Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lancheck.net into NET Firebug Tab


  • Please log in to reply
4 replies to this topic

#1 kay2000

kay2000

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 12 November 2016 - 11:09 AM

Hi!

Debugging a website I found out that Lancheck.net make a lot of unwanted communications. Sometimes I see a green bar at the top of certain website, with google links.

 

I tried some softwares and I succeded, but after a while Lancheck.net came back :(

 

How can I do?

 

Thank you very much!

 

Kay*

 

=====FRST.TXT=======

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by MIOUTENTE (administrator) on PRECISION-PC (12-11-2016 15:53:59)
Running from C:\Users\MIOUTENTE\Downloads
Loaded Profiles: MIOUTENTE & MSSQLSERVER (Available Profiles: Massimo & MIOUTENTE & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
() C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Notepad2\Notepad2.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer\procexp64.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-07-26] ()
HKLM\...\Run: [Essential Fax Print Controller] => C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe [115200 2009-09-01] ()
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2016-10-12] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-10-05] (Cisco Systems, Inc.)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Run: [Agente del Portafoglio di Bitdefender] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2016-10-12] (Bitdefender)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {1fff5a6a-69d0-11e6-b62e-f71097ddbc50} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {1fff5a72-69d0-11e6-b62e-f71097ddbc50} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {66b06f9b-cc0c-11e5-b07a-b6342e47bd78} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {6828858b-7857-11e2-a914-90b11c68c3a4} - I:\WindowsUI\Autorun.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {6828859c-7857-11e2-a914-90b11c68c3a4} - I:\WindowsUI\Autorun.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {bf2834e5-5e80-11e2-813b-000af704232e} - H:\setup.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {d9f4f778-a4f6-11e5-b5c9-90b11c68c3a4} - F:\iLinker.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
AppInit_DLLs-x32: AirfoilInject3.dll => C:\Windows\SysWOW64\AirfoilInject3.dll [165480 2013-03-27] ()
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk [2016-10-11]
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2016-10-11]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\MIOUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2016-10-11]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EssentialFax.lnk [2013-03-30]
ShortcutTarget: EssentialFax.lnk -> C:\Program Files (x86)\EssentialFax\essfax.exe (Essential Fax Software)
Startup: C:\Users\Massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run Weather Display.lnk [2013-01-25]
ShortcutTarget: Run Weather Display.lnk -> C:\wdisplay\WeatherD.exe (Weather Display)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56098D7F-D894-4001-98A4-6A646E713972}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5A5B9C9-59E6-4E46-9D93-DEE7D2DEEC8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> DefaultScope {DB3CC957-0BFF-4458-B0E5-784E59D826F6} URL = hxxp://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> {602271E4-90D9-425F-AA54-7AB8995A1ADF} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> {DB3CC957-0BFF-4458-B0E5-784E59D826F6} URL = hxxp://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Portafoglio di Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Portafoglio di Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-10-12] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-10-12] (Bitdefender)
Toolbar: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
IE Session Restore: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> is enabled.
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://12.69.124.226:8910/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MIOUTENTE\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\zua452ou.default [2013-12-17]
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\zua452ou.default -> resource://webapp/openvpn.html
FF ProfilePath: C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default [2016-11-12]
FF user.js: detected! => C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\user.js [2014-05-11]
FF Homepage: Mozilla\Firefox\Profiles\xuep1xld.default -> hxxp://www.google.it
FF Session Restore: Mozilla\Firefox\Profiles\xuep1xld.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> http", "96.244.229.173"
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> http_port", 1520
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> type", 0
FF Extension: (Firebug) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (FirePHP) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2016-04-27]
FF Extension: (Xmarks) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\foxmarks@kei.com [2016-05-26]
FF Extension: (S3.Google Translator) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\s3google@translator.xpi [2016-10-22]
FF Extension: (Delicious Bookmarks) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2013-01-20] [not signed]
FF Extension: (Flashblock) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-03]
FF Extension: (gtranslate) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-14]
