Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized processes copy my files


  • This topic is locked This topic is locked
12 replies to this topic

#1 Blaze1206

Blaze1206

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 10 May 2015 - 01:48 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Danilo (administrator) on DANILO on 10-05-2015 20:20:10
Running from C:\Users\Danilo\Desktop
Loaded Profiles: Danilo (Available profiles: Danilo)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2015-05-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKU\S-1-5-21-3451001620-2923232768-3836088574-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Danilo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danilo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3451001620-2923232768-3836088574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3451001620-2923232768-3836088574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3451001620-2923232768-3836088574-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250
 
FireFox:
========
FF ProfilePath: C:\Users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\26h01hub.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-05-02] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-05-02] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-05-02] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\26h01hub.default\user.js [2015-05-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-05-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Google Docs) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02]
CHR Extension: (YouTube) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02]
CHR Extension: (Google Search) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02]
CHR Extension: (Kaspersky Protection) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-02]
CHR Extension: (Google Sheets) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (AdBlock) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-02]
CHR Extension: (Bookmark Manager) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02]
CHR Extension: (Google Wallet) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02]
CHR Extension: (Gmail) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-05-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-07] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [56008 2015-05-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247496 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [824008 2015-05-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [31432 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69320 2014-11-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2015-05-03] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 20:20 - 2015-05-10 20:20 - 00019766 _____ () C:\Users\Danilo\Desktop\FRST.txt
2015-05-10 20:18 - 2015-05-10 20:18 - 02102784 _____ (Farbar) C:\Users\Danilo\Desktop\FRST64.exe
2015-05-10 18:19 - 2015-05-10 18:19 - 00852630 _____ () C:\Users\Danilo\Desktop\SecurityCheck.exe
2015-05-10 18:14 - 2015-05-10 18:18 - 00032379 _____ () C:\Users\Danilo\Desktop\Result.txt
2015-05-10 18:07 - 2015-05-10 18:07 - 00402944 _____ (Farbar) C:\Users\Danilo\Desktop\MiniToolBox.exe
2015-05-10 17:00 - 2015-05-10 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-10 16:58 - 2015-05-10 17:30 - 00000000 ____D () C:\Users\Danilo\Desktop\mbar
2015-05-10 16:58 - 2015-05-10 16:58 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Danilo\Desktop\mbar-1.09.1.1004.exe
2015-05-10 15:03 - 2015-05-10 15:03 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{79C2714F-3AE9-476B-A11C-231A883C74CE}
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 __SHD () C:\Users\Danilo\AppData\Local\EmieUserList
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 __SHD () C:\Users\Danilo\AppData\Local\EmieSiteList
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 __SHD () C:\Users\Danilo\AppData\Local\EmieBrowserModeList
2015-05-10 14:29 - 2015-05-10 14:29 - 01190415 _____ () C:\Users\Danilo\Desktop\ProcessExplorer.zip
2015-05-10 14:29 - 2015-05-10 14:29 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\WinRAR
2015-05-10 14:29 - 2015-03-09 15:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\Danilo\Desktop\procexp.exe
2015-05-10 14:29 - 2014-06-28 16:47 - 00002028 _____ () C:\Users\Danilo\Desktop\Eula.txt
2015-05-10 14:29 - 2012-10-15 06:23 - 00072154 _____ () C:\Users\Danilo\Desktop\procexp.chm
2015-05-10 10:26 - 2015-05-10 10:26 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-09 17:53 - 2013-11-15 14:45 - 00009000 _____ (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-05-09 16:09 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-05-08 13:10 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-05-08 13:10 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-05-08 13:10 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-05-08 13:10 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-05-08 13:10 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-05-08 13:10 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-05-08 13:09 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-05-08 13:09 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-05-08 13:09 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-05-07 13:58 - 2015-05-07 13:58 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-05-07 13:58 - 2015-05-07 13:58 - 00000000 __SHD () C:\Recovery
