Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected wscript.exe with a vbs virus...


  • This topic is locked This topic is locked
2 replies to this topic

#1 cikkus

cikkus

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SIcily
  • Local time:03:42 PM

Posted 07 September 2015 - 08:25 AM

Unfortunately i have been so stupid to infect my machine with a file called "downloader.vbs" . I hadn't notice about the infection until I inserted a Sd card in the notebook slot to copy some files.
The card appeared to be empty, in the meanwhile a Avast alert noticed  me about a threat!
Just this "downloader.vbs" but also, with some malicious link .I soon downloaded "Mcshield" to clear the SD but still it appeared empty! I was able to open and to copy  the files stored in the card only using "TreeSizefree"
After, reading some post, I downloaded YAC but it wasn't able to solve the problem even it revealed the threat, thus I downloaded "System explorer " and i have seen some keys with the malware that i delete.
Now when i insert any SD Card in the notebook i haven't anymore alert from AVAST but:

Every Card I try to read result as to be  empty.
I tried to control the register keys  through regedit, but with my great surprise I can't access to my search box in Win10.
I can't access to regedit not even trough Cclean but only by "System Explorer" by clicking in any voice of the register...

 

P.S. I forgot that i tried to launch "Comofix" but it alerted me that it doesn't work with my SO versione that recognized not as Win10 but as Win2000!

 