FF Extension: (Adblock Plus) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-08-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-08-07] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MIOUTENTE\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\MIOUTENTE\AppData\Roaming\IDM\idmmzcc5 [2016-10-12] [not signed]
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-04-13] ()
FF Plugin HKU\S-1-5-21-862982903-2461117957-1333078475-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MIOUTENTE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Presentazioni Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-18]
CHR Extension: (Documenti Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-18]
CHR Extension: (YouTube) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-18]
CHR Extension: (Fogli Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-18]
CHR Extension: (Google Documenti offline) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (IDM Integration Module) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-04]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-18]
CHR Extension: (Gmail) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AK910SwitchService; C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe [98304 2013-06-28] () [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2016-10-12] (Bitdefender)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation) [File not signed]
S2 DaciaCompat; C:\Program Files\DaciaCompat\daciacompat.exe [151344 2015-12-18] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-08-04] (The OpenVPN Project)
S3 Orfeo Service; C:\Users\MIOUTENTE\Documents\Visual Studio 2012\Projects\WindowsService2\WindowsService2\bin\Debug\WindowsService2.exe [8192 2013-10-11] (Microsoft) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2012-06-28] () [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2016-10-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2016-10-12] (Bitdefender)
S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2016-10-12] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2016-10-12] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2016-10-12] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2016-10-12] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2016-10-12] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2016-10-12] (BitDefender LLC)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-08] (Realtek Semiconductor Corp.)
S4 LMIRfsClientNP; no ImagePath
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-12-16] (Riverbed Technology, Inc.)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2016-10-12] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-10-05] (Cisco Systems, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 cpuz135; \??\C:\Users\Massimo\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [X]
S3 gwiopm; \??\C:\Users\Massimo\AppData\Local\Temp\HBCD\gwiopm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 secdrv; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 15:53 - 2016-11-12 15:54 - 00032204 _____ C:\Users\MIOUTENTE\Downloads\FRST.txt
2016-11-12 15:53 - 2016-11-12 15:53 - 02411520 _____ (Farbar) C:\Users\MIOUTENTE\Downloads\FRST64.exe
2016-11-12 15:53 - 2016-11-12 15:53 - 00000000 ____D C:\FRST
2016-11-11 16:21 - 2016-11-11 23:13 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:47 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:21 - 02687418 _____ (Kephyr) C:\Users\MIOUTENTE\Downloads\freefixersetup.exe
2016-11-11 16:21 - 2016-11-11 16:21 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:21 - 00000000 ____D C:\Program Files\FreeFixer
2016-11-11 11:57 - 2016-11-11 11:57 - 08270712 _____ (Piriform Ltd) C:\Users\MIOUTENTE\Downloads\ccsetup523.exe
2016-11-11 11:55 - 2016-11-11 11:55 - 02331784 _____ (OSHI Limited) C:\Users\MIOUTENTE\Downloads\Defender-Installer.exe
2016-11-10 11:53 - 2016-11-12 15:48 - 00000000 ____D C:\Users\MIOUTENTE\AppData\LocalLow\uTorrent
2016-11-07 18:17 - 2016-11-07 18:17 - 00012192 _____ C:\Users\MIOUTENTE\Downloads\160B94000018153_LBNFNC68A29L219H_CDAErogazione.xml
2016-11-06 22:41 - 2016-11-06 22:43 - 00000465 _____ C:\Users\MIOUTENTE\Downloads\client_secret_1030592891319-7i6m7qmg56dc1qr5vak5ojd79v8qslth.apps.googleusercontent.com.json
2016-11-06 22:34 - 2016-11-06 22:34 - 00210640 _____ C:\Users\MIOUTENTE\Downloads\PHPMailer-master.zip
2016-11-03 16:41 - 2016-11-03 16:59 - 00151220 _____ C:\Users\MIOUTENTE\Downloads\signup-email-verification.rar
2016-11-03 12:08 - 2016-11-03 12:08 - 00001138 _____ C:\Users\MIOUTENTE\Documents\offidius.it-Nov-2016.gz
2016-11-02 10:25 - 2016-11-02 10:25 - 00000000 ____D C:\Users\MIOUTENTE\Documents\Adobe
2016-10-26 19:21 - 2016-10-26 19:22 - 00423144 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-26 02:00 - 2016-11-12 13:48 - 00039878 _____ C:\Windows\ntbtlog.txt
2016-10-22 15:18 - 2016-10-22 15:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_winguest_01009.Wdf
2016-10-22 15:18 - 2016-10-22 15:18 - 00000000 ____D C:\Program Files\DaciaCompat
2016-10-22 15:18 - 2015-12-28 11:50 - 01180320 _____ (BitDefender) C:\Windows\system32\Drivers\winguest.sys
2016-10-22 15:17 - 2016-10-22 15:18 - 00000000 ____D C:\Program Files (x86)\CompatInstaller
2016-10-22 15:11 - 2016-10-22 15:12 - 00005040 _____ C:\Users\MIOUTENTE\Desktop\cc_20161022_161152.reg