2015-05-07 13:57 - 2015-05-07 13:35 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-07 13:56 - 2015-05-07 13:56 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-05-07 13:56 - 2015-05-07 13:56 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-05-07 13:56 - 2015-05-07 13:56 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-05-07 13:55 - 2015-05-07 13:55 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-05-07 13:55 - 2015-05-07 13:55 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-07 13:55 - 2015-05-07 13:55 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-05-07 13:55 - 2015-05-07 13:55 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-07 13:54 - 2015-05-07 13:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-07 13:54 - 2015-05-07 13:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-07 13:53 - 2015-05-07 13:53 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-05-07 13:53 - 2015-05-07 13:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-05-07 13:53 - 2015-05-07 13:53 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-05-07 13:53 - 2015-05-07 13:53 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-05-07 13:53 - 2015-05-07 13:53 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-05-07 13:53 - 2015-05-07 13:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-05-07 13:53 - 2015-05-07 13:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-05-07 13:52 - 2015-05-08 12:57 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-07 13:52 - 2015-05-07 13:52 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-05-07 13:52 - 2015-05-07 13:52 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-05-07 13:52 - 2015-05-07 13:52 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-05-07 13:52 - 2015-05-07 13:52 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-05-07 13:52 - 2015-05-07 13:52 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-05-07 13:52 - 2015-05-07 13:52 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-05-07 13:52 - 2015-05-07 13:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-05-07 13:52 - 2015-05-07 13:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-07 13:51 - 2015-05-07 13:51 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-07 13:51 - 2015-05-07 13:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-07 13:51 - 2015-05-07 13:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-05-07 13:51 - 2015-05-07 13:51 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-05-07 13:51 - 2015-05-07 13:51 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-05-07 13:50 - 2015-05-07 13:50 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-05-07 13:50 - 2015-05-07 13:50 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-05-07 13:50 - 2015-05-07 13:50 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-05-07 13:50 - 2015-05-07 13:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-05-07 13:50 - 2015-05-07 13:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-05-07 13:50 - 2015-05-07 13:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-07 13:49 - 2015-05-07 13:49 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-07 13:49 - 2015-05-07 13:49 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-07 13:49 - 2015-05-07 13:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-07 13:48 - 2015-05-07 13:48 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-05-07 13:48 - 2015-05-07 13:48 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-07 13:48 - 2015-05-07 13:48 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-07 13:47 - 2015-05-07 13:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-05-07 13:47 - 2015-05-07 13:47 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-05-07 13:47 - 2015-05-07 13:47 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-05-07 13:47 - 2015-05-07 13:47 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-05-07 13:47 - 2015-05-07 13:47 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-07 13:46 - 2015-05-07 13:46 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-05-07 13:46 - 2015-05-07 13:46 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-05-07 13:46 - 2015-05-07 13:46 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-05-07 13:46 - 2015-05-07 13:46 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-05-07 13:46 - 2015-05-07 13:46 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-05-07 13:46 - 2015-05-07 13:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-07 13:43 - 2015-05-07 13:43 - 00000000 ____D () C:\inetpub
2015-05-07 13:42 - 2015-05-07 13:42 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-07 13:42 - 2015-05-07 13:42 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-07 13:42 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-05-07 13:42 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-07 13:42 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-05-07 13:42 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-07 13:39 - 2015-05-10 16:42 - 00000000 ____D () C:\Users\Danilo\OneDrive
2015-05-07 13:35 - 2015-05-07 13:35 - 00001426 _____ () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 13:34 - 2015-05-07 13:34 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-05-07 13:34 - 2015-05-07 13:34 - 00000020 ___SH () C:\Users\Danilo\ntuser.ini
2015-05-07 13:34 - 2014-07-21 22:03 - 00036096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Risorse di stampa
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Risorse di rete
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Recenti
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Modelli
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Menu Avvio
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Impostazioni locali
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Documents\Video
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Documents\Musica
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Documents\Immagini
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Documenti
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\Dati applicazioni
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dati applicazioni
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Cronologia
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\Documents\Video
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\Documents\Musica
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\Documents\Immagini
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dati applicazioni
2015-05-07 13:31 - 2015-05-07 13:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Cronologia
2015-05-07 13:30 - 2015-05-07 13:30 - 00022928 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-05-07 13:18 - 2015-05-07 13:18 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-07 13:15 - 2015-05-07 13:15 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-05-07 13:14 - 2015-05-07 13:39 - 00000000 ____D () C:\Users\Danilo
2015-05-07 13:14 - 2015-05-07 13:31 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2015-05-07 13:14 - 2015-05-07 13:31 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2015-05-07 13:14 - 2015-05-07 13:15 - 00000000 ___RD () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Risorse di stampa
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Risorse di rete
