Strano comportamento comodo e voce adwcleaner

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » ven feb 08, 2019 7:41 pm

Oggi di punto in bianco quando vado ad avviare chrome mi esce questa finestra di comodo:
Immagine

gli dico di mantenere le impostazioni e tutto ila liscio, poi se chiudo e riapro il browser idem,ho provato ad aprire firefox e opera ma con loro non succede nulla.
Allora ho lanciato per curiosità adwcleaner e mi appare questo "PUP.Optional.Legacy Chrome Cleaner Pro" e quando gli dico di eliminarlo, il report mi dice failed, ora siccome avevo un vecchio log, c'è l'ho da un pò di tempo sto coso, adesso non so se sono correlati il comportamento di comodo e questa voce, ho anche scansionato con:

Spybot: nn ha rilevato nulla
Kasepersky: non ha rilevato nulla
Malware byte's : mi ha trovato queste due voci che ho fatto mettere in quarantena(segue foto)
Immagine

Ho pensato che il problema sia il browser, ho lanciato il cerca software dannoso da chrome, nessun rilevamento, ed in più ho ripristinato chrome alle impostazioni base, ma il comportamento di comodo rimane lo stesso.

adesso?? sono infetto? come faccio a far eliminare questo chrome cleaner pro? Non lo vedo da nessuna parte nel pc, e come faccio a caprie se comodo e questa cosa sono correlate??
Notebook: WINDOWS 10 64 Bit

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da System » ven feb 08, 2019 7:41 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » ven feb 08, 2019 8:21 pm

sexirutto ha scritto:
ven feb 08, 2019 7:41 pm
Oggi di punto in bianco quando vado ad avviare chrome mi esce questa finestra di comodo:
Ogni tanto esce anche a me.
Puoi postare il tuo log di adwcleaner più aggiornato?
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » ven feb 08, 2019 9:11 pm

Codice: Seleziona tutto

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-08-2019
# Duration: 00:00:15
# OS:       Windows 10 Home
# Scanned:  31844
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             Chrome Cleaner Pro

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1256 octets] - [25/04/2018 11:57:57]
AdwCleaner[C00].txt - [1361 octets] - [25/04/2018 11:58:49]
AdwCleaner[S01].txt - [1386 octets] - [30/01/2019 09:30:36]
AdwCleaner[C01].txt - [1552 octets] - [30/01/2019 09:30:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 11:04 am

sexirutto ha scritto:
ven feb 08, 2019 9:11 pm
****
Log inutile, non dice nulla.

Mi sembra che tu abbia provato quasi tutto ormai.
https://malwaretips.com/blogs/remove-pu ... al-legacy/

E' questo il tuo problema?
https://forums.malwarebytes.com/topic/2 ... t-go-away/
Hai dei motori di ricerca di troppo?
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 12:52 pm

No motori ddi ricerca in più non ne ho, lo rileva solo adwcleaner, malwarebytes non rileva questo pup, hitman pro non mi ha ha rilevato altre cose ma nn nocive, sinceramente non so cosa pensare , perchè poi non appare da nessun altra parte questa cosa....il problema è simile, provo a vedere se riesco a fare qualcosa.
provo anche zemana antimalware come scansione, anche se credo non serva a molto, stavo pensando di cercare qualcosa che azzeri la policy di chrome.
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 1:08 pm

Zemana mi ha trovato questo:
Immagine

la cosa strana è che ccleaner lo trova come virus, nel dubbio ho fatto riparare firefox e messo in quarantena cclener.
adesso disinstallo ccleaner.
poi stavo pensando di disintallare chrome e reinstallarlo.
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 1:15 pm

sexirutto ha scritto:
sab feb 09, 2019 1:08 pm
poi stavo pensando di disintallare chrome e reinstallarlo.
Mi sembra che ci abbiano già provato e non risolva.
Io andrei verso una falsa, o esagerata, rilevazione di adwcleaner.
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 2:09 pm

Io andrei verso una falsa, o esagerata, rilevazione di adwcleaner.
lo stavo pensando pure io. adesso faccio altri controlli e vedo un pò.
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 4:07 pm

Disinstallando chrome ed avviando adwcleaner quel pup nonappare, quindi è legato a chrome, appena reinstallo chrome e lancio adwcleaner questo pup riappare, stavo leggendo in un altro forum che hanno risolto con farbar, io appunto non lo so usare, l'ho lanciato tanto per vedere se vi fosse qualcosa ,ma non so quale stringa dovrei trovare.