2016-10-21 15:43 - 2016-10-21 15:43 - 00001175 _____ C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2016-10-21 15:43 - 2016-10-21 15:43 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\.clamwin
2016-10-21 15:43 - 2016-10-21 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2016-10-21 15:42 - 2016-10-21 15:42 - 00000000 ____D C:\ProgramData\.clamwin
2016-10-21 15:42 - 2016-10-21 15:42 - 00000000 ____D C:\Program Files (x86)\ClamWin
2016-10-21 15:40 - 2016-10-21 15:41 - 120690586 _____ (alch ) C:\Users\MIOUTENTE\Downloads\clamwin-0.99.1-setup.exe
2016-10-20 23:10 - 2016-11-12 06:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 12:03 - 2016-10-21 12:35 - 00001857 _____ C:\Users\MIOUTENTE\Desktop\AddressBook.lnk
2016-10-20 11:52 - 2016-10-20 12:02 - 00000000 ____D C:\Users\MIOUTENTE\Downloads\FreeAddressBookPortable
2016-10-20 11:52 - 2016-10-20 11:52 - 00574845 _____ C:\Users\MIOUTENTE\Downloads\FreeAddressBookPortable.zip
2016-10-20 11:52 - 2016-10-20 11:52 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\GAS Softwares
2016-10-17 12:25 - 2016-10-17 12:25 - 05754842 _____ C:\Users\MIOUTENTE\Downloads\MIELE_ITALIANO_1_390_GR (1).pdf
2016-10-17 11:50 - 2016-10-17 11:50 - 01059440 _____ C:\Users\MIOUTENTE\registry.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 15:48 - 2012-12-11 10:49 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\uTorrent
2016-11-12 15:35 - 2015-12-17 20:55 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-12 15:04 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 15:04 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-12 14:55 - 2013-08-03 18:22 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 14:30 - 2012-12-11 15:40 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\vlc
2016-11-12 11:51 - 2013-05-27 22:36 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\dvdcss
2016-11-12 05:54 - 2013-01-22 00:25 - 00000476 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2016-11-12 00:55 - 2013-08-03 18:22 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 18:04 - 2016-10-11 17:26 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-11 17:55 - 2014-03-14 10:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-11 11:59 - 2016-06-20 15:16 - 00000000 ____D C:\Users\MIOUTENTE\Desktop\OFFIDIUS
2016-11-11 11:59 - 2012-12-06 17:44 - 00000000 ___RD C:\Users\MIOUTENTE\Desktop\Link
2016-11-11 11:54 - 2012-12-23 09:52 - 00000600 _____ C:\Users\MIOUTENTE\AppData\Roaming\winscp.rnd
2016-11-11 11:04 - 2010-11-21 16:30 - 00831254 _____ C:\Windows\system32\perfh010.dat
2016-11-11 11:04 - 2010-11-21 16:30 - 00182574 _____ C:\Windows\system32\perfc010.dat
2016-11-11 11:04 - 2009-07-14 06:13 - 01916454 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 11:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-11 10:58 - 2013-01-27 12:32 - 00000000 ____D C:\Users\MSSQLSERVER
2016-11-11 10:58 - 2012-12-11 11:44 - 00000206 _____ C:\Windows\Tasks\AutoKMS.job
2016-11-11 10:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 10:55 - 2016-10-11 18:36 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-11 10:20 - 2016-10-11 18:36 - 01098627 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-10 02:37 - 2014-12-28 10:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 15:51 - 2013-08-03 18:22 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\Google
2016-11-09 07:39 - 2015-12-17 20:55 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-09 07:38 - 2012-11-29 09:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-09 07:38 - 2012-11-29 09:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-09 07:38 - 2012-11-29 09:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-09 07:37 - 2012-11-29 09:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-07 10:33 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-06 04:07 - 2015-12-11 18:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 15:02 - 2013-02-04 11:40 - 00000000 ____D C:\Users\MIOUTENTE\Documents\Visual Studio 2012
2016-11-03 03:58 - 2016-08-29 11:52 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-02 18:14 - 2014-02-04 00:35 - 00384000 ___SH C:\Users\MIOUTENTE\Thumbs.db
2016-11-02 10:25 - 2012-12-06 17:05 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\Adobe
2016-10-30 00:00 - 2014-05-28 10:31 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\ElevatedDiagnostics
2016-10-28 08:48 - 2016-10-11 18:36 - 00166677 _____ C:\Windows\ZAM.krnl.trace
2016-10-26 19:27 - 2015-01-29 22:29 - 00115728 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-10-26 19:25 - 2013-02-28 11:07 - 01761280 ___SH C:\Users\MIOUTENTE\Desktop\Thumbs.db
2016-10-23 23:32 - 2015-07-24 18:21 - 00115728 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-10-23 04:54 - 2012-11-29 09:20 - 00000000 ____D C:\temp
2016-10-22 15:10 - 2014-07-09 00:14 - 00253952 ___SH C:\Users\MIOUTENTE\Downloads\Thumbs.db
2016-10-21 20:19 - 2016-08-26 16:06 - 00010947 _____ C:\bdlog.txt
2016-10-21 12:53 - 2014-05-13 10:54 - 00003135 _____ C:\Users\MIOUTENTE\Desktop\Matrimonio 20141011.lnk
2016-10-20 12:06 - 2012-12-06 17:05 - 00000000 ____D C:\Users\MIOUTENTE
2016-10-20 12:03 - 2013-06-22 17:04 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\Skype
2016-10-19 13:00 - 2012-12-11 10:24 - 00000600 _____ C:\Users\MIOUTENTE\AppData\Local\PUTTY.RND
2016-10-17 11:58 - 2012-12-06 19:12 - 00000000 ____D C:\Program Files (x86)\ProcessExplorer
2016-10-14 17:23 - 2013-07-04 14:47 - 00000000 ____D C:\Users\MIOUTENTE\Documents\PDF Split