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Recenti
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Modelli
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Menu Avvio
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Impostazioni locali
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Documents\Video
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Documents\Musica
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Documents\Immagini
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Documenti
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\Dati applicazioni
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\AppData\Local\Dati applicazioni
2015-05-07 13:14 - 2015-05-07 13:14 - 00000000 _SHDL () C:\Users\Danilo\AppData\Local\Cronologia
2015-05-07 13:14 - 2014-11-21 12:58 - 00000000 ___RD () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-07 13:14 - 2014-11-21 12:58 - 00000000 ___RD () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-07 13:14 - 2014-11-21 05:26 - 00000369 _____ () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-07 13:14 - 2014-11-21 05:26 - 00000369 _____ () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-07 13:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-07 13:10 - 2015-05-07 13:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-07 13:07 - 2015-05-07 13:07 - 01947050 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-05-07 13:06 - 2015-05-07 13:15 - 00012096 _____ () C:\WINDOWS\iis.log
2015-05-07 13:03 - 2015-05-07 13:20 - 00000000 ____D () C:\Program Files\IDT
2015-05-07 13:03 - 2015-05-07 13:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-05-07 13:03 - 2015-05-07 13:03 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2015-05-07 13:03 - 2012-08-20 07:45 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-05-07 13:03 - 2012-08-20 07:45 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-05-07 13:03 - 2012-08-20 07:45 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-05-07 13:03 - 2011-05-03 00:27 - 03308376 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2015-05-07 13:03 - 2011-05-03 00:27 - 00426328 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2015-05-07 13:03 - 2011-05-03 00:27 - 00136024 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2015-05-07 13:03 - 2011-05-03 00:27 - 00118104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2015-05-07 13:02 - 2015-05-07 13:16 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-05-07 13:02 - 2015-05-07 13:02 - 00060601 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201505071302486530.log
2015-05-07 13:02 - 2015-05-07 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-07 13:02 - 2015-05-07 13:02 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-07 13:01 - 2015-05-10 19:19 - 02061162 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-07 13:01 - 2015-05-07 13:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-07 13:01 - 2015-05-07 13:01 - 00001330 _____ () C:\WINDOWS\system32\RaCoInst.log
2015-05-07 13:01 - 2015-05-07 13:01 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-05-07 13:01 - 2015-05-07 13:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-05-07 13:01 - 2015-05-07 13:01 - 00000000 ____D () C:\Program Files\AMD
2015-05-07 13:01 - 2015-05-07 13:01 - 00000000 ____D () C:\AMD
2015-05-07 13:00 - 2015-05-07 13:00 - 00000000 ____D () C:\Program Files\Synaptics
2015-05-07 12:24 - 2015-05-07 13:31 - 00006616 _____ () C:\WINDOWS\comsetup.log
2015-05-06 22:43 - 2015-05-06 22:43 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Macromedia
2015-05-06 13:44 - 2015-05-07 13:46 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-05-05 12:23 - 2015-03-04 09:26 - 00011105 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-05-04 22:40 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-05-04 22:35 - 2015-05-04 22:35 - 00000000 ____D () C:\Program Files (x86)\BrownyInd
2015-05-04 22:35 - 2015-05-04 22:35 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-05-04 22:35 - 2015-05-04 22:35 - 00000000 ____D () C:\Brother
2015-05-04 22:35 - 2012-12-14 03:31 - 00180224 _____ (Brother Industries, Ltd.) C:\WINDOWS\SysWOW64\BROSNMP.DLL
2015-05-04 22:35 - 2012-12-14 03:31 - 00113744 _____ (Brother Industries Ltd) C:\WINDOWS\SysWOW64\BRRBTOOL.EXE
2015-05-04 22:35 - 2012-12-14 03:31 - 00077824 _____ (Brother Industries, Ltd.) C:\WINDOWS\SysWOW64\BRLMW03A.DLL
2015-05-04 22:35 - 2012-12-14 03:31 - 00045056 _____ () C:\WINDOWS\SysWOW64\BRTCPCON.DLL
2015-05-04 22:35 - 2012-12-14 03:31 - 00025299 _____ (Brother Industries, Ltd) C:\WINDOWS\SysWOW64\BRLM03A.DLL
2015-05-04 22:35 - 2012-12-14 03:31 - 00000114 _____ () C:\WINDOWS\SysWOW64\BRLMW03A.INI
2015-05-04 22:34 - 2015-05-04 22:35 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-05-04 22:34 - 2012-12-14 03:29 - 00000050 _____ () C:\WINDOWS\system32\BRADM12A.DAT
2015-05-04 22:34 - 2012-12-13 18:00 - 00226816 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BRCOM12A.DLL
2015-05-04 22:33 - 2015-05-04 22:40 - 00000000 ____D () C:\ProgramData\Brother
2015-05-04 22:33 - 2015-05-04 22:33 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\InstallShield
2015-05-04 15:15 - 2015-05-04 15:15 - 00000000 ____D () C:\sources
2015-05-04 14:35 - 2015-05-08 17:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-04 14:20 - 2015-05-04 14:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-04 14:20 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-03 18:10 - 2015-05-10 20:20 - 00000000 ____D () C:\FRST
2015-05-03 16:04 - 2015-05-03 16:16 - 00000000 ____D () C:\ProgramData\STOPzilla!
2015-05-03 16:03 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files (x86)\STOPzilla
2015-05-03 14:53 - 2013-05-04 06:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2015-05-03 14:53 - 2013-05-04 06:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-05-03 12:58 - 2015-05-07 12:33 - 01074984 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-05-03 12:55 - 2015-05-03 12:55 - 00019853 _____ () C:\ComboFix.txt
2015-05-03 12:48 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-03 12:48 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-03 12:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-03 12:48 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-03 12:47 - 2015-05-03 12:55 - 00000000 ____D () C:\Qoobox
