Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
7 replies to this topic

#1 husky_32

husky_32

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 05 July 2016 - 05:06 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:01:13, on 05/07/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
 
FIREFOX: 45.0.1 (x86 it)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\TEMP\DPTF\esif_assist.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\Yuri\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.7.557\ASUSWSLoader.exe
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [GoPro Studio Importer] C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
O23 - Service: @oem23.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13996 bytes


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 05 July 2016 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

===

p.s.
HijackThis is no longer supported.
I suggest your remove via the Control panel > Programs > Programs and Features Applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 husky_32

husky_32
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 05 July 2016 - 11:07 AM

hi, thanks a lot.
malwarebytes and adwcleaner I already launched,.

log of mbam

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 05/07/2016
Ora scansione: 17:19
File di log: mbam.txt
Amministratore: Sì
 
Versione: 2.2.1.1043
Database malware: v2016.07.05.08
Database rootkit: v2016.05.27.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata
 
SO: Windows 8.1
CPU: x64
File system: NTFS
Utente: Yuri
 
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 315785
Tempo impiegato: 21 min, 47 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata
 
Processi: 0
(Nessun elemento nocivo rilevato)
 
Moduli: 0
(Nessun elemento nocivo rilevato)
 
Chiavi di registro: 0
(Nessun elemento nocivo rilevato)
 
Valori di registro: 0
(Nessun elemento nocivo rilevato)
 
Dati di registro: 0
(Nessun elemento nocivo rilevato)
 
Cartelle: 0
(Nessun elemento nocivo rilevato)
 
File: 0
(Nessun elemento nocivo rilevato)
 
Settori fisici: 0
(Nessun elemento nocivo rilevato)
 
 
(end)