==================== Files in the root of some directories =======

2013-02-06 10:52 - 2013-02-06 10:49 - 0000165 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-02-17 04:27 - 2013-02-17 04:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-02-12 16:52 - 2012-11-01 01:52 - 12845056 _____ () C:\Users\MIOUTENTE\AppData\Roaming\Sandra.mdb
2013-11-30 00:41 - 2013-12-02 12:59 - 0001674 _____ () C:\Users\MIOUTENTE\AppData\Roaming\SAS7_000.DAT
2012-12-23 09:52 - 2016-11-11 11:54 - 0000600 _____ () C:\Users\MIOUTENTE\AppData\Roaming\winscp.rnd
2014-03-12 11:11 - 2014-03-25 12:48 - 0036864 _____ () C:\Users\MIOUTENTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-11 10:24 - 2016-10-19 13:00 - 0000600 _____ () C:\Users\MIOUTENTE\AppData\Local\PUTTY.RND
2013-05-23 23:45 - 2013-05-23 23:45 - 0000218 _____ () C:\Users\MIOUTENTE\AppData\Local\recently-used.xbel
2013-03-07 20:03 - 2016-10-03 16:20 - 0007633 _____ () C:\Users\MIOUTENTE\AppData\Local\Resmon.ResmonCfg
2013-09-05 11:04 - 2013-09-27 16:40 - 0001473 _____ () C:\Users\MIOUTENTE\AppData\Local\YourLog4NetViewer
2016-03-17 19:17 - 2016-03-17 19:17 - 0000000 _____ () C:\Users\MIOUTENTE\AppData\Local\{E14440F6-11B1-40C0-8370-EC4FEDB78B78}
2016-10-12 13:41 - 2016-10-12 13:41 - 0472533 _____ () C:\ProgramData\1476275876.bdinstall.bin
2013-04-15 17:45 - 2013-02-14 17:45 - 0000032 ____R () C:\ProgramData\hash.dat
2015-12-04 20:23 - 2015-12-04 20:23 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\MIOUTENTE\CryptDecrypt.exe


Some files in TEMP:
====================
C:\Users\MIOUTENTE\AppData\Local\Temp\sciter32.dll
C:\Users\Massimo\AppData\Local\Temp\3iphh4fd.dll
C:\Users\Massimo\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Massimo\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Massimo\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-11-04 00:52

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 17 November 2016 - 11:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632086 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 22 November 2016 - 11:15 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

Mod Edit:  Reopend per OP request rec'd via PM - Hamluis.