2015-05-03 12:47 - 2015-05-03 12:54 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-03 12:37 - 2015-05-10 17:32 - 00000404 _____ () C:\WINDOWS\Tasks\update-sys.job
2015-05-03 12:37 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-05-03 12:37 - 2015-05-03 12:37 - 00003274 _____ () C:\WINDOWS\System32\Tasks\update-sys
2015-05-03 12:37 - 2015-05-03 12:37 - 00000424 _____ () C:\Users\Danilo\AppData\Local\UserProducts.xml
2015-05-03 12:37 - 2015-05-03 12:37 - 00000404 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-3451001620-2923232768-3836088574-1001.job
2015-05-03 12:37 - 2015-05-03 12:37 - 00000003 _____ () C:\Users\Danilo\AppData\Local\updater.log
2015-05-03 12:37 - 2015-05-03 12:37 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2015-05-03 12:02 - 2015-05-03 12:02 - 00000000 _____ () C:\autoexec.bat
2015-05-03 11:56 - 2015-05-03 11:55 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 01060080 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 00544496 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 00495856 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-05-03 11:56 - 2015-05-03 11:55 - 00264432 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 00192240 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo18.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 00151280 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2015-05-03 11:56 - 2015-05-03 11:55 - 00033008 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-05-03 11:01 - 2015-05-10 10:27 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-02 17:26 - 2015-05-10 19:34 - 00000978 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:26 - 2015-05-02 17:26 - 00003866 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-02 16:59 - 2015-05-02 16:59 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-05-02 16:58 - 2015-05-02 16:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-02 16:58 - 2015-05-02 16:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-02 16:57 - 2015-05-02 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 16:47 - 2015-05-02 17:28 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Adobe
2015-05-02 16:36 - 2015-05-02 17:26 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\BitTorrent
2015-05-02 16:32 - 2015-05-03 11:59 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\hpqlog
2015-05-02 16:31 - 2015-05-10 17:00 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:30 - 2015-05-10 16:58 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-02 16:30 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 16:30 - 2015-05-02 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:30 - 2015-05-02 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-02 16:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-02 16:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-02 16:28 - 2015-05-02 16:28 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 16:28 - 2015-05-02 16:28 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Mozilla
2015-05-02 16:28 - 2015-05-02 16:28 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Mozilla
2015-05-02 16:28 - 2015-05-02 16:28 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-02 16:28 - 2015-05-02 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-02 16:27 - 2015-05-02 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-02 16:22 - 2015-05-02 16:22 - 00002788 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-02 16:22 - 2015-05-02 16:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 16:19 - 2015-05-02 16:19 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\OpenOffice
2015-05-02 16:17 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-05-02 16:17 - 2015-05-02 16:17 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2015-05-02 16:14 - 2015-05-07 13:20 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-05-02 16:12 - 2015-05-02 16:13 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-05-02 16:11 - 2015-05-02 16:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4.1.1 (it) Installation Files
2015-05-02 16:00 - 2015-05-10 18:02 - 00004081 _____ () C:\Users\Danilo\Desktop\dati hero.txt
2015-05-02 15:47 - 2015-05-09 17:41 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\vlc
2015-05-02 15:28 - 2015-05-02 15:28 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-05-02 15:26 - 2015-05-10 19:23 - 00000000 ___RD () C:\Users\Danilo\Dropbox
2015-05-02 15:24 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-02 15:24 - 2015-05-02 15:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-02 15:22 - 2015-05-07 13:20 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-02 15:22 - 2015-05-07 13:20 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 15:22 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-02 15:22 - 2015-05-02 15:22 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-02 15:16 - 2015-05-03 14:55 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Dropbox
2015-05-02 15:02 - 2015-05-10 15:42 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Skype
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Users\Danilo\Tracing
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Skype
2015-05-02 15:01 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-02 15:01 - 2015-05-02 15:02 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 15:01 - 2015-05-02 15:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-02 14:52 - 2015-05-10 19:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-02 14:52 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-05-02 14:52 - 2015-05-02 14:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-05-02 14:52 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-05-02 14:51 - 2015-05-02 16:31 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Hewlett-Packard
2015-05-02 14:51 - 2014-10-22 21:13 - 00247496 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-05-02 14:27 - 2015-05-10 19:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3451001620-2923232768-3836088574-1001
2015-05-02 14:24 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-02 14:23 - 2015-05-10 19:28 - 00001164 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 14:23 - 2015-05-10 16:42 - 00001160 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 14:23 - 2015-05-02 14:24 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Google