questo mi appare quando non ho chrome installato
Immagine
però ho ingnorato quell'avviso, per ora non tocco altro.
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 4:44 pm

sexirutto ha scritto:
sab feb 09, 2019 4:07 pm
stavo leggendo in un altro forum che hanno risolto con farbar
Puoi postare il log della sua scansione e anche il link della discussione così leggo cosa avrebbero trovato?
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 4:49 pm

https://forum.tomshw.it/threads/estensi ... 703/page-2

il log è in allegato, nel post di li
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 4:57 pm

sexirutto ha scritto:
sab feb 09, 2019 4:49 pm
il log è in allegato, nel post di li
Ho scritto sua, ma volevo dire la tua scansione :acch
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 5:15 pm

Ho scritto sua, ma volevo dire la tua scansione :acch
ma anche io che nn ho capito :D il primo è il FRST il secondo è ADDITION, Non sapevo come allegare il txt...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Gianluca (administrator) on GLS-NOTEBOOK (09-02-2019 15:58:37)
Running from C:\Users\Gianluca\Desktop
Loaded Profiles: Gianluca (Available Profiles: Gianluca)
Platform: Windows 10 Home Version 1809 17763.253 (X64) Language: Italiano (Italia)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Tempo Semiconductor Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\wmi64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\wmi64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072648 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3282000 2019-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-09] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3d40ee2f-e598-4705-a586-4b4ee1d93219}: [NameServer] 10.133.16.210 10.132.100.212
Tcpip\..\Interfaces\{56f94e0d-f7c6-4571-8616-f1e7edf73143}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{846890c2-ebf8-4a22-8643-bd104d771f5d}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3053400165-3691748969-558033575-1001 -> hxxps://www.bing.com/
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-01-09]

FireFox:
========
FF DefaultProfile: vy0mls18.default-1520724599848
FF ProfilePath: C:\Users\Gianluca\AppData\Roaming\Mozilla\Firefox\Profiles\vy0mls18.default-1520724599848 [2019-02-09]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-11-08]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-09] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.virgilio.it/
CHR StartupUrls: Default -> "hxxp://www.virgilio.it/"
CHR Profile: C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Documenti) - C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-09]
CHR Extension: (WOT: Web of Trust, valutazioni della reputazione dei siti web) - C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-02-09]
CHR Extension: (uBlock Origin) - C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-09]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2019-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

Opera:
=======
OPR Extension: (uBlock Origin) - C:\Users\Gianluca\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-11-14]
OPR Extension: (uBlock Origin) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll []

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] (Intel(R) Software Development Products -> )
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199816 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-02-09] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350224 2015-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Tempo Semiconductor Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830488 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17944 2018-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [832032 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50768 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (Kaspersky Lab -> AO Kaspersky Lab)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUBAKUP0; C:\WINDOWS\system32\drivers\EUBAKUP0.sys [73448 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EUBKMON0; C:\WINDOWS\system32\drivers\EUBKMON0.sys [53504 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUFDDISK0; C:\WINDOWS\system32\drivers\EUFDDISK0.sys [341760 2018-10-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-09-15] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [3802024 2018-01-02] (Intel(R) pGFX -> Intel Corporation)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [134400 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [463112 2015-08-21] (Intel Corporation - Client Components Group -> Intel(R) Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit Information Technology -> IObit)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-13] (Comodo Security Solutions, Inc. -> COMODO)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [38896 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [119904 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058616 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [238528 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2018-11-09] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [289856 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [110640 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [193168 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-21] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336 2015-09-04] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [561680 2015-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Tempo Semiconductor Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2017-04-27] (Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-09] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-02-09] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-02-09] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 15:58 - 2019-02-09 15:59 - 000025348 _____ C:\Users\Gianluca\Desktop\FRST.txt
2019-02-09 15:58 - 2019-02-09 15:58 - 000000000 ____D C:\FRST
2019-02-09 15:52 - 2019-02-09 15:52 - 002434048 _____ (Farbar) C:\Users\Gianluca\Desktop\FRST64.exe
2019-02-09 15:20 - 2019-02-09 15:20 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-02-09 15:19 - 2019-02-09 15:19 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-09 15:16 - 2019-02-09 15:17 - 033492536 _____ C:\Users\Gianluca\Downloads\RogueKiller_portable64.exe
2019-02-09 14:57 - 2019-02-09 14:57 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-09 14:57 - 2019-02-09 14:57 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-09 14:56 - 2019-02-09 14:56 - 000003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-09 14:56 - 2019-02-09 14:56 - 000003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-09 14:55 - 2019-02-09 14:55 - 001136176 _____ (Google Inc.) C:\Users\Gianluca\Downloads\ChromeSetup.exe
2019-02-09 14:52 - 2019-02-09 14:53 - 007316688 _____ (Malwarebytes) C:\Users\Gianluca\Downloads\adwcleaner_7.2.7.0.exe
2019-02-09 12:59 - 2019-02-09 15:59 - 000099547 _____ C:\WINDOWS\ZAM.krnl.trace
2019-02-09 12:59 - 2019-02-09 15:59 - 000034947 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-09 12:59 - 2019-02-09 12:59 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-02-09 12:59 - 2019-02-09 12:59 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-02-09 12:58 - 2019-02-09 12:59 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2019-02-09 12:58 - 2019-02-09 12:58 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-02-09 12:58 - 2019-02-09 12:58 - 000000000 ____D C:\Users\Gianluca\AppData\Local\Zemana
2019-02-09 12:58 - 2019-02-09 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-02-08 15:56 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190208-155640.backup
2019-02-05 16:54 - 2019-02-05 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-02-05 16:54 - 2019-02-05 16:54 - 000000000 ____D C:\Program Files\qBittorrent
2019-01-22 12:53 - 2018-05-23 06:06 - 000017944 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2019-01-15 18:08 - 2019-01-15 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPAC
2019-01-15 18:08 - 2019-01-15 18:08 - 000000000 ____D C:\Program Files\GPAC
2019-01-12 14:07 - 2019-01-12 14:07 - 000004096 ___SH C:\{31E3B9BD-F306-4772-B752-4A9C7D2E19AD}.CBM
2019-01-12 13:42 - 2019-01-12 13:42 - 000452608 ___SH C:\EUMONBMP.SYS
2019-01-12 13:42 - 2019-01-12 13:42 - 000000000 ____D C:\WINDOWS\system32\config\regsave