Edited by hamluis, 23 November 2016 - 10:41 AM.


#4 kay2000

kay2000
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 24 November 2016 - 10:28 AM

Hi!

I'm always here, needing for help!

I have a Windows CD.

Thank you very very much!

 

====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by MIOUTENTE (administrator) on PRECISION-PC (24-11-2016 16:21:52)
Running from C:\Users\MIOUTENTE\Downloads
Loaded Profiles: MIOUTENTE & MSSQLSERVER (Available Profiles: Massimo & MIOUTENTE & SQLSERVERAGENT & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
() C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(touchbyte GmbH) C:\Program Files (x86)\PhotoSync\PhotoSync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer\procexp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
() C:\Program Files\Notepad2\Notepad2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Martin Prikryl) C:\Program Files (x86)\WinSCP\WinSCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Notepad2\Notepad2.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-07-26] ()
HKLM\...\Run: [Essential Fax Print Controller] => C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe [115200 2009-09-01] ()
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2016-10-12] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-10-05] (Cisco Systems, Inc.)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Run: [Agente del Portafoglio di Bitdefender] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2016-10-12] (Bitdefender)
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {1fff5a6a-69d0-11e6-b62e-f71097ddbc50} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {1fff5a72-69d0-11e6-b62e-f71097ddbc50} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {66b06f9b-cc0c-11e5-b07a-b6342e47bd78} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {6828858b-7857-11e2-a914-90b11c68c3a4} - I:\WindowsUI\Autorun.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {6828859c-7857-11e2-a914-90b11c68c3a4} - I:\WindowsUI\Autorun.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {bf2834e5-5e80-11e2-813b-000af704232e} - H:\setup.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\MountPoints2: {d9f4f778-a4f6-11e5-b5c9-90b11c68c3a4} - F:\iLinker.exe
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
AppInit_DLLs-x32: AirfoilInject3.dll => C:\Windows\SysWOW64\AirfoilInject3.dll [165480 2013-03-27] ()
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2016-10-12] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk [2016-10-11]
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2016-10-11]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\MIOUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2016-10-11]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\UsersALTROUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EssentialFax.lnk [2013-03-30]
ShortcutTarget: EssentialFax.lnk -> C:\Program Files (x86)\EssentialFax\essfax.exe (Essential Fax Software)
Startup: C:\UsersALTROUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run Weather Display.lnk [2013-01-25]
ShortcutTarget: Run Weather Display.lnk -> C:\wdisplay\WeatherD.exe (Weather Display)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56098D7F-D894-4001-98A4-6A646E713972}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5A5B9C9-59E6-4E46-9D93-DEE7D2DEEC8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-862982903-2461117957-1333078475-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> DefaultScope {DB3CC957-0BFF-4458-B0E5-784E59D826F6} URL = hxxp://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> {602271E4-90D9-425F-AA54-7AB8995A1ADF} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> {DB3CC957-0BFF-4458-B0E5-784E59D826F6} URL = hxxp://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Portafoglio di Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: No Name -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Portafoglio di Bitdefender -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-10-12] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-10-12] (Bitdefender)
Toolbar: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-10-12] (Bitdefender)
IE Session Restore: HKU\S-1-5-21-862982903-2461117957-1333078475-1003 -> is enabled.
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://12.69.124.226:8910/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MIOUTENTE\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\zua452ou.default [2013-12-17]
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\zua452ou.default -> resource://webapp/openvpn.html
FF ProfilePath: C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default [2016-11-24]
FF user.js: detected! => C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\user.js [2014-05-11]
FF Homepage: Mozilla\Firefox\Profiles\xuep1xld.default -> hxxp://www.google.it
FF Session Restore: Mozilla\Firefox\Profiles\xuep1xld.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> http", "96.244.229.173"
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> http_port", 1520
FF NetworkProxy: Mozilla\Firefox\Profiles\xuep1xld.default -> type", 0
FF Extension: (Firebug) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (FirePHP) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2016-04-27]
FF Extension: (Xmarks) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\foxmarks@kei.com [2016-05-26]