2015-05-02 14:23 - 2015-05-02 14:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-02 14:23 - 2015-05-02 14:23 - 00004136 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-02 14:23 - 2015-05-02 14:23 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-02 14:23 - 2015-05-02 14:23 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Apps\2.0
2015-05-02 14:18 - 2015-05-02 14:18 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Macromedia
2015-05-02 14:15 - 2015-05-02 14:15 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\ATI
2015-05-02 14:15 - 2015-05-02 14:15 - 00000000 ____D () C:\Users\Danilo\AppData\Local\ATI
2015-05-02 14:14 - 2015-05-02 16:32 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Hewlett-Packard
2015-05-02 14:13 - 2015-05-02 17:03 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Adobe
2015-05-02 14:13 - 2015-05-02 14:13 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Synaptics
2015-05-02 14:13 - 2015-05-02 14:13 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Power2Go8
2015-05-02 14:12 - 2015-05-07 13:39 - 00000000 ____D () C:\Users\Danilo\AppData\Local\Packages
2015-05-02 14:12 - 2015-05-02 14:12 - 00000000 ____D () C:\Users\Danilo\AppData\Local\VirtualStore
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Public\Documents\Video
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Public\Documents\Musica
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Public\Documents\Immagini
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Risorse di stampa
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Risorse di rete
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Recenti
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Modelli
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Menu Avvio
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Impostazioni locali
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Video
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Musica
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Documents\Immagini
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Documenti
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\Dati applicazioni
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Dati applicazioni
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Users\Default.migrated\AppData\Local\Cronologia
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Programmi
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\ProgramData\Modelli
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programmi
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\ProgramData\Menu Avvio
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\ProgramData\Documenti
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\ProgramData\Dati applicazioni
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 _SHDL () C:\Program Files\File comuni
2015-05-02 13:51 - 2015-05-02 13:51 - 00000000 ____D () C:\ProgramData\ATI
2015-05-02 13:38 - 2015-05-02 13:38 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-05-02 13:38 - 2015-05-02 13:38 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-05-02 13:38 - 2015-05-02 13:38 - 00029480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-05-02 13:38 - 2015-05-02 13:38 - 00000595 _____ () C:\ProgramData\CyberlinkOutput.txt
2015-05-02 13:37 - 2015-05-07 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-05-02 13:37 - 2015-05-02 13:37 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD3107T2F_E708221-063_4A_I183E_SHP_V56.32_BF.26_T140603_W8101-0_L410_M3989_J640_7Intel_86A9_92.20_#150502_N10EC8136;1814539B_(D1M70EA#ABZ)_XMOBILE_CN10_Z.MRK
2015-05-02 13:37 - 2015-05-02 13:37 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD3107T2F_E708221-063_4A_I183E_SHP_V56.32_BF.26_T140603_W8101-0_L410_M3989_J640_7Intel_86A9_92.20_#150502_N10EC8136;1814539B_(D1M70EA#ABZ)_XMOBILE_CN10_Z.MRK
2015-05-02 13:36 - 2015-05-03 11:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-05-02 13:33 - 2015-05-02 13:43 - 00000000 ____D () C:\ProgramData\Temp
2015-05-02 13:33 - 2015-05-02 13:43 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-02 13:32 - 2015-05-07 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-05-02 13:31 - 2015-05-07 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-05-02 13:31 - 2015-05-02 13:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-05-02 13:30 - 2015-05-02 13:30 - 00000058 _____ () C:\WINDOWS\system32\ndCPrepLog
2015-05-02 13:30 - 2015-05-02 13:30 - 00000000 ____D () C:\ProgramData\Synaptics
2015-05-02 13:30 - 2015-05-02 13:30 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2015-05-02 13:28 - 2015-05-03 11:59 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-05-02 13:28 - 2015-05-03 11:11 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-05-02 13:27 - 2015-05-02 13:45 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-02 13:27 - 2015-05-02 13:27 - 00000000 ____D () C:\ProgramData\Ralink Driver
2015-05-02 13:27 - 2015-05-02 13:27 - 00000000 ____D () C:\ProgramData\Apple
2015-05-02 13:27 - 2015-05-02 13:27 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-02 13:27 - 2015-05-02 13:27 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-02 13:27 - 2012-08-08 20:22 - 00355840 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbprtmon.dll
2015-05-02 13:27 - 2012-08-08 20:21 - 00377344 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbrprtmon.dll
2015-05-02 13:27 - 2012-08-08 20:18 - 00170496 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbprtmonui.dll
2015-05-02 13:26 - 2015-05-07 13:18 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-05-02 13:26 - 2012-08-20 07:45 - 02188800 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll
2015-05-02 13:26 - 2012-08-20 07:45 - 00671744 ____N (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll
2015-05-02 13:26 - 2012-08-20 07:45 - 00542208 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\stwrt64.sys
2015-05-02 13:26 - 2012-08-20 07:45 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll
2015-05-02 13:26 - 2012-08-20 07:45 - 00255488 _____ (IDT, Inc.) C:\WINDOWS\system32\st646425.dll
2015-05-02 13:26 - 2012-07-31 10:04 - 00690832 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-05-02 13:26 - 2012-07-31 10:04 - 00074344 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-05-02 13:25 - 2015-05-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-02 13:25 - 2015-05-07 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-05-02 13:25 - 2015-05-04 22:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-02 13:25 - 2015-05-02 13:50 - 00000000 ____D () C:\ProgramData\Intel