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 15:57 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 15:56 - 2018-11-14 18:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-09 15:56 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-09 15:56 - 2018-02-09 18:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-09 15:56 - 2017-08-13 19:44 - 000000000 __SHD C:\Users\Gianluca\IntelGraphicsProfiles
2019-02-09 15:54 - 2018-11-08 21:32 - 000000000 ____D C:\Users\Gianluca\AppData\Local\D3DSCache
2019-02-09 15:47 - 2017-08-15 22:18 - 000000000 ____D C:\Users\Gianluca\AppData\Local\CrashDumps
2019-02-09 14:57 - 2017-08-13 23:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-09 14:54 - 2018-11-14 18:41 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-02-09 14:54 - 2018-11-14 18:40 - 001756400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-09 14:54 - 2018-09-15 17:58 - 000781180 _____ C:\WINDOWS\system32\perfh010.dat
2019-02-09 14:54 - 2018-09-15 17:58 - 000146354 _____ C:\WINDOWS\system32\perfc010.dat
2019-02-09 14:54 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-02-09 14:45 - 2018-11-14 18:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-09 14:11 - 2018-11-14 18:30 - 000000000 ____D C:\Users\Gianluca
2019-02-09 10:17 - 2017-08-15 21:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-09 10:17 - 2017-08-15 21:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-09 01:58 - 2017-08-13 23:08 - 000000000 ____D C:\Users\Gianluca\AppData\Roaming\KeePass
2019-02-08 19:33 - 2017-08-15 21:52 - 000000000 ____D C:\Users\Gianluca\AppData\LocalLow\Mozilla
2019-02-08 19:33 - 2017-08-15 21:51 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-08 12:50 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 12:50 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-08 12:49 - 2018-11-08 13:34 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 11:33 - 2017-08-16 21:01 - 000000000 ____D C:\Program Files\Opera
2019-02-06 01:59 - 2018-09-15 07:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-02-05 17:36 - 2017-09-09 17:43 - 000000000 ____D C:\Users\Gianluca\Documents\Preferiti chrome
2019-02-05 17:00 - 2017-12-20 22:15 - 000000000 ____D C:\Users\Gianluca\AppData\Roaming\qBittorrent
2019-02-03 23:57 - 2017-08-14 20:34 - 000000000 ____D C:\Users\Gianluca\AppData\Roaming\AIMP
2019-02-03 23:36 - 2017-11-08 14:33 - 000000000 ____D C:\Users\Gianluca\AppData\Local\PlaceholderTileLogoFolder
2019-02-03 21:19 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-03 21:17 - 2018-11-09 22:17 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-02 22:40 - 2017-10-24 14:31 - 000000000 ____D C:\Users\Gianluca\AppData\Local\Packages
2019-02-02 14:01 - 2018-01-10 02:07 - 000000132 _____ C:\Users\Gianluca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2019-01-27 10:31 - 2018-03-13 18:09 - 000000000 ____D C:\Users\Gianluca\Documents\Pane e angeli
2019-01-27 10:31 - 2017-08-15 22:24 - 000000000 ___RD C:\Users\Gianluca\Documents\Documenti Vari
2019-01-27 10:29 - 2017-08-14 01:14 - 000000000 ___RD C:\Prog USB
2019-01-26 14:12 - 2018-11-14 18:41 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3053400165-3691748969-558033575-1001
2019-01-26 14:12 - 2018-11-14 18:30 - 000002430 _____ C:\Users\Gianluca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-26 14:12 - 2017-08-13 18:25 - 000000000 ___RD C:\Users\Gianluca\OneDrive
2019-01-23 20:21 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-22 12:53 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-22 11:46 - 2018-03-20 13:21 - 000005332 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2019-01-22 11:45 - 2018-11-14 18:41 - 000003140 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2019-01-22 11:45 - 2017-08-13 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-01-11 14:18 - 2018-11-14 18:41 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1502913746
2019-01-11 14:18 - 2017-08-16 21:02 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2019-01-10 23:05 - 2017-08-13 23:06 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2019-01-10 23:05 - 2017-08-13 23:06 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2019-01-10 19:48 - 2017-08-13 19:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-10 19:45 - 2017-08-13 19:50 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2018-03-25 17:44 - 2018-03-25 17:44 - 000000132 _____ () C:\Users\Gianluca\AppData\Roaming\Adobe BMP Format CS5 Prefs
2018-01-10 02:07 - 2019-02-02 14:01 - 000000132 _____ () C:\Users\Gianluca\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-12-20 22:51 - 2017-12-23 00:23 - 000000034 _____ () C:\Users\Gianluca\AppData\Roaming\AdobeWLCMCache.dat
2018-11-28 21:29 - 2018-11-28 21:29 - 000000132 _____ () C:\Users\Gianluca\AppData\Roaming\Preferenze filtro Adobe Esporta tracciati CS5
2017-12-20 22:57 - 2017-12-20 22:58 - 319553372 _____ () C:\Users\Gianluca\AppData\Local\ACCCx4_3_0_256.zip.aamdownload
2017-12-20 22:57 - 2017-12-20 22:58 - 000003567 _____ () C:\Users\Gianluca\AppData\Local\ACCCx4_3_0_256.zip.aamdownload.aamd
2017-09-30 22:13 - 2018-03-31 16:32 - 000001456 _____ () C:\Users\Gianluca\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs
2018-01-26 21:34 - 2018-01-26 21:34 - 000003584 _____ () C:\Users\Gianluca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-21 17:12 - 2017-08-21 17:12 - 000000001 _____ () C:\Users\Gianluca\AppData\Local\llftool.4.12.agreement
2018-11-28 21:44 - 2018-11-28 21:44 - 000004664 _____ () C:\Users\Gianluca\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Gianluca (09-02-2019 16:00:44)
Running from C:\Users\Gianluca\Desktop
Windows 10 Home Version 1809 17763.253 (X64) (2018-11-14 17:42:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3053400165-3691748969-558033575-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3053400165-3691748969-558033575-503 - Limited - Disabled)
Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001 - Administrator - Enabled) => C:\Users\Gianluca
Guest (S-1-5-21-3053400165-3691748969-558033575-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3053400165-3691748969-558033575-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - )
All PDF Converter Pro (HKLM-x32\...\{B8036B88-4488-4260-A1DA-283A9B2D8D20}) (Version: 4.2.2.1 - PDFConverters)
Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