FF Extension: (S3.Google Translator) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\s3google@translator.xpi [2016-10-22]
FF Extension: (Delicious Bookmarks) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2013-01-20] [not signed]
FF Extension: (Flashblock) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-03]
FF Extension: (gtranslate) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-14]
FF Extension: (Adblock Plus) - C:\Users\MIOUTENTE\AppData\Roaming\Mozilla\Firefox\Profiles\xuep1xld.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-08-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-08-07] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MIOUTENTE\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\MIOUTENTE\AppData\Roaming\IDM\idmmzcc5 [2016-10-12] [not signed]
FF HKU\S-1-5-21-862982903-2461117957-1333078475-1003\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-04-13] ()
FF Plugin HKU\S-1-5-21-862982903-2461117957-1333078475-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MIOUTENTE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Presentazioni Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-18]
CHR Extension: (Documenti Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-18]
CHR Extension: (Google Drive) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-18]
CHR Extension: (YouTube) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-18]
CHR Extension: (Fogli Google) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-18]
CHR Extension: (Google Documenti offline) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (IDM Integration Module) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-16]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-18]
CHR Extension: (Gmail) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\MIOUTENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AK910SwitchService; C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe [98304 2013-06-28] () [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2016-10-12] (Bitdefender)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation) [File not signed]
S2 DaciaCompat; C:\Program Files\DaciaCompat\daciacompat.exe [151344 2015-12-18] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-08-04] (The OpenVPN Project)
S3 Orfeo Service; C:\Users\MIOUTENTE\Documents\Visual Studio 2012\Projects\WindowsService2\WindowsService2\bin\Debug\WindowsService2.exe [8192 2013-10-11] (Microsoft) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [68760 2008-11-04] (SiSoftware) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2012-06-28] () [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2016-10-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2016-10-12] (Bitdefender)
S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2016-10-12] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2016-10-12] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2016-10-12] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2016-10-12] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2016-10-12] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2016-10-12] (BitDefender LLC)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-08] (Realtek Semiconductor Corp.)
S4 LMIRfsClientNP; no ImagePath
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-12-16] (Riverbed Technology, Inc.)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2016-10-12] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-10-05] (Cisco Systems, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 cpuz135; \??\C:\UsersALTROUTENTE\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [X]
S3 gwiopm; \??\C:\UsersALTROUTENTE\AppData\Local\Temp\HBCD\gwiopm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 secdrv; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-23 16:12 - 2016-11-24 16:21 - 00000000 ____D C:\Users\MIOUTENTE\Downloads\FRST-OlderVersion
2016-11-22 17:11 - 2016-11-22 17:43 - 00000000 ____D C:\Users\MIOUTENTE\Documents\Tenace
2016-11-20 23:37 - 2016-11-20 23:37 - 10689195 _____ C:\Users\MIOUTENTE\Downloads\24 storie di Natale - Caledario dell'Avvento.pdf
2016-11-20 17:53 - 2016-11-24 00:32 - 00000000 ____D C:\Users\MIOUTENTE\AppData\LocalLow\Mozilla
2016-11-18 01:36 - 2016-11-24 05:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-17 02:00 - 2016-11-23 02:00 - 00001748 _____ C:\Windows\ntbtlog.txt
2016-11-13 12:02 - 2016-11-13 12:02 - 00041399 _____ C:\Users\MIOUTENTE\Desktop\fsdfsdfsdfsdfsd.xspf
2016-11-12 15:54 - 2016-11-23 16:16 - 00090799 _____ C:\Users\MIOUTENTE\Downloads\Addition.txt
2016-11-12 15:53 - 2016-11-24 16:21 - 02412032 _____ (Farbar) C:\Users\MIOUTENTE\Downloads\FRST64.exe
2016-11-12 15:53 - 2016-11-24 16:21 - 00032902 _____ C:\Users\MIOUTENTE\Downloads\FRST.txt
2016-11-12 15:53 - 2016-11-24 16:21 - 00000000 ____D C:\FRST
2016-11-11 16:21 - 2016-11-11 23:13 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:47 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:21 - 02687418 _____ (Kephyr) C:\Users\MIOUTENTE\Downloads\freefixersetup.exe
2016-11-11 16:21 - 2016-11-11 16:21 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-11-11 16:21 - 2016-11-11 16:21 - 00000000 ____D C:\Program Files\FreeFixer
2016-11-11 11:57 - 2016-11-11 11:57 - 08270712 _____ (Piriform Ltd) C:\Users\MIOUTENTE\Downloads\ccsetup523.exe