2015-05-02 13:25 - 2015-05-02 13:25 - 00000000 ____D () C:\Program Files\Intel
2015-05-02 13:25 - 2012-07-04 15:09 - 09888912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsP2StorIcon.dll
2015-05-02 13:25 - 2012-07-04 15:09 - 00269968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2015-05-02 13:25 - 2012-06-22 03:13 - 00015168 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2015-05-02 13:24 - 2015-05-03 11:56 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-05-02 13:23 - 2015-05-03 11:56 - 00013678 _____ () C:\WINDOWS\DPINST.LOG
2015-05-02 13:23 - 2015-05-03 11:56 - 00001332 _____ () C:\WINDOWS\Synaptics.log
2015-05-02 13:23 - 2015-05-02 13:23 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-05-02 13:23 - 2015-05-02 13:23 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-05-02 13:23 - 2015-05-02 13:23 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2015-05-02 13:23 - 2011-09-12 18:05 - 00003917 _____ () C:\WINDOWS\SysWOW64\atipblup.dat
2015-05-02 13:23 - 2011-09-12 18:05 - 00003917 _____ () C:\WINDOWS\system32\atipblup.dat
2015-05-02 13:22 - 2015-05-07 13:16 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-05-02 13:22 - 2015-05-02 13:22 - 00000000 ____D () C:\Program Files\ATI
2015-05-02 13:21 - 2015-05-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-02 13:21 - 2015-05-02 13:21 - 00000000 ____D () C:\Intel
2015-05-02 13:21 - 2012-09-14 19:59 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-10 16:41 - 2013-08-22 16:46 - 00298476 _____ () C:\WINDOWS\setupact.log
2015-05-10 16:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 16:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-10 14:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-10 10:26 - 2012-08-04 02:02 - 00000000 ____D () C:\SWSetup
2015-05-09 17:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-09 17:32 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-08 21:50 - 2014-11-21 05:18 - 02016346 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 21:50 - 2014-11-21 04:26 - 00877094 _____ () C:\WINDOWS\system32\perfh010.dat
2015-05-08 21:50 - 2014-11-21 04:26 - 00189948 _____ () C:\WINDOWS\system32\perfc010.dat
2015-05-08 21:43 - 2014-11-20 20:06 - 00005144 _____ () C:\WINDOWS\PFRO.log
2015-05-08 17:54 - 2014-11-21 12:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-08 17:54 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-05-08 17:54 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-05-08 13:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-05-07 22:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-07 13:57 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-05-07 13:55 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-07 13:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-05-07 13:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-07 13:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-07 13:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-07 13:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-07 13:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-07 13:48 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-05-07 13:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-07 13:43 - 2014-11-21 05:50 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-05-07 13:43 - 2014-11-21 05:50 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-05-07 13:43 - 2014-11-21 05:50 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-05-07 13:43 - 2014-11-21 05:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-05-07 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-05-07 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2015-05-07 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-05-07 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-05-07 13:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-07 13:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-07 13:31 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-05-07 13:29 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-05-07 13:28 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-07 13:21 - 2013-08-22 16:44 - 00372280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-07 13:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-07 13:20 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-07 13:18 - 2014-11-21 04:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-05-07 13:18 - 2014-11-21 04:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-05-07 13:18 - 2014-11-21 04:26 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-05-07 13:18 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-07 13:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-05-07 13:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-05-07 13:18 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2015-05-07 13:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-05-07 13:17 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-07 13:16 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-07 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-07 13:16 - 2012-08-04 00:29 - 00000000 ____D () C:\ProgramData\PRICache
2015-05-07 13:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-05-07 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-03 12:54 - 2012-07-26 07:26 - 00000215 _____ () C:\WINDOWS\system.ini
2015-05-03 11:59 - 2012-09-19 04:56 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-02 23:13 - 2012-10-28 04:39 - 00000012 _____ () C:\WINDOWS\CSUP.txt
2015-05-02 14:55 - 2014-12-13 18:21 - 00824008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-05-02 14:55 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-05-02 14:52 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-02 14:13 - 2012-08-04 02:02 - 00000000 ____D () C:\SYSTEM.SAV
2015-05-02 13:32 - 2012-10-28 04:30 - 00000000 ____D () C:\HP
2015-04-14 01:24 - 2014-11-21 13:06 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-11-21 13:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-05-03 12:37 - 2015-05-03 12:37 - 0000003 _____ () C:\Users\Danilo\AppData\Local\updater.log
2015-05-03 12:37 - 2015-05-03 12:37 - 0000424 _____ () C:\Users\Danilo\AppData\Local\UserProducts.xml
2015-05-02 13:38 - 2015-05-02 13:38 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
 