LOG of FARBAR
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Yuri (administrator) on PC-YURI (05-07-2016 17:56:52)
Running from C:\Users\Yuri\Downloads
Loaded Profiles: Yuri (Available Profiles: Yuri)
Platform: Windows 8.1 (Update) (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Trend Micro Inc.) C:\Users\Yuri\Desktop\HijackThis.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Yuri\Desktop\adwcleaner_5.201.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.7.557\ASUSWSLoader.exe [63272 2016-03-15] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-03] (GoPro)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-06-16] (Oracle Corporation)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\...\MountPoints2: {16ccac73-83a6-11e5-8261-d053496b3061} - "H:\setup.exe" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.7.557\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.7.557\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.7.557\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-04-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BE30493F-E619-4378-8E97-80F77560A7C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C48B0244-5163-4447-9213-E7BA79599430}: [DhcpNameServer] 10.6.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-1719771701-1447108438-4250716654-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-05] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-05] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Yuri\AppData\Roaming\Mozilla\Firefox\Profiles\dbbgtn2z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-05] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Yuri\AppData\Roaming\Mozilla\Firefox\Profiles\dbbgtn2z.default\user.js [2016-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Profile: C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Documenti Google) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Google Search) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Fogli Google) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Google Documenti offline) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (TeX for Gmail) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnmclkoadjdljnfmbnnhaahilafoeji [2016-06-02]
CHR Extension: (Flatbook) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-06-25]
CHR Extension: (TeX The World for Chromium) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbfninnbhfepghkkcgdnmfmhhbjmhggn [2015-11-02]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-15] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-09-19] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2015-03-23] (Broadcom Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-05-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-05-15] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
S3 NANMp50; System32\Drivers\NANMp50.sys [X]
S3 NANSp50; System32\Drivers\NANSp50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-05 17:56 - 2016-07-05 17:57 - 00025560 _____ C:\Users\Yuri\Downloads\FRST.txt
2016-07-05 17:56 - 2016-07-05 17:56 - 02390016 _____ (Farbar) C:\Users\Yuri\Downloads\FRST64.exe
2016-07-05 17:56 - 2016-07-05 17:56 - 00000000 ____D C:\FRST
2016-07-05 17:52 - 2016-07-05 17:52 - 00001176 _____ C:\Users\Yuri\Desktop\mbam.txt
2016-07-05 17:49 - 2016-07-05 17:50 - 22851472 _____ (Malwarebytes ) C:\Users\Yuri\Desktop\mbam-setup-2.2.1.1043.exe
2016-07-05 17:34 - 2016-07-05 17:36 - 00242398 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_17.34.49_log.txt
2016-07-05 17:34 - 2016-07-05 17:34 - 00000560 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_17.34.38_log.txt
2016-07-05 17:17 - 2016-07-05 17:17 - 03712064 _____ C:\Users\Yuri\Desktop\adwcleaner_5.201.exe
2016-07-05 11:21 - 2016-07-05 11:21 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-07-05 11:18 - 2016-07-05 11:23 - 00245974 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_11.18.41_log.txt
2016-07-05 11:17 - 2016-07-05 11:18 - 00007736 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_11.17.46_log.txt
2016-07-05 11:03 - 2016-07-05 11:10 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Yuri\Desktop\tdsskiller.exe
2016-07-05 11:01 - 2016-07-05 11:01 - 01078860 _____ C:\Users\Yuri\Downloads\Non confermato 331173.crdownload
2016-07-05 10:57 - 2016-07-05 11:00 - 01619004 _____ C:\Users\Yuri\Downloads\Non confermato 170915.crdownload
2016-07-05 10:53 - 2016-07-05 10:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yuri\Desktop\HijackThis.exe
2016-07-05 10:29 - 2016-07-05 10:41 - 22043019 _____ (IObit ) C:\Users\Yuri\Downloads\advanced-systemcare-setup_9.3.0.1121.exe
2016-07-04 17:40 - 2016-07-04 17:40 - 00090038 _____ C:\Users\Yuri\Desktop\20160627_calendar.pdf
2016-07-04 17:31 - 2016-07-04 17:31 - 00097381 _____ C:\Users\Yuri\Desktop\20160627_writtentestresults.pdf
2016-07-01 08:15 - 2016-07-01 08:15 - 00139276 _____ C:\Users\Yuri\Desktop\FLIX-Ticket-8020300212.pdf
2016-06-30 21:40 - 2016-06-30 21:43 - 00000000 ___RD C:\Users\Yuri\Desktop\TV
2016-06-30 21:34 - 2016-06-30 21:34 - 00000000 ____D C:\Users\Yuri\AppData\Local\Macromedia
2016-06-30 21:31 - 2016-07-05 17:52 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-30 21:31 - 2016-06-30 21:36 - 00003866 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-30 17:24 - 2016-07-03 16:13 - 00000000 ____D C:\Users\Yuri\Desktop\MeA
2016-06-29 21:22 - 2016-06-29 21:22 - 00000130 _____ C:\Users\Yuri\Desktop\pali recinzione.url
2016-06-28 11:34 - 2016-06-28 11:34 - 00000137 _____ C:\Users\Yuri\Desktop\ghesla.url
2016-06-27 16:58 - 2016-06-27 16:58 - 00000000 ____D C:\Users\Yuri\Desktop\appello 02_2016
2016-06-27 16:57 - 2016-06-27 16:58 - 00000000 ____D C:\Users\Yuri\Desktop\appello 01_2016
2016-06-25 09:34 - 2016-06-25 10:13 - 00001933 _____ C:\Users\Yuri\Desktop\Nuovo documento di testo.txt
2016-06-25 09:02 - 2016-06-25 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-22 22:15 - 2016-06-22 22:15 - 00032796 _____ C:\Users\Yuri\Desktop\freie_volker.jpeg
2016-06-21 16:27 - 2016-06-21 16:27 - 00001509 _____ C:\Users\Yuri\Desktop\deaddrops-readme-manifesto-ita.zip
2016-06-21 11:36 - 2016-06-21 11:36 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-21 11:22 - 2016-06-21 11:22 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-21 11:22 - 2016-06-21 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-21 11:21 - 2016-06-21 11:22 - 00000000 ____D C:\Program Files\iTunes
2016-06-21 11:21 - 2016-06-21 11:21 - 00000000 ____D C:\Program Files\iPod