COMODO Firewall (HKLM\...\{B8984934-ED63-43B4-B1CF-B3928B55F05D}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.)
EaseUS Todo Backup Free 11.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.5 - CHENGDU YIWO Tech Development Co., Ltd)
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version: - )
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.447691.139 - Comodo)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
KeePass Password Safe 2.41 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.41 - Dominik Reichl)
Kingston SSD Manager version 1.1.0.5 (HKLM-x32\...\{9A5DD901-0B98-4F2B-9421-B5975014184F}_is1) (Version: 1.1.0.5 - Kingston Digital, Inc)
Kingston SSD Toolbox (C:\Program Files (x86)\Kingston SSD Toolbox) (HKLM-x32\...\Kingston SSD Toolbox) (Version: 1.0.0.0 - Kingston)
LibreOffice 6.0 Help Pack (Italian) (HKLM\...\{ADDE04D8-1E80-4447-98AA-EC264859DCD6}) (Version: 6.0.3.2 - The Document Foundation)
LibreOffice 6.1.3.2 (HKLM\...\{70F02214-8FF6-48DF-AF3E-7D1A5F7A6BAC}) (Version: 6.1.3.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - it-it (HKLM\...\ProPlus2019Retail - it-it) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Project Professional 2019 - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Project Professional 2019 - it-it (HKLM\...\ProjectPro2019Retail - it-it) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Visio Professional 2019 - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Visio Professional 2019 - it-it (HKLM\...\VisioPro2019Retail - it-it) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 it) (HKLM\...\Mozilla Firefox 64.0.2 (x64 it)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Opera Stable 57.0.3098.116 (HKLM-x32\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
Pacchetto driver Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.6 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.02.02.6400 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.01.0002 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.6.6401 - Toshiba Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.35 - TOSHIBA Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{91684B6D-153D-4C12-B6B1-59F7496BE44A}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vegas Pro 9.0 (HKLM-x32\...\{DC785DB7-D389-48C3-B146-96FE99BF4E2B}) (Version: 9.0.563 - Sony)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3053400165-3691748969-558033575-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll ()
CustomCLSID: HKU\S-1-5-21-3053400165-3691748969-558033575-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-02-09] (Zemana Ltd. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-02-09] (Zemana Ltd. -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-11-08] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {28DDD338-0862-4797-A36E-4FD235C8A354} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {2EEDA5D0-3FFC-4A56-93A3-8AFF20EC9B94} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {30EC6995-3906-460B-92BC-0AF9543CF310} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {39D51EC7-FAAF-48E1-AEEC-62F3076453C3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-gurugls@hotmail.it => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {3F18B0FD-CD5F-4C1E-84EF-FC09E5098A2D} - System32\Tasks\Uninstaller_SkipUac_Gianluca => C:\Prog USB\Utility PC\Disinstallatori e file\IObitUninstallerPortable\App\uninstaller\IObitUninstaler.exe [2015-08-24] (IObit Information Technology -> IObit)
Task: {4227ECC9-F3E3-4E98-BF22-F53DE87D9087} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-09] (Google Inc -> Google Inc.)
Task: {42BD345C-7B21-41E5-A941-E03392A43254} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {49AE1068-ADD7-40F5-A162-C9196218677B} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {52FA9EB6-B4F4-4471-800C-A256E893DB97} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {590A80B0-DDDB-4915-BBE9-DB731FEFCD45} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {5937EE06-6EB3-4F69-9AA3-A389ABEAC40D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {652DBAD8-019D-4E24-B193-9BE2B6E5A153} - System32\Tasks\S-1-5-21-3053400165-3691748969-558033575-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {9153137E-B689-4A13-B72D-A9A7A0D6B08B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {9870D1A0-3275-4894-A586-6961DA35023B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1FC6030-BAB1-4174-88FD-02B971F6945B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-09] (Google Inc -> Google Inc.)
Task: {A56D491F-1921-45F8-BE44-FAD5F8155D3D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAE48835-D8E2-421A-AD25-FEA43AC27437} - System32\Tasks\Opera scheduled Autoupdate 1502913746 => C:\Program Files\Opera\launcher.exe [2019-01-09] (Opera Software AS -> Opera Software)
Task: {B4056D3C-2803-4513-88DE-023205719C17} - System32\Tasks\Driver Booster SkipUAC (Gianluca) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {D2F5B76A-B8AF-4026-8D83-B77BDD1979D7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7B74A0A-8C24-4B17-820C-94C1DDB06926} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D8E8BFB7-C5A5-4CC2-81DD-99D2C694D4E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {DBA85BC7-2444-4DA7-A9F0-C3E46B3E21BB} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E0819C0B-16B9-4719-8946-CC59FEE4C7A3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {EBB8A2E7-CE9F-4922-B316-5FF639EEBE86} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {F57E429F-98A1-456C-8A58-9DBC06AD7FD0} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F98A9C26-5DC8-45A5-BB97-303EDE215078} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD7E4B41-C363-41EB-AA66-75475C76FE7E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDC13528-82BC-4E2F-B0E4-FEF19E143F47} - System32\Tasks\Kingston SSD Toolbox => C:\Program Files (x86)\Kingston SSD Toolbox\Kingston SSD Toolbox.exe [2017-12-28] (Flexera Software) [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gianluca.job => C:\Prog USB\Utility PC\Disinstallatori e file\IObitUninstallerPortable\App\uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Gianluca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Document Manager\Buy Document Manager on online.lnk -> hxxp:
Shortcut: C:\Users\Gianluca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Document Manager\Document Manager on the web.lnk -> hxxp:

==================== Loaded Modules (Whitelisted) ==============

2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2018-01-09 00:17 - 2018-12-17 11:58 - 000246464 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2018-01-09 00:17 - 2018-12-17 11:59 - 000159424 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2018-01-09 00:16 - 2018-12-17 11:57 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-20 14:05 - 2018-12-20 14:05 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-09 12:59 - 2019-02-09 12:59 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-01-11 01:25 - 2018-01-11 01:25 - 000182544 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-11-08 14:04 - 2018-10-22 14:18 - 000270480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-09-15 08:28 - 2018-09-15 08:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-05 00:23 - 2019-01-05 00:23 - 002834944 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3343.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2019-01-05 00:23 - 2019-01-05 00:23 - 000120320 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3343.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
2019-01-05 00:23 - 2019-01-05 00:23 - 009032704 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1811.3343.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
2019-01-30 09:35 - 2019-01-30 09:36 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-11-08 14:02 - 2018-11-08 14:02 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2019-02-09 14:57 - 2019-02-06 03:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
2019-02-09 14:57 - 2019-02-06 03:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
2018-11-08 13:53 - 2018-11-08 13:56 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 09:35 - 2019-01-30 09:35 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-10 23:11 - 2019-01-10 23:12 - 005172224 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-01-10 23:11 - 2019-01-10 23:11 - 002172928 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-01-10 23:11 - 2019-01-10 23:11 - 001795584 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneContentDataStore.dll
2019-01-10 23:11 - 2019-01-10 23:11 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-01-10 23:11 - 2019-01-10 23:11 - 002907136 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20094.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2018-11-08 14:04 - 2018-10-10 11:01 - 000109712 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000019600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2018-11-08 14:04 - 2016-03-07 18:08 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2018-11-08 14:04 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000188560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000195728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000163472 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000055952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000018064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000058000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000704144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000487568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2018-11-08 14:04 - 2018-10-22 14:17 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000264336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AuthorizedMng.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000112272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CalcScheduleTime.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000085648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000032912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000070800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000169616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000539280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000078480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000318608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000211088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000026256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000074384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000141968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000089232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 002458768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000266384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000162960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000029328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000131216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000034448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000054416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000066192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000072848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000292496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000078992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000138384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000075408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000585872 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000119952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSearch.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000045200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000367760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000142992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000149136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000052368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000064144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2018-11-08 14:04 - 2018-10-22 14:16 - 000091792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2018-11-08 14:04 - 2018-10-22 14:17 - 000058512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2018-02-09 18:25 - 2018-02-09 18:25 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2018-11-08 14:04 - 2018-10-22 14:18 - 000220304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3053400165-3691748969-558033575-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2019-02-08 15:56 - 000454512 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15600 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Kingston SSD Toolbox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Gianluca\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3053400165-3691748969-558033575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gianluca\Pictures\Sfondi vari\Blue_Dandelion_by_Jaorizabal.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "DSATray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A72ABF0-C14C-4693-8BB9-93FF530E0D15}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8DD6909-203F-4AA4-828E-08A4674A08B9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9271E8C-9820-4BF1-ADCD-92EC2F6663B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F22AB73D-42B0-4DED-A2C5-A8D4AE91A515}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{563EBE1C-7A92-41EF-9CAE-4D6E3EA8BCEE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{3D4A1DCA-BFA0-41AA-A154-34A4BB0A73BF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{0A0353ED-70CB-4A2C-896A-8B3CF75F1896}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{E2890CAB-7131-4A4A-8E4B-045D3EFE5701}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{30DD5D7B-EEC3-4589-AB08-0FF7351F16D3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{70EF5BB0-8A7A-480C-A937-54E78AC14E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5CCA20F1-DE38-481F-849C-BDCF5B441014}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0EC7F39C-8998-4D8F-8950-A500A9B9A352}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{59A6B044-886B-4AAD-8049-B3095623B504}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{DFCDFCFB-8C50-499D-BA4B-A1A133FB908B}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{3D341521-6AF6-4AF0-8A2C-A3BB11C24CEB}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{60A5ABD7-FE06-40C5-8DA0-B99388ABBFC2}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{EA9E44A4-FEAD-4140-861E-B63655A04E4F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{85691FBC-79E6-4A34-B11A-B7D901D227D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BCA28ED-2A57-4466-91F9-46C155D62E92}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A2A5532-3B41-47D4-BEE1-8A9E3996824F}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{9E973590-5280-42A1-87B1-6FA00B7FC68E}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B775B95E-DBC0-438F-ACD0-727B60BCCAE6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{FFB3E0A6-FD02-484B-A76F-8BEF2F976951}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe ()
FirewallRules: [{01A54502-A484-4778-8D7F-FCF6CC37945F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2019 03:58:51 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Il Centro sicurezza PC non è riuscito a convalidare il chiamante con errore %1.

