Olimpo Informatico

[tinocorvo]

Ciao ragazzi, scusate stamattina su facebook mi arriva una notifica da parte di un amico di un filmato. Aprendolo, guardo il film ma subito dopo facebook mi chiede di inserire le mie credenziali. Faccio la solita procedura ma non mi fa entrare e mi esce questa finestra:
"Sembra che il tuo computer sia stato infettato da malware. Ti aiuteremo a risolvere il problema in modo da proteggere il tuo account e evitare che il malware venga diffuso ai computer dei tuoi amici.
Il malware è un software che prova a rubare le informazioni personali e causa problemi quando usi Facebook. Se clicchi su link che contengono SPAM o li condivi, il tuo computer potrebbe essere infettato da malware."Per ripulire il tuo computer, dovrai scaricare ed eseguire questo scanner gratuito, Trend Micro HouseCall che controllerà la presenza di malware e lo rimuoverà.
Cliccando su Download, accetti le Condizioni di Trend Micro HouseCall." l'ho scaricato ma nulla ho fatto anche scansione con Avast antivirus; spybot; Malwarebyte anti malware, ma nulla non risulta alcuna imperfezione. Premetto che ho problemi a far partire il sistema in modalità provvisoria con l'f8 ma questo da sempre e non a causa del presunto malware, in quanto volevo far scansione in detta modalità. Premetto che sono un principiante in informatica e se qualcuno mi aiuta gli chiederei la cortesia di parlarmi in maniera elementare. Grazie per eventuali aiuti.. - See more at: http://forum.zeusnews.com/viewtopic.php?p=662635#662635