2016-11-11 11:55 - 2016-11-11 11:55 - 02331784 _____ (OSHI Limited) C:\Users\MIOUTENTE\Downloads\Defender-Installer.exe
2016-11-10 11:53 - 2016-11-12 15:48 - 00000000 ____D C:\Users\MIOUTENTE\AppData\LocalLow\uTorrent
2016-11-07 18:17 - 2016-11-07 18:17 - 00012192 _____ C:\Users\MIOUTENTE\Downloads\160B94000018153_LBNFNC68A29L219H_CDAErogazione.xml
2016-11-06 22:41 - 2016-11-06 22:43 - 00000465 _____ C:\Users\MIOUTENTE\Downloads\client_secret_1030592891319-7i6m7qmg56dc1qr5vak5ojd79v8qslth.apps.googleusercontent.com.json
2016-11-06 22:34 - 2016-11-06 22:34 - 00210640 _____ C:\Users\MIOUTENTE\Downloads\PHPMailer-master.zip
2016-11-03 16:41 - 2016-11-03 16:59 - 00151220 _____ C:\Users\MIOUTENTE\Downloads\signup-email-verification.rar
2016-11-03 12:08 - 2016-11-03 12:08 - 00001138 _____ C:\Users\MIOUTENTE\Documents\offidius.it-Nov-2016.gz
2016-11-02 10:25 - 2016-11-02 10:25 - 00000000 ____D C:\Users\MIOUTENTE\Documents\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-24 16:06 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 16:06 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-24 15:55 - 2013-08-03 18:22 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-24 15:35 - 2015-12-17 20:55 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-24 00:55 - 2013-08-03 18:22 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-23 17:01 - 2012-12-23 09:52 - 00000600 _____ C:\Users\MIOUTENTE\AppData\Roaming\winscp.rnd
2016-11-23 16:04 - 2016-06-20 15:16 - 00000000 ____D C:\Users\MIOUTENTE\Desktop\OFFIDIUS
2016-11-22 14:05 - 2012-12-11 15:40 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\vlc
2016-11-22 13:08 - 2014-03-14 10:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-22 10:15 - 2014-05-13 10:54 - 00003135 _____ C:\Users\MIOUTENTE\Desktop\Matrimonio 20141011.lnk
2016-11-22 10:15 - 2013-02-28 11:07 - 01785344 ___SH C:\Users\MIOUTENTE\Desktop\Thumbs.db
2016-11-22 10:02 - 2010-11-21 16:30 - 00831254 _____ C:\Windows\system32\perfh010.dat
2016-11-22 10:02 - 2010-11-21 16:30 - 00182574 _____ C:\Windows\system32\perfc010.dat
2016-11-22 10:02 - 2009-07-14 06:13 - 01916454 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 10:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-21 15:52 - 2016-08-02 16:15 - 00000000 ____D C:\Users\SQLSERVERAGENT
2016-11-20 20:23 - 2013-11-29 20:37 - 00000000 ____D C:\ProgramData\TEMP
2016-11-19 05:54 - 2013-01-22 00:25 - 00000476 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2016-11-19 02:15 - 2013-09-04 18:46 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\TeamViewer
2016-11-18 02:27 - 2015-01-29 22:29 - 00115880 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-11-18 02:26 - 2015-07-24 18:21 - 00115880 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-11-18 00:53 - 2014-07-09 00:14 - 00298496 ___SH C:\Users\MIOUTENTE\Downloads\Thumbs.db
2016-11-16 13:12 - 2016-08-02 14:57 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\IDM
2016-11-16 13:12 - 2012-12-11 10:49 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\uTorrent
2016-11-16 13:11 - 2013-01-18 17:15 - 00000000 ___RD C:\Users\MIOUTENTE\Downloads\Torrent
2016-11-16 12:16 - 2012-12-11 11:44 - 00000206 _____ C:\Windows\Tasks\AutoKMS.job
2016-11-16 12:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-16 12:06 - 2016-08-26 16:06 - 00012637 _____ C:\bdlog.txt
2016-11-16 11:56 - 2015-02-24 12:02 - 00000000 ___RD C:\Users\MIOUTENTE\Desktop\Appunti da Desktop
2016-11-15 00:58 - 2016-08-29 11:52 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 12:08 - 2012-12-06 16:51 - 00000000 ____D C:\UsersALTROUTENTE
2016-11-13 11:43 - 2009-07-14 06:08 - 00032512 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-12 11:51 - 2013-05-27 22:36 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\dvdcss
2016-11-11 18:04 - 2016-10-11 17:26 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-11 11:59 - 2012-12-06 17:44 - 00000000 ___RD C:\Users\MIOUTENTE\Desktop\Link
2016-11-11 10:58 - 2013-01-27 12:32 - 00000000 ____D C:\Users\MSSQLSERVER
2016-11-11 10:55 - 2016-10-11 18:36 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-11 10:20 - 2016-10-11 18:36 - 01098627 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-10 02:37 - 2014-12-28 10:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 15:51 - 2013-08-03 18:22 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\Google
2016-11-09 07:39 - 2015-12-17 20:55 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-09 07:38 - 2012-11-29 09:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-09 07:38 - 2012-11-29 09:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-09 07:38 - 2012-11-29 09:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-09 07:37 - 2012-11-29 09:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-07 10:33 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-06 04:07 - 2015-12-11 18:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 15:02 - 2013-02-04 11:40 - 00000000 ____D C:\Users\MIOUTENTE\Documents\Visual Studio 2012
2016-11-02 18:14 - 2014-02-04 00:35 - 00384000 ___SH C:\Users\MIOUTENTE\Thumbs.db
2016-11-02 10:25 - 2012-12-06 17:05 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Roaming\Adobe
2016-10-30 00:00 - 2014-05-28 10:31 - 00000000 ____D C:\Users\MIOUTENTE\AppData\Local\ElevatedDiagnostics
2016-10-28 08:48 - 2016-10-11 18:36 - 00166677 _____ C:\Windows\ZAM.krnl.trace