Error: (02/09/2019 03:58:50 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Errore durante l'aggiornamento dello stato in SECURITY_PRODUCT_STATE_OFF.

Error: (02/09/2019 03:55:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma explorer.exe versione 10.0.17763.107 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo.

ID processo: f5c

Ora di avvio: 01d4c07e37cf5536

Ora di chiusura: 4294967295

Percorso applicazione: C:\Windows\explorer.exe

ID segnalazione: 4387ba86-0114-4945-aa14-9ef88529b4d6

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Tipo interruzione: Unknown

Error: (02/09/2019 03:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: opera.exe, versione: 57.0.3098.116, timestamp: 0x5c342e50
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.17763.194, timestamp: 0xe8b54827
Codice eccezione: 0xc0000374
Offset errore 0x00000000000faf49
ID processo che ha generato l'errore: 0x1a88
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d4c0865e571985
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Opera\57.0.3098.116\opera.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: efff7b11-c9cd-4dfe-8e18-1a1ecf9e8b0c
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (02/09/2019 02:51:22 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Errore durante l'aggiornamento dello stato in SECURITY_PRODUCT_STATE_OFF.

Error: (02/09/2019 02:51:22 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Il Centro sicurezza PC non è riuscito a convalidare il chiamante con errore %1.

Error: (02/09/2019 12:53:33 PM) (Source: Intel(R) SUR QC SAM) (EventID: 3) (User: )
Description: Traceback (most recent call last):
File "win32serviceutil.py", line 835, in SvcRun
File "updtr/service.py", line 238, in SvcDoRun
File "updtr/service.py", line 263, in run
File "updtr/core/entities/win_certs_store_bundle.py", line 41, in get_filename_for_windows_ca_bundle
File "updtr/core/entities/win_certs_store_bundle.py", line 33, in _create_bundle_from_win_store
IOError: (2, 'No such file or directory', 'C:\\ProgramData\\Intel\\SUR\\QUEENCREEK\\Updater\\AppData\\root_ca_certs.pem')

Error: (02/09/2019 12:50:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Il Centro sicurezza PC non è riuscito a convalidare il chiamante con errore %1.


System errors:
=============
Error: (02/09/2019 03:57:18 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 03:56:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio MessagingService_2692c terminato con l'errore:
Dispositivo non pronto.

Error: (02/09/2019 03:51:25 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 03:47:35 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 03:47:25 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 02:57:32 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 02:55:25 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/09/2019 02:51:47 PM) (Source: DCOM) (EventID: 10016) (User: GLS-NOTEBOOK)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
all'utente GLS-NOTEBOOK\SID Gianluca (S-1-5-21-3053400165-3691748969-558033575-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.