[tinocorvo]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Ran by Tino (administrator) on TINO-PC (01-05-2016 15:38:32)
Running from C:\Users\Tino\Downloads
Loaded Profiles: Tino (Available Profiles: Tino)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Betica Ltd) C:\Program Files\Burraconline\BurracoClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tino\Downloads\FRST-2016.exe
(Farbar) C:\Users\Tino\Downloads\FRST-2016.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NBAgent] => C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2361581211-3925583089-3806589283-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2361581211-3925583089-3806589283-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2361581211-3925583089-3806589283-1000\...\MountPoints2: {de64f49e-f0e3-11e5-9869-001966608a9e} - K:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-10-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-16] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52BA28F7-7BCB-4584-9D2C-75A627FBFF66}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2361581211-3925583089-3806589283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2361581211-3925583089-3806589283-1000 -> {B2B9643D-B07C-45C7-8BA3-BBE486AD6E7C} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-10-23] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-16]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.it/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxps://www.google.it/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://it.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search Center) - C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbnhopmdfhncoecbioomlbknpjknkjg [2016-05-01]
CHR Extension: (Avast Online Security) - C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Yahoo Web) - C:\Users\Tino\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-11-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-16]
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-16] (AVAST Software)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-16] (AVAST Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 15:38 - 2016-05-01 15:39 - 00013480 _____ C:\Users\Tino\Downloads\FRST.txt
2016-05-01 15:38 - 2016-05-01 15:38 - 00000000 ____D C:\FRST
2016-05-01 15:36 - 2016-05-01 15:36 - 01728000 _____ (Farbar) C:\Users\Tino\Downloads\FRST-2016.exe
2016-05-01 14:20 - 2016-05-01 14:20 - 00269951 _____ C:\Users\Tino\AppData\Local\census.cache
2016-05-01 14:20 - 2016-05-01 14:20 - 00121331 _____ C:\Users\Tino\AppData\Local\ars.cache
2016-05-01 13:43 - 2016-05-01 13:43 - 00000036 _____ C:\Users\Tino\AppData\Local\housecall.guid.cache
2016-05-01 13:42 - 2016-05-01 13:42 - 02002944 _____ (Trend Micro Inc.) C:\Users\Tino\Downloads\HousecallLauncher.exe
2016-05-01 13:42 - 2016-05-01 13:42 - 02002944 _____ (Trend Micro Inc.) C:\Users\Tino\Downloads\HousecallLauncher (1).exe
2016-04-30 08:14 - 2016-04-30 08:14 - 00248413 _____ C:\Users\Tino\Downloads\MARIO PATRIZIA sst (2).pdf
2016-04-29 21:29 - 2016-04-29 21:29 - 00248413 _____ C:\Users\Tino\Desktop\MARIO PATRIZIA sst.pdf
2016-04-29 21:28 - 2016-04-29 21:28 - 00248413 _____ C:\Users\Tino\Downloads\MARIO PATRIZIA sst (1).pdf
2016-04-29 21:22 - 2016-04-29 21:22 - 00248413 _____ C:\Users\Tino\Downloads\MARIO PATRIZIA sst.pdf
2016-04-27 21:45 - 2016-04-27 21:45 - 00032598 _____ C:\Users\Tino\Downloads\img20160427_21022906.pdf
2016-04-22 15:52 - 2016-04-22 15:52 - 00215209 _____ C:\Users\Tino\Desktop\287754421.html
2016-04-22 15:52 - 2016-04-22 15:52 - 00000000 ____D C:\Users\Tino\Desktop\287754421_files
2016-04-21 22:41 - 2016-04-21 22:41 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-20 23:51 - 2016-04-20 23:51 - 00115868 _____ C:\Users\Tino\Desktop\Disconoscimento_PP (1).pdf
2016-04-20 23:48 - 2016-04-20 23:48 - 00115868 _____ C:\Users\Tino\Downloads\Disconoscimento_PP.pdf
2016-04-19 22:37 - 2016-04-19 22:37 - 00190464 _____ C:\Users\Tino\Downloads\Lista-Usato-19-04-16.xls
2016-04-17 18:05 - 2016-04-17 18:05 - 00000351 _____ C:\Users\Tino\Downloads\ATT0 (3).dat
2016-04-16 14:43 - 2016-04-16 14:43 - 00186076 _____ C:\Users\Tino\Desktop\Modello.pdf
2016-04-16 14:42 - 2016-04-16 14:42 - 00186076 _____ C:\Users\Tino\Downloads\Modello.pdf
2016-04-15 10:13 - 2016-04-15 10:14 - 00035305 _____ C:\Users\Tino\Downloads\estrattocontoitaliadettaglio (21).pdf
2016-04-13 14:35 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 14:35 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 14:35 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 14:34 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-13 14:34 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 14:34 - 2016-03-18 00:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 14:34 - 2016-03-18 00:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 14:34 - 2016-03-18 00:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 14:34 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 14:34 - 2016-03-18 00:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 14:34 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 14:34 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 14:34 - 2016-03-18 00:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 14:34 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 14:34 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 14:34 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 14:34 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 14:34 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 14:34 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 14:34 - 2016-03-18 00:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 14:34 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 14:34 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 14:34 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 14:34 - 2016-03-18 00:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 14:34 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 14:34 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 14:34 - 2016-03-17 23:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 14:34 - 2016-03-17 23:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 14:34 - 2016-03-17 23:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 14:34 - 2016-03-17 23:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 14:34 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 14:34 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 14:34 - 2016-03-17 23:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 14:34 - 2016-03-17 23:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 14:34 - 2016-03-17 23:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 14:34 - 2016-03-17 23:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 14:34 - 2016-03-17 23:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 14:34 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 