==================== Files in the root of some directories =======

2013-02-06 10:52 - 2013-02-06 10:49 - 0000165 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-02-17 04:27 - 2013-02-17 04:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-02-12 16:52 - 2012-11-01 01:52 - 12845056 _____ () C:\Users\MIOUTENTE\AppData\Roaming\Sandra.mdb
2013-11-30 00:41 - 2013-12-02 12:59 - 0001674 _____ () C:\Users\MIOUTENTE\AppData\Roaming\SAS7_000.DAT
2012-12-23 09:52 - 2016-11-23 17:01 - 0000600 _____ () C:\Users\MIOUTENTE\AppData\Roaming\winscp.rnd
2014-03-12 11:11 - 2014-03-25 12:48 - 0036864 _____ () C:\Users\MIOUTENTE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-11 10:24 - 2016-10-19 13:00 - 0000600 _____ () C:\Users\MIOUTENTE\AppData\Local\PUTTY.RND
2013-05-23 23:45 - 2013-05-23 23:45 - 0000218 _____ () C:\Users\MIOUTENTE\AppData\Local\recently-used.xbel
2013-03-07 20:03 - 2016-10-03 16:20 - 0007633 _____ () C:\Users\MIOUTENTE\AppData\Local\Resmon.ResmonCfg
2013-09-05 11:04 - 2013-09-27 16:40 - 0001473 _____ () C:\Users\MIOUTENTE\AppData\Local\YourLog4NetViewer
2016-03-17 19:17 - 2016-03-17 19:17 - 0000000 _____ () C:\Users\MIOUTENTE\AppData\Local\{E14440F6-11B1-40C0-8370-EC4FEDB78B78}
2016-10-12 13:41 - 2016-10-12 13:41 - 0472533 _____ () C:\ProgramData\1476275876.bdinstall.bin
2013-04-15 17:45 - 2013-02-14 17:45 - 0000032 ____R () C:\ProgramData\hash.dat
2015-12-04 20:23 - 2015-12-04 20:23 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\MIOUTENTE\CryptDecrypt.exe


Some files in TEMP:
====================
C:\UsersALTROUTENTE\AppData\Local\Temp\3iphh4fd.dll
C:\UsersALTROUTENTE\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\UsersALTROUTENTE\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\UsersALTROUTENTE\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-11-24 01:47

==================== End of FRST.txt ============================



#5 kay2000

kay2000
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 25 November 2016 - 10:01 AM

Is there someone that can help me?

 

Kay*






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users