Some content of TEMP:
====================
C:\Users\Danilo\AppData\Local\Temp\_isD98C.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-07 12:59
 
==================== End Of Log ============================
 
 
Hello to everyone, as wrote in the title, sometimes while i'm working or surfing on the internet, it happens that an unathorized copying files process start without any action taken by me, it starts on his own basically.
 
To be more accurate possible, something like this shows up: http://i.imgur.com/CjiC322.png
But, instead of "dropbox" there was this name: "EXTC.... with some numbers next to it" 

And instead of "desktop" this: "sp... even this with many numbers in the name"

 

I'm sorry if it wasn't clear enough, but i couldn't take the exactly names of destinations because the operation is very fast and i had to cancel it when it was possible.

 

I tried to find what the problem is by scanning the pc with many antivirus like: Avira, Kaspersky, Malwarebytes, HitmanPro etc.. but none of them found anything of malicious.

 

Seeing this, i decided to format my pc, installing a new clean image of the Operating System.

I thought that the problem was solved with this, but the weird processes started again.

 

More info: some time ago i got the police virus that block the pc (i don't know the name), and this one too: exp/java.rafold.v.gen that got removed by Avira, i don't know if it is related to the problem.

It also happen sometimes that the disk goes to 100% with vents turned on and computer slow down without a real reason.

 

I already opened a topic here but unfortunately couldn't resolve the problem yet: http://www.bleepingcomputer.com/forums/t/575774/unauthorized-processes-copy-my-files/ 

 

Hope to solve it soon, thanks in advance for the answers.

Attached Files


Edited by Blaze1206, 10 May 2015 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 15 May 2015 - 08:51 AM

hi,

 

Iam shelf life and will try to help you. Iam only on this site once or twice per day. More on the weekends. So if you dont get a quick reply back  from me, you will get one soon.

 

I read you other posts and looking at the logs there really nothing in there to be worried about. You have run several tools and the came up clean. Cant really say what it is. Maybe its some HP installed bloatware? Something updating?, backing up?

 

 Since you said you did a reinstall of the OS, I assume you reformatted the hard drive first?

You might see something in task manager if you check that next time it happens.


How Can I Reduce My Risk to Malware?


#3 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 15 May 2015 - 05:49 PM

Hi, thank you very much for replying :)

 

I had to re-install windows again because some flashing cmd windows started to appear on top of the screen, like some processes were starting by there own. This time though, i choiced to make my pc back to original settings, formatting also my hard disk.