14:34 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 14:34 - 2016-03-17 23:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 14:34 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 14:34 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 14:34 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 14:34 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 14:33 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 14:33 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 14:33 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 14:33 - 2016-03-31 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 14:33 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 14:33 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 14:33 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 14:33 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 14:33 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 14:33 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 14:33 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 14:33 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 14:33 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 14:33 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 14:33 - 2016-03-31 01:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 14:33 - 2016-03-31 01:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 14:33 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 14:33 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 14:33 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 14:33 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 14:33 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 14:33 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 14:33 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 14:33 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 14:33 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 14:33 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 14:33 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 14:33 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 14:33 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 14:33 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 14:33 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 14:33 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 14:33 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 14:32 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 14:32 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 14:31 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 14:31 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 14:31 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 14:30 - 2016-04-04 19:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 14:30 - 2016-04-04 19:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 14:30 - 2016-04-02 15:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 14:30 - 2016-03-29 19:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 14:30 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 14:30 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 14:30 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 14:30 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 14:30 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 14:30 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 14:30 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 14:30 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 14:30 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 14:30 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 14:30 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-02 15:31 - 2016-04-02 15:31 - 00035643 _____ C:\Users\Tino\Downloads\estrattocontoitaliadettaglio (20).pdf
2016-04-02 15:30 - 2016-04-02 15:30 - 00035265 _____ C:\Users\Tino\Downloads\estrattocontoitaliadettaglio (19).pdf
2016-04-02 15:29 - 2016-04-02 15:29 - 00035261 _____ C:\Users\Tino\Downloads\estrattocontoitaliadettaglio (18).pdf
2016-04-02 15:22 - 2016-04-02 15:22 - 00035262 _____ C:\Users\Tino\Downloads\estrattocontoitaliadettaglio (17).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 15:35 - 2015-10-01 17:54 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-01 14:49 - 2015-10-01 17:50 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-01 14:33 - 2009-07-14 06:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-01 14:33 - 2009-07-14 06:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-01 14:25 - 2015-10-01 17:50 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-01 14:25 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-01 11:53 - 2015-10-02 17:24 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 11:48 - 2015-10-12 23:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-04-28 21:56 - 2015-10-01 17:50 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-25 20:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-04-25 20:04 - 2016-01-22 14:05 - 00000000 ____D C:\Users\Tino\Desktop\S.Giovanni di Dio
2016-04-23 13:43 - 2015-10-29 17:03 - 00000000 ____D C:\Users\Tino\AppData\Local\CrashDumps
2016-04-22 09:57 - 2015-10-01 17:11 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 22:44 - 2015-10-03 19:30 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 22:41 - 2015-10-03 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 22:41 - 2015-10-03 19:30 - 00000000 ____D C:\Program Files\Java
2016-04-21 22:40 - 2015-10-03 19:31 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-21 22:40 - 2015-10-03 19:31 - 00000000 ____D C:\Users\Tino\.oracle_jre_usage
2016-04-15 11:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2016-04-14 10:18 - 2015-12-09 19:41 - 01659852 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 10:18 - 2009-07-14 10:21 - 00741062 _____ C:\Windows\system32\perfh010.dat
2016-04-14 10:18 - 2009-07-14 10:21 - 00147116 _____ C:\Windows\system32\perfc010.dat
2016-04-14 10:08 - 2009-07-14 06:33 - 00408552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 10:06 - 2015-10-01 21:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-14 00:56 - 2015-10-01 21:13 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 00:49 - 2015-10-01 21:13 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 14:24 - 2015-10-30 12:03 - 00000000 ___HD C:\Users\Tino\Desktop\Conservazione automatica Corel
2016-04-07 21:36 - 2015-10-01 17:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-07 21:36 - 2015-10-01 17:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-05-01 14:20 - 2016-05-01 14:20 - 0121331 _____ () C:\Users\Tino\AppData\Local\ars.cache
2016-05-01 14:20 - 2016-05-01 14:20 - 0269951 _____ () C:\Users\Tino\AppData\Local\census.cache
2015-10-01 18:26 - 2015-12-15 22:00 - 0004608 _____ () C:\Users\Tino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-01 13:43 - 2016-05-01 13:43 - 0000036 _____ () C:\Users\Tino\AppData\Local\housecall.guid.cache

Some files in TEMP:
====================
C:\Users\Tino\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Tino\AppData\Local\Temp\kernel32.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-30 00:43

==================== End of FRST.txt ============================

[tinocorvo]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by Tino (2016-05-01 15:40:42)
Running from C:\Users\Tino\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-12-09 17:40:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2361581211-3925583089-3806589283-500 - Administrator - Disabled)
Guest (S-1-5-21-2361581211-3925583089-3806589283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2361581211-3925583089-3806589283-1002 - Limited - Enabled)
Tino (S-1-5-21-2361581211-3925583089-3806589283-1000 - Administrator - Enabled) => C:\Users\Tino

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
Burraconline 4.53 (HKLM\...\Burraconline) (Version: 4.53 - Betica LTD)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
Canon MX370 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series) (Version: - Canon Inc.)
Canon MX370 series On-screen Manual (HKLM\...\Canon MX370 series On-screen Manual) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utility Selezione rapida (HKLM\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)
Centro gestione Mouse e Tastiere Microsoft (Version: 2.7.133.0 - Microsoft Corporation) Hidden
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.1.0.10 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
High-Definition Video Playback (Version: 7.3.10800.5.0 - Nero AG) Hidden
ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM\...\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) (HKLM\...\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}) (Version: - Microsoft)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM\...\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version: - Microsoft)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM\...\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version: - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.6.10200.1.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero MediaHome Free (HKLM\...\{37F879C7-BAEC-47F8-AB0C-C0AFA8FEEAD0}) (Version: 17.0.00600 - Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11300 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Prerequisite installer (Version: 17.0.0002 - Nero AG) Hidden
PSPPContent (Version: 15.1.0.9 - Corel Corporation) Hidden
PSPPHelp (Version: 15.0.0.183 - Corel Corporation) Hidden
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Registrazione utente Canon MX370 series (HKLM\...\Registrazione utente Canon MX370 series) (Version: - )
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Setup (Version: 15.0.0.183 - Nome società) Hidden
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {085890A3-E8D6-4457-B86E-1F13E1279799} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {1497DD7A-2C1E-4E90-8F05-640BEA419DB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {1CC16907-2219-4DED-878A-3421B09DEF95} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft)
Task: {25CC8BC9-C0F9-4FAF-889F-094E80F3460F} - System32\Tasks\AsrAPPShop => C:\Program Files\ASRock Utility\APP Shop\AsrAPPShop.exe
Task: {376FA644-D5C9-4E34-A197-32667EFF0560} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {41E60207-00DD-464C-8907-F29D61C7CBD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4BDF9A85-3C8C-4E7E-BD33-19F00C9F0534} - System32\Tasks\{2FB4618C-FF34-4A66-B700-6C1598192AFB} => pcalua.exe -a "C:\Users\Tino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUY7FX5I\JavaSetup8u60[1].exe" -d C:\Users\Tino\Desktop
Task: {4F1D125D-C2C6-4790-A362-5DB22586C14E} - System32\Tasks\SafeZone scheduled Autoupdate 1458768698 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {597C0E8E-82E1-4714-9A3C-95D362518C9F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5FEF5420-1A24-49E9-93E2-4316DCD85191} - System32\Tasks\{D9D50FB5-E287-47D9-944D-A06C1094599C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/it/abandoninstall?page=tsPlugin
Task: {6EF01B54-4B2D-4B5D-8AAB-B41FAA6FFB10} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {7A6C6BA0-05D6-4600-A85E-D7689F2848E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {86E5FF9B-199E-47F6-98BF-027BD827E8D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {92D7FA09-C58D-40BD-BAA1-6FD8FC592026} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {999B0321-8678-4177-9656-33629CA4E246} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {A99EEA3F-4E94-4D6C-928C-35F4901A7A8C} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {BE6E50AE-3B91-4CC7-A1F7-FFEF660DD8D9} - System32\Tasks\SafeZone scheduled Autoupdate 1449835865 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {EABE7E07-11BC-4B9C-8723-129C6715C662} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {EAFA1BB1-0606-43EE-B129-4119CEFC7ECA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {EBE55479-8388-4260-ABB7-8704D1CFA55F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-16] (AVAST Software)
Task: {EFFF7A62-8B84-4775-A385-ED6FF10AF980} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-16 22:34 - 2016-02-16 22:34 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-16 22:34 - 2016-02-16 22:34 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-01 11:50 - 2016-05-01 11:50 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050100\algo.dll
2016-04-14 14:22 - 2016-04-14 14:22 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-10-30 22:35 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-30 22:35 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-30 22:35 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-30 22:35 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-30 22:35 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-11 14:05 - 2015-12-11 14:05 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-16 21:33 - 2015-09-16 21:33 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2016-04-28 21:55 - 2016-04-28 01:25 - 17536664 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2361581211-3925583089-3806589283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tino\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EC28632A-2EF3-4C42-A1ED-D6A3EE735623}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A09CF92-615F-49B4-B4FA-8A59F510C5D6}] => (Allow) LPort=2869
FirewallRules: [{8F6CADE0-1F05-4AC9-949A-55799CE414D9}] => (Allow) LPort=1900
FirewallRules: [{7982697A-64F2-4C11-B585-2DFCC9D04484}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{08D16E26-222D-4754-9C89-6D00FB1F8CC1}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{9AE49E27-0C7C-409A-ABAE-7C9D08E3123E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FE0DBB51-FBD3-4B6B-9F2F-1F2D9B2F56CF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-04-2016 00:45:55 Windows Update
18-04-2016 01:18:46 Windows Update
21-04-2016 14:56:02 Windows Update
25-04-2016 10:19:20 Windows Update
28-04-2016 21:24:50 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2016 10:16:32 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Servizio Windows Search: impossibile creare il nuovo indice di ricerca. Errore interno <4, 0x8004117f, Impossibile aggiungere il progetto: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (04/30/2016 10:16:32 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Impossibile aprire l'archivio di proprietà di Jet.