CodeIntegrity:
===================================

Date: 2019-02-09 15:59:40.583
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:59:39.234
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:58:49.991
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:58:47.417
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-02-09 15:57:05.555
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:56:45.079
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:56:36.605
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-09 15:56:36.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz
Percentage of memory in use: 63%
Total physical RAM: 3971.35 MB
Available physical RAM: 1450.23 MB
Total Virtual: 4419.35 MB
Available Virtual: 1723.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.34 GB) (Free:65.91 GB) NTFS

\\?\Volume{cd13a483-0000-0000-0000-100000000000}\ (Riservato per il sistema) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{cd13a483-0000-0000-0000-40b51b000000}\ () (Fixed) (Total:0.96 GB) (Free:0.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: CD13A483)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=979 MB) - (Type=27)

==================== End of Addition.txt ============================
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 5:44 pm

sexirutto ha scritto:
sab feb 09, 2019 5:15 pm
Non sapevo come allegare il txt..
Il ho messi sotto tag spoiler per renderli più leggibili..

Da questa riga che si vede nel log
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
mi rimandano a questa estensione, che corrisponde proprio al nome che stavamo cercando.
https://chrome.google.com/webstore/deta ... ccjcacackp

Cerca nella cartella del tuo profilo se trovi questa ccjleegmemocfpghkhpjmiccjcacackp e la butti nel cestino e poi rifai la scansione
C:\Users\gianluca\AppData\Local\Google\Chrome\User Data\Default\extensions\ccjleegmemocfpghkhpjmiccjcacackp
Oppure vedi se la trovi proprio tra le estensioni installate e la rimuovi.

Poi rifai la scansione con adwcleaner.

OT
Ma ti arrivano le mail di notifica dei nuovi messaggi?
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 6:06 pm

Adesso faccio il controllo che mi hai detto, si mi arrivano le notifiche nella mail.
da quel percosro non c'è quella estensione,.....
Immagine
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 6:42 pm

Siccome non la trovo neanche dal registro... e facendo un fix con farbar?? solo della voce incriminata?? stavo leggendo proprio la guida qua su turbolab, è possibile?? certo lo chiedo a te perchè altrimenti faccio danni...
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 6:55 pm

Giusto per dover di cronaca, ho installato advance system care e adwcleaner lo rileva come malware :rotolo , cmq a me interessa eliminare quell'altra cosa.
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 7:01 pm

sexirutto ha scritto:
sab feb 09, 2019 6:42 pm
e facendo un fix con farbar?? solo della voce incriminata??
Si procedi pure.
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 7:15 pm

Forse ho sbagliato qualcosa???
Immagine
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 7:16 pm

cosa avevi scritto per l'eliminazione?
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 7:20 pm

crazy.cat ha scritto:
sab feb 09, 2019 7:16 pm
cosa avevi scritto per l'eliminazione?
ho aperto il file FRST ed ho cancellato le voci sicure lasciando solo quella sospetta, poi ho salvato il tutto con il nome fixlist
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 7:33 pm

ci sono riuscito a fare il fix, solo che adwcleaner lo trova di nuovo...
Notebook: WINDOWS 10 64 Bit

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 7:54 pm

Ho provato un ulteriore cosa, ho lanciato il sistema in modalità provviosria con rete, ho lanciato farbar e magia, la voce di prima è sparita, solo che per adcleaner quel pup c'è sempre .... a sto punto no so che pesci prendere....
Notebook: WINDOWS 10 64 Bit

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 7796
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da crazy.cat » sab feb 09, 2019 9:22 pm

sexirutto ha scritto:
sab feb 09, 2019 7:54 pm
. a sto punto no so che pesci prendere....
Non usare più adwcleaner... ;) mi verrebbe da dire....
Presto non ci sarà nessuna divisione fra il lavoro e il tempo libero. Ogni cesso verrà dotato di unità interna, con computer, email e webcam, così nessuno sarà mai disconnesso o non contattabile.

Avatar utente
sexirutto
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1073
Iscritto il: ven mag 03, 2013 12:18 pm
Località: Sardegna

Re: Strano comportamento comodo e voce adwcleaner

Messaggio da sexirutto » sab feb 09, 2019 9:32 pm

:D infatti lo sto pensando pure io, ho controllato tutte le voci possibili, il pc non ha nulla a riguardo, alla fine si è intrippato adwcleaner
:grazie per il supporto
Notebook: WINDOWS 10 64 Bit

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Strano comportamento comodo e voce adwcleaner

Messaggio da System » sab feb 09, 2019 9:32 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio