\CLSID\{0c848b72-d75e-11e7-98ea-00ac31a303cd} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ae279b5-f628-11e4-9c0a-10c37b50a90d}" => removed successfully
HKLM\Software\Classes\CLSID\{3ae279b5-f628-11e4-9c0a-10c37b50a90d} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58ce6838-f2d4-11e7-8e9d-00ac31a303cd}" => removed successfully
HKLM\Software\Classes\CLSID\{58ce6838-f2d4-11e7-8e9d-00ac31a303cd} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c599feb-1b35-11e5-90f3-10c37b50a90d}" => removed successfully
HKLM\Software\Classes\CLSID\{9c599feb-1b35-11e5-90f3-10c37b50a90d} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beab5097-c1bc-11e7-8195-00ac31a303cd}" => removed successfully
HKLM\Software\Classes\CLSID\{beab5097-c1bc-11e7-8195-00ac31a303cd} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1a26777-41b7-11e5-aca0-10c37b50a90d}" => removed successfully
HKLM\Software\Classes\CLSID\{e1a26777-41b7-11e5-aca0-10c37b50a90d} => not found
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8d5210f-cc95-11e7-aed9-00ac31a303cd}" => removed successfully
HKLM\Software\Classes\CLSID\{f8d5210f-cc95-11e7-aed9-00ac31a303cd} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\System\CurrentControlSet\Services\ihctrl32" => removed successfully
ihctrl32 => service removed successfully
"HKLM\System\CurrentControlSet\Services\Mobizen plugin" => removed successfully
Mobizen plugin => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va020" => removed successfully
X6va020 => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va021" => removed successfully
X6va021 => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va029" => removed successfully
X6va029 => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va031" => removed successfully
X6va031 => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va063" => removed successfully
X6va063 => service removed successfully
"HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully
xhunter1 => service removed successfully
C:\ProgramData\GOG.com => moved successfully
C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\Tasks\iToolsDaemon.job => moved successfully
C:\Program Files (x86)\Desktop-Reminder 2 => ":{66007900-6900-6800-6200-470032003600}" ADS removed successfully
C:\Program Files (x86)\Desktop-Reminder 2 => ":{67005600-3500-4800-7000-70004A006400}" ADS removed successfully
C:\Users\Peppe => ":Heroes & Generals" ADS removed successfully
C:\Users\Peppe\Documents\Certificato.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Peppe\Documents\Certificato.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Peppe\Documents\DOC.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Peppe\Documents\DOC.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => removed successfully
"HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => removed successfully
C:\Users\Peppe\AppData\Local\Cadavers.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6489285 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9236 B
Edge => 0 B
Chrome => 241604301 B
Firefox => 42305636 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Peppe => 3645040 B
Administrator => 0 B

RecycleBin => 25996870 B
EmptyTemp: => 305.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:55:47 ====

Provo a reinstallare chrome!

R16 · 1 Aprile 2018

Ultima operazione che serve per eliminare i vari software installati:
Scarica Delfix sul desktop:
https://toolslib.net/downloads/viewdownload/2-delfix/
Metti la spunta solo sul tag "Remove disinfection tools"(dovrebbe essere selezionata di default)
Clicca "Run".
Aspetta pazientemente che vengano eseguite le eliminazioni .
Il pc si riavvierà oppure ti chiederà il riavvio.
Il report verrà salvato negli appunti e sul disco rigido (C:\DelFix.txt).
Non serve postarlo.
Delfix si auto-eliminerà al riavvio.
Se il pc funziona bene, abbiamo concluso.

LupoVelenos · 1 Aprile 2018

Tutto sembra tornat alla normalità Grazie a tutti del supporto ! Siete stati eccezionali ! :thanks:

Blume. · 1 Aprile 2018

Ottimo supporto...grandi.

Cerca

RISOLTO Malware Cadavers!

LupoVelenos

Nuovo Utente

.MaxTechnology

Nuovo Utente

LupoVelenos

Nuovo Utente

R16

LupoVelenos

Nuovo Utente

R16

LupoVelenos

Nuovo Utente

R16

LupoVelenos

Nuovo Utente

R16

LupoVelenos

Nuovo Utente

Blume.

Moderatore

Ci sono discussioni simili a riguardo, dai un'occhiata!

Entra

Discussioni Simili