Dettagli:
0x%08x (0x8004117f - Impossibile aggiornare o accedere alle informazioni a causa di un errore del database. Interrompere e riavviare il servizio di ricerca. Se il problema persiste, reimpostare l'indice di contenuto e rieseguire la ricerca per indicizzazione. In alcuni casi potrebbe essere necessario eliminare e ricreare l'indice di contenuto. (HRESULT : 0x8004117f))

Error: (04/30/2016 10:16:31 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows (5464) Windows: Tentativo di eliminazione del file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di eliminazione file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (04/30/2016 10:16:21 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (5464) Windows: Tentativo di apertura del file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" per accesso lettura e scrittura non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (04/30/2016 10:14:29 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, The catalog is corrupt.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2016 10:14:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2016 10:14:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2016 10:14:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2016 10:14:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossibile inizializzare il plug-in <Search.TripoliIndexer>.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Impossibile trovare elemento. (HRESULT : 0x80070490) (0x80070490)

Error: (04/30/2016 10:14:28 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossibile inizializzare il plug-in <Search.JetPropStore>.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/01/2016 02:24:58 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Alcune funzionalità di risparmio energia per le prestazioni del processore sono state disattivate per un problema di firmware noto. Per ottenere il firmware aggiornato, rivolgersi al produttore del computer.

Error: (05/01/2016 01:33:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/01/2016 11:49:25 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Alcune funzionalità di risparmio energia per le prestazioni del processore sono state disattivate per un problema di firmware noto. Per ottenere il firmware aggiornato, rivolgersi al produttore del computer.

Error: (05/01/2016 10:13:06 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Alcune funzionalità di risparmio energia per le prestazioni del processore sono state disattivate per un problema di firmware noto. Per ottenere il firmware aggiornato, rivolgersi al produttore del computer.

Error: (04/30/2016 11:54:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/30/2016 10:16:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (04/30/2016 10:16:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147217025.

Error: (04/30/2016 10:14:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (04/30/2016 10:14:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-1073473535.

Error: (04/30/2016 10:13:06 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Alcune funzionalità di risparmio energia per le prestazioni del processore sono state disattivate per un problema di firmware noto. Per ottenere il firmware aggiornato, rivolgersi al produttore del computer.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 78%
Total physical RAM: 2039.3 MB
Available physical RAM: 428.74 MB
Total Virtual: 4078.61 MB
Available Virtual: 2088.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:204.98 GB) (Free:161.19 GB) NTFS
Drive d: () (Fixed) (Total:260.68 GB) (Free:260.55 GB) NTFS
Drive j: (KINGSTON) (Removable) (Total:14.48 GB) (Free:13.36 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6195A6BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=260.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 5.
Disk 5 is a removable device.

==================== End of Addition.txt ============================
Spero di aver fatto bene..

[R16]

Non vedo infezioni sui log.
Hai 2 antivirus (Avast e MSE) di cui dovresti eliminarne 1.
Ma come funziona il pc? (a parte non entrare in modalità provvisoria)

[tinocorvo]

il pc va molto bene e comunque a me non mi fa entrare piu su facebook ma per il resto mi apre tutto. Non sapevo di avere mse

[tinocorvo]

scusa cosa sarebbe mse nei programmi non me lo da

[tinocorvo]

Microsoft Security Essentials ok trovato.. quindi quale mi conviene togliere?

[R16]

Forse si tratta di "rimasugli" dell'antivirus della Microsoft.
Comunque disinstalla SpyBot, e tieni Malwarebytes che è migliore.

[tinocorvo]

Scusa forse mi son spiegato male io. Quando mi è arrivato il filmato che ho aperto e visto, al termine mi è partita la pagina di fb e tutt'ora non mi fa piu entrare. Inoltre ho notato che il filmato era indirizzato non solo a me ma anche a centinaia di suoi amici e quindi in seguito ho capito che era un virus che si generava con l'apertura dell file. Inoltre un amico subito dopo mi ha mandato un mess tramite cel, avvisandomi che stavo mandando virus a tutti i miei amici tramite un filmato.Quindi ho dedotto che avevo attivato anc'io questa catena di virus..

[R16]

[tinocorvo]

no perchè subito dopo averlo visto mi ha buttato fuori, cmq con il cel riesco a rientrare tranquillamente vederò se riesco da li a cancellarlo e cmq ero su fb quando l'ho aperto..

[R16]

[tinocorvo]

cmq se puo servire a risolvere, ho provato a cambiare browser da google crome a internet explorer e mi lascia entrare.. quindi dovrò mettere la croce a google?

[R16]

Allora è Google Crome che è infetto.
Disinstallalo così:
link
Ricorda anche di mettere la spunta a:seleziona la casella di controllo "Eliminare anche i tuoi dati di navigazione?". e clicca OK.
Riavvia il pc.
Fai una pulizia con CCleaner compreso il registro.
Reinstalla Crome:
link
Vedi se funziona.