Thanks in advance for yours help!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01
Ran by Francesco (administrator) on MYPC (07-09-2015 11:04:56)
Running from D:\Dropbox\Downloads
Loaded Profiles: Francesco (Available Profiles: Francesco)
Platform: Windows 10 Home (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Francesco\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
() C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Windows\tsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Mozilla Corporation) C:\WinWebExplorer\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-07] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM-x32\...\Run: [WTClient] => C:\WINDOWS\SysWOW64\WTClient.exe [41304 2014-01-13] (Tablet Driver)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [CompeGPSDev] => [X]
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3389160 2015-08-19] (Mister Group)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [Google Update] => C:\Users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [MusicManager] => C:\Users\Francesco\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [3111E87AAC684D0A28C3C6331837F1E039EA94CC._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [122656 2015-07-20] (Glarysoft Ltd)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [Dropbox Update] => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-13] (Dropbox, Inc.)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [OneDrive] => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\RunOnce: [Uninstall C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-11] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2014-02-28]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2014-04-05]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TouchpadPal.lnk [2013-10-24]
ShortcutTarget: TouchpadPal.lnk -> C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe ()
BootExecute: autocheck autochk *  sasnative64
CHR HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4addafcf-ade6-42ee-8e54-f8ecee5202d2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4de6c2f9-a001-448f-a627-a03556a54980}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://it.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-2044738553-2148129836-1739379785-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2044738553-2148129836-1739379785-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-11] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-11] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-11] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-11] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\289k0f82.new-mar-15
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Golliver
FF Homepage: hxxp://www.lescienze.it/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-18] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-18] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-03-26] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2044738553-2148129836-1739379785-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2044738553-2148129836-1739379785-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2044738553-2148129836-1739379785-1002: @talk.google.com/O1DPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2044738553-2148129836-1739379785-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2044738553-2148129836-1739379785-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\searchplugins\yahoo-avast.xml [2014-06-23]
FF SearchPlugin: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\htbimdf3.II profilo\searchplugins\yahoo-avast.xml [2014-06-23]
FF Extension: FoxyProxy Standard - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\foxyproxy@eric.h.jung [2015-02-05]
FF Extension: Garmin Communicator - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: DownloadHelper - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-03-11]
FF Extension: CSHelper - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2014-02-13]
FF Extension: Attachments.me - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\attachmentsme@attachments.me.xpi [2013-02-25]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\extension@hidemyass.com.xpi [2014-03-12]
FF Extension: fluschipranie - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack.xpi [2013-06-21]
FF Extension: SkipScreen - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\SkipScreen@SkipScreen.xpi [2012-12-17]
FF Extension: Tree Style Tab - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2012-12-17]
FF Extension: Screengrab  (fix version) - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-10-08]
FF Extension: Adblock Plus - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ixeimvgc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-17]
FF Extension: DownloadHelper - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\htbimdf3.II profilo\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-19]
FF Extension: Firefox Developer Tools Adapters - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2015-03-11]
FF Extension: CSHelper - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2015-03-12]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\s3download@statusbar.xpi [2015-03-11]
FF Extension: Download Status Bar - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-03-11]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-12]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\4sb7wu7f.dev-edition-default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-12]
FF Extension: Garmin Communicator - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\289k0f82.new-mar-15\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-04-06]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\289k0f82.new-mar-15\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\289k0f82.new-mar-15\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-12]
FF Extension: No Name - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\289k0f82.new-mar-15\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2044738553-2148129836-1739379785-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.it/
CHR StartupUrls: Default -> "hxxp://www.yahoo.it/","https://it.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flash Video Downloader) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2015-07-06]
CHR Extension: (Google Drive) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-15]
CHR Extension: (YouTube) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-15]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-03-09]
CHR Extension: (Google Search) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-15]
CHR Extension: (FLV Player) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2014-10-28]
CHR Extension: (Simple Dictation) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\diondlbenfmpcapnbegmodfdgmnnpgln [2013-02-27]
CHR Extension: (Download Helper for chrome) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\doaaaibbokbcnildjihnopkomjkofihd [2014-10-28]
CHR Extension: (Gmail Offline) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-11-05]
CHR Extension: (Select and Speak - Text to Speech) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2013-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (500BYGucci) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdejhmjcamilmnamlkmkkebojhikceoj [2014-11-05]
CHR Extension: (FLV Video Downloader) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgbngepgkjeffdkkpnblnlogfjehbjn [2014-10-28]
CHR Extension: (The Great Suspender) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (APK Downloader) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba [2015-01-24]
CHR Extension: (TunnelBear VPN) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2015-05-20]
CHR Extension: (SpeakIt!) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2013-02-27]
CHR Extension: (Gmail) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-15]
CHR Extension: (Secretbook) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\plglafijddgpenmohgiemalpcfgjjbph [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-04-14] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-11] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-07] (ELAN Microelectronics Corp.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-08-07] (Intel Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609792 2015-02-23] (Copyright 2013 SAMSUNG) [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [163576 2015-08-04] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-11] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-08-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-05-13] (Glarysoft Ltd)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [61832 2015-08-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-09-01] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [68488 2015-08-26] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:04 - 2015-09-07 11:05 - 00000000 ____D C:\FRST
2015-09-07 10:57 - 2015-09-07 10:57 - 00016148 _____ C:\WINDOWS\system32\MYPC_Francesco_HistoryPrediction.bin
2015-09-07 07:36 - 2015-09-07 07:36 - 00000000 ___HD C:\OneDriveTemp
2015-09-06 21:13 - 2015-09-06 21:13 - 05635231 _____ (Swearware) C:\Users\Francesco\Desktop\ciccio.exe
2015-09-06 21:08 - 2015-09-07 07:47 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Systweak
2015-09-06 21:08 - 2015-09-06 21:08 - 00000000 ____D C:\Users\Francesco\AppData\Local\Systweak
2015-09-06 20:00 - 2015-09-06 20:08 - 00000000 ____D C:\ProgramData\SystemExplorer
2015-09-06 20:00 - 2015-09-06 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-09-06 20:00 - 2015-09-06 20:00 - 00000000 ____D C:\Program Files (x86)\System Explorer
2015-09-06 19:08 - 2015-09-06 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-09-06 19:08 - 2015-09-06 19:08 - 00000000 ____D C:\WINDOWS\system32\log
2015-09-06 19:08 - 2015-09-06 19:08 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2015-09-06 19:08 - 2015-08-26 08:49 - 00068488 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-09-06 19:07 - 2015-09-06 19:07 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Elex-tech
2015-09-06 18:45 - 2015-09-06 18:52 - 00000000 ____D C:\AdwCleaner
2015-09-06 18:28 - 2015-09-07 07:47 - 00000000 ____D C:\ProgramData\MCShield
2015-09-06 18:28 - 2015-09-07 07:46 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-09-06 18:28 - 2015-09-06 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-09-05 09:15 - 2015-09-05 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 08:20 - 2015-09-05 08:20 - 00000039 _____ C:\WINDOWS\setupact.log
2015-09-05 08:20 - 2015-09-05 08:20 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-05 08:20 - 2015-09-05 08:20 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-05 08:20 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-09-03 13:23 - 2015-09-03 13:23 - 00000000 ____D C:\Users\Francesco\AppData\Local\Deployment
2015-09-03 13:23 - 2015-09-03 13:23 - 00000000 ____D C:\Users\Francesco\AppData\Local\Apps\2.0
2015-09-03 07:52 - 2015-09-03 07:53 - 00000326 _____ C:\Users\Francesco\AppData\Local\SnipUsages.txt
2015-09-01 19:59 - 2015-09-03 07:53 - 00075324 _____ C:\Users\Francesco\AppData\Local\Snip.txt
2015-09-01 19:59 - 2015-09-03 07:41 - 00000000 ____D C:\Users\Francesco\AppData\Local\Package Cache
2015-09-01 19:59 - 2015-09-01 19:59 - 00000000 ____D C:\Users\Francesco\Documents\My Snips
2015-09-01 07:44 - 2015-09-07 07:30 - 00001504 _____ C:\WINDOWS\PFRO.log
2015-09-01 07:44 - 2015-09-01 07:44 - 04981864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-31 19:32 - 2015-08-31 19:32 - 00000000 ____D C:\Users\Francesco\Documents\Porto Empedocle-19-14
2015-08-31 18:56 - 2015-08-31 18:56 - 00253137 ____R C:\Users\Francesco\Documents\Porto Empedocle-19-14