 

Until now, i didn't notice any problem, so thank you for checking my situation but i THINK it's solved, atleast for now. :)

 

Anyway, i have done a system scan with bitdefender, and this showed up:

 

Objects that were not scanned:

Object Path

 

File: C:\System Volume Information\{ea10a068-fa39-11e4-be7c-7446a07c525f}{3808876b-c176-4e48-b7ae-04046e6cc752}   (object was not found)

File: C:\SWSetup\CPDD\SupportFiles.7z=>PhotoDirector.ico Password-protected Not scanned (file was password-protected)

File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}   (object was not found)

File: C:\SWSetup\P2Go\SupportFiles.7z=>P2G.ico Password-protected Not scanned (file was password-protected)

File: C:\SWSetup\CyberMS\SupportFiles.7z=>PowerStarter.ico Password-protected Not scanned (file was password-protected)

File: C:\SWSetup\CPwrDD\SupportFiles.7z=>Product.ico Password-protected Not scanned (file was password-protected)

 

Do you maybe know what is it?

What are those files protected with a password?

And also that couldn't be found.

 

Thank you in advance.


Edited by Blaze1206, 15 May 2015 - 05:52 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 16 May 2015 - 08:10 AM

hi,

 

Looks like the password protected files are from HP. Restore files, drivers etc for the machine.

http://h30434.www3.hp.com/t5/Notebook-Operating-Systems-and-Software/can-I-delete-c-swsetup/td-p/226147

 

I think the system volume info is your machines restore points, maybe its a older restore point, object not found? Only a guess on my part. Its not anything to worry about.

I think your good to go, nothing to worry about.


How Can I Reduce My Risk to Malware?


#5 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 16 May 2015 - 09:59 AM

Thank you again :)

 

I have just two last questions, and hope you can help with this too:

 

1) Could you tell me which of these can i remove to make free space?

http://i.imgur.com/4Kzs8EH.png  

http://i.imgur.com/9JH2GnI.png   

http://i.imgur.com/Efp4Ca9.png

I don't know if i can remove the Hp programs, or the other already pre-installed along with windows (Already removed all the cyberlink programs)

 

2) There is some easy way to update my pc drivers?

Some free program, i don't know :)


Edited by Blaze1206, 16 May 2015 - 09:59 AM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 17 May 2015 - 10:23 AM

hi,

 

No problem. The questions are a welcome change from the usual malware problems.

 

Drivers:

1)You always get drivers from the computer vendors website or the hardware manufacturer's web site--  No need for any special software. You have a HP:

 

http://support.hp.com/us-en/drivers

http://www8.hp.com/us/en/drivers.html

 

2) One school of thought is: unless something dosnt seem to work right- as a solution- you could try updating a driver- otherwise theres really no need to update a driver.

 

software: You can uninstall these below unless you really use them, The HP apps can be removed

uTorrent
Bonjour
DropBox
connected Music powered by Universal Music group
HP connected Music (Meridian installer)
Hp Connected Remote
HP Registration Service
HP support assistant
Microsoft silverlight
Skype
Windows Essentials (several apps togeather): Movie Maker, Photo Gallery, OneDrive, Family Safety, Mail, Writer)

 

 


How Can I Reduce My Risk to Malware?


#7 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 May 2015 - 01:07 PM

Alright, thank you again for your time and for your answers :)

 

The topic can be closed i think, just hope i won't need to ask you to re-open it again in the future. ;)


Edited by Blaze1206, 17 May 2015 - 01:07 PM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 17 May 2015 - 06:29 PM

No problem, your welcome. I will leave the topic open for a few days. happy safe surfing "out there".


How Can I Reduce My Risk to Malware?


#9 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 20 May 2015 - 03:48 AM

Hi so, my usual problem came back again (the copying files thing), this time happened after i gave the ok for the installation of updates by hp support assistant.

 

Should i remove it?

 

I didnt remove it before because thought it was useful


Edited by Blaze1206, 20 May 2015 - 04:10 AM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 20 May 2015 - 05:05 PM

Well i guess we can conclude thats its HP software. If you find it useful, keep it, if not remove it via the add/remove programs panel. Up to you its your machine. It could always be reinstalled.

 

Does it happen alot? I find it hard to believe the need for HP to push out updates on a regular basis.

 

I found this link about it:

http://www8.hp.com/us/en/campaigns/hpsupportassistant/hpsupport.html

 

It probably launches at every start up and runs in the background, after reading some of the link above-- it does launch and run in the background at start up.

 

It may have a option for you to start it manually. When you want to run it. Or you could prevent it from running at start up if you wanted using msconfig.

 


How Can I Reduce My Risk to Malware?


#11 Blaze1206

Blaze1206
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 21 May 2015 - 05:29 AM

Removed it, i'm really done with this story, hope removing it won't happen again these copying processes...

 

Thank you once again for your disponibility! :)



#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 21 May 2015 - 04:52 PM

Ok. Your welcome. Happy Safe Surfing "out there".


How Can I Reduce My Risk to Malware?


#13 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:31 PM

Posted 28 June 2015 - 05:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users