2016-06-21 11:21 - 2016-06-21 11:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-21 11:17 - 2016-06-21 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-06-21 09:30 - 2016-06-21 09:30 - 00000178 _____ C:\Users\Yuri\Desktop\album trip.url
2016-06-21 09:13 - 2016-06-21 09:14 - 00000164 _____ C:\Users\Yuri\Desktop\3ntino.url
2016-06-20 10:11 - 2016-06-20 10:11 - 00000111 _____ C:\Users\Yuri\Desktop\meme simpson.url
2016-06-19 11:50 - 2016-06-21 19:20 - 00000000 ____D C:\Users\Yuri\Desktop\Prusa i3
2016-06-17 23:52 - 2016-06-14 19:13 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 23:52 - 2016-06-14 19:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 18:29 - 2016-06-17 18:29 - 00000224 _____ C:\Users\Yuri\Desktop\gheslo.url
2016-06-16 16:41 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-16 16:41 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-16 16:39 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-16 16:39 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-16 16:39 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-16 16:39 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-16 16:39 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-16 16:39 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-16 16:39 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-16 16:39 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-16 16:39 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-16 16:38 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-16 16:38 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-16 16:38 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-16 16:38 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-16 16:38 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-16 16:38 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-16 15:36 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-16 15:36 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-16 15:36 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-16 15:36 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-16 15:36 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-16 15:36 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-16 15:36 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-16 15:36 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-16 15:36 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-16 15:36 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-16 15:36 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-16 15:36 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-16 15:36 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-16 15:36 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-16 15:36 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-16 15:36 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-16 15:36 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-16 15:36 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-16 15:36 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-16 15:36 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-16 15:36 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-16 15:36 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-16 15:36 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-16 15:36 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-16 15:36 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-16 15:36 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-16 15:36 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-16 15:36 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 15:36 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-16 15:36 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-16 15:36 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-16 15:36 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-16 15:36 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-16 15:36 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-16 15:35 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-16 15:35 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-16 15:35 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-16 15:35 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-16 15:35 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-16 15:35 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-16 15:35 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-16 15:35 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-16 15:35 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-16 15:35 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-16 15:35 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-16 15:35 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-16 15:35 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-16 15:35 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-16 15:35 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-16 15:35 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-16 15:35 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-16 15:35 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-16 15:35 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-16 15:35 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-16 15:35 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-16 15:35 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-16 15:35 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-16 15:35 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-16 15:35 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-16 15:35 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-16 15:35 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-16 15:35 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-16 15:35 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-16 15:35 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-16 15:35 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-16 15:35 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-16 15:35 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-16 15:35 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-16 15:35 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-16 15:35 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-13 22:38 - 2016-06-13 22:38 - 00000000 ____D C:\Users\Yuri\Documents\Network Monitor 3
2016-06-13 22:36 - 2016-06-13 22:37 - 14167730 _____ (Fondazione Ugo Bordoni ) C:\Users\Yuri\Downloads\Nemesys_v.2.1.3-7_win8_64bit.exe
2016-06-07 21:15 - 2016-06-07 21:15 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\com.freakinware.mitosis
2016-06-07 21:13 - 2016-06-07 21:33 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-07 21:10 - 2016-06-07 21:10 - 00000000 ____D C:\Users\Yuri\AppData\Local\Steam
2016-06-07 21:03 - 2016-06-07 21:03 - 00000981 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-07 21:03 - 2016-06-07 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-07 21:02 - 2016-06-28 17:44 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-07 21:02 - 2016-06-07 21:02 - 01380712 _____ C:\Users\Yuri\Downloads\SteamSetup.exe
2016-06-06 21:00 - 2016-06-06 21:00 - 00000140 _____ C:\Users\Yuri\Desktop\motogp download.url
2016-06-05 12:15 - 2016-06-05 12:15 - 00000000 ____D C:\Users\Yuri\Desktop\Production Processes 03_06
2016-06-05 12:14 - 2016-06-05 12:14 - 00000000 ___RD C:\Users\Yuri\Desktop\PoliTo (1)
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-05 17:54 - 2016-04-05 11:19 - 00000000 ____D C:\AdwCleaner
2016-07-05 17:52 - 2016-03-22 11:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 16:59 - 2015-11-04 13:54 - 00001120 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-05 16:59 - 2015-11-02 20:39 - 00001174 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-05 15:59 - 2015-11-02 20:39 - 00001170 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-05 15:28 - 2015-12-10 09:46 - 00000000 ____D C:\ProgramData\MFAData
2016-07-05 13:10 - 2015-12-15 19:08 - 00000560 _____ C:\Windows\Tasks\MATLAB R2016a Startup Accelerator.job
2016-07-05 12:59 - 2015-11-04 13:54 - 00001116 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-05 12:33 - 2015-11-01 11:37 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E9242C4-A431-4FBC-95D2-7AA104610719}
2016-07-05 12:13 - 2015-11-01 11:29 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1719771701-1447108438-4250716654-1001
2016-07-05 12:00 - 2015-11-01 11:37 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-07-05 12:00 - 2015-11-01 11:37 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-07-05 11:48 - 2015-11-01 11:28 - 00001543 _____ C:\Users\Yuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2016-07-05 11:48 - 2015-11-01 11:28 - 00000000 ___RD C:\Users\Yuri\OneDrive
2016-07-05 11:48 - 2015-11-01 11:21 - 00000125 _____ C:\Users\Yuri\AppData\Roaming\sp_data.sys
2016-07-05 11:44 - 2016-04-12 08:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-05 11:44 - 2016-04-12 08:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-05 11:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-05 11:43 - 2016-01-02 17:30 - 00000000 ____D C:\Program Files (x86)\Remote Mouse
2016-07-05 11:43 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-07-05 11:06 - 2015-11-01 11:20 - 00000000 ____D C:\Users\Yuri\AppData\Local\VirtualStore
2016-07-05 08:24 - 2015-11-02 17:40 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\Telegram Desktop
2016-07-05 07:52 - 2015-11-30 12:48 - 00000000 ____D C:\Users\Yuri\AppData\Local\JDownloader 2.0
2016-07-03 05:06 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-02 16:07 - 2016-05-14 19:06 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\WhatsApp
2016-07-02 09:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-02 09:12 - 2015-11-01 11:20 - 00000000 ____D C:\Users\Yuri\AppData\Local\Packages
2016-07-02 09:11 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-01 23:27 - 2014-10-29 14:22 - 00805000 _____ C:\Windows\system32\perfh010.dat
2016-07-01 23:27 - 2014-10-29 14:22 - 00157108 _____ C:\Windows\system32\perfc010.dat
2016-07-01 23:27 - 2014-03-18 17:26 - 01813012 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 18:02 - 2015-11-04 11:49 - 03614720 ___SH C:\Users\Yuri\Desktop\Thumbs.db
2016-06-30 21:36 - 2015-11-23 21:29 - 00000000 ____D C:\Users\Yuri\AppData\Local\Adobe
2016-06-30 20:56 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-06-30 17:48 - 2016-03-28 09:34 - 00000000 ____D C:\ProgramData\Oracle
2016-06-30 17:47 - 2016-03-28 09:36 - 00000000 ____D C:\Users\Yuri\.oracle_jre_usage
2016-06-30 17:47 - 2016-03-28 09:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-30 17:47 - 2016-03-28 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-30 17:47 - 2016-03-28 09:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-30 17:47 - 2015-11-04 13:57 - 00000000 ___RD C:\Users\Yuri\Dropbox
2016-06-29 20:37 - 2015-12-10 09:46 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-06-29 20:37 - 2015-12-10 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-06-28 12:05 - 2016-05-14 19:06 - 00002213 _____ C:\Users\Yuri\Desktop\WhatsApp.lnk
2016-06-28 12:05 - 2016-05-14 19:06 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-06-28 12:04 - 2016-05-14 19:05 - 00000000 ____D C:\Users\Yuri\AppData\Local\WhatsApp
2016-06-28 12:04 - 2016-05-14 19:05 - 00000000 ____D C:\Users\Yuri\AppData\Local\SquirrelTemp
2016-06-27 16:56 - 2015-12-27 10:00 - 00000000 ____D C:\Users\Yuri\AppData\Roaming\Apple Computer
2016-06-25 09:02 - 2015-11-04 13:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-23 14:12 - 2016-04-12 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 11:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-06-21 11:39 - 2016-02-18 21:16 - 00000000 ____D C:\Users\Yuri\Documents\File di Outlook
2016-06-21 11:39 - 2016-02-18 21:16 - 00000000 ____D C:\Users\Yuri\AppData\Local\Apple Inc
2016-06-21 11:39 - 2015-11-01 11:17 - 00000000 ____D C:\Users\Yuri
2016-06-21 11:36 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 11:36 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-21 11:34 - 2015-11-01 12:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-21 11:21 - 2016-02-02 12:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-18 01:00 - 2015-11-02 20:39 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 23:50 - 2013-08-22 16:44 - 00486624 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 20:02 - 2015-11-04 01:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 20:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-17 20:00 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 13:50 - 2016-05-15 20:06 - 00000000 ____D C:\Users\Yuri\Downloads\Telegram Desktop
2016-06-17 11:17 - 2015-11-03 17:21 - 00000000 ____D C:\Windows\system32\MRT
2016-06-17 11:11 - 2015-11-03 17:21 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 15:54 - 2015-12-10 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-13 08:09 - 2016-05-09 12:51 - 00000000 ____D C:\Users\Yuri\AppData\Local\ElevatedDiagnostics
2016-06-08 20:23 - 2015-11-01 13:24 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-07 17:14 - 2015-11-01 11:37 - 00003912 _____ C:\Windows\System32\Tasks\Update Checker
2016-06-07 17:13 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-06-07 17:13 - 2014-10-29 08:25 - 00000000 ____D C:\Program Files (x86)\ASUS
 
==================== Files in the root of some directories =======
 
2016-04-04 22:34 - 2016-04-04 22:34 - 0005120 _____ () C:\Users\Yuri\AppData\Roaming\GiftBag.db
2015-11-01 11:21 - 2016-07-05 11:48 - 0000125 _____ () C:\Users\Yuri\AppData\Roaming\sp_data.sys
2016-05-27 17:56 - 2016-05-27 17:56 - 0000857 _____ () C:\Users\Yuri\AppData\Local\recently-used.xbel
2015-03-23 14:21 - 2015-03-23 14:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 08:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\Yuri\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Yuri\AppData\Local\Temp\libeay32.dll
C:\Users\Yuri\AppData\Local\Temp\msvcr120.dll
C:\Users\Yuri\AppData\Local\Temp\proxy_vole2007568149254577770.dll
C:\Users\Yuri\AppData\Local\Temp\proxy_vole2389113517323048989.dll
C:\Users\Yuri\AppData\Local\Temp\proxy_vole7531745036184041055.dll
C:\Users\Yuri\AppData\Local\Temp\proxy_vole7887768668650967256.dll
C:\Users\Yuri\AppData\Local\Temp\proxy_vole8060243832720524011.dll
C:\Users\Yuri\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-04 17:23
 
==================== End of FRST.txt ============================


My problem is slow internet in pc (because from other device is faster), I didn't find virus or malware, so I used hijackthis for another verification.
 

Attached Files



#4 husky_32

husky_32
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 05 July 2016 - 11:22 AM

in speed test: download 12 Mbs
but in activity manage the effective speed: in a range of 0 and 7 Mbs, is so instable



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 06 July 2016 - 06:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF user.js: detected! => C:\Users\Yuri\AppData\Roaming\Mozilla\Firefox\Profiles\dbbgtn2z.default\user.js [2016-04-05]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
U0 msahci; system32\drivers\msahci.sys [X]
S3 NANMp50; System32\Drivers\NANMp50.sys [X]
S3 NANSp50; System32\Drivers\NANSp50.sys [X]
C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please update all the drivers that will be identified.
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.
http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Keep me posted.

#6 husky_32

husky_32
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 06 July 2016 - 07:52 AM

thank you for your patience.

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Yuri (2016-07-06 14:09:54) Run:1
Running from C:\Users\Yuri\Desktop
Loaded Profiles: Yuri (Available Profiles: Yuri)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF user.js: detected! => C:\Users\Yuri\AppData\Roaming\Mozilla\Firefox\Profiles\dbbgtn2z.default\user.js [2016-04-05]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
U0 msahci; system32\drivers\msahci.sys [X]
S3 NANMp50; System32\Drivers\NANMp50.sys [X]
S3 NANSp50; System32\Drivers\NANSp50.sys [X]
C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Yuri\AppData\Roaming\Mozilla\Firefox\Profiles\dbbgtn2z.default\user.js => moved successfully
C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
msahci => service removed successfully
NANMp50 => service removed successfully
NANSp50 => service removed successfully
"C:\Users\Yuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48426165 B
Java, Flash, Steam htmlcache => 28463605 B
Windows/system/drivers => 14221638 B
Edge => 0 B
Chrome => 679515241 B
Firefox => 18233221 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1016451 B
systemprofile32 => 128 B
LocalService => 3290 B
NetworkService => 0 B
Yuri => 28519863 B
 
RecycleBin => 3862085355 B
EmptyTemp: => 4.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:10:38 ====

cache and reset of browsers are done

scan with secunia: 95% of programs were up-to-date.

now speed test was 13Mbs and activity manage was 10-12Mbs.

very good result.
I appreciate a lot your help :-)


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 07 July 2016 - 07:36 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 13 July 2016 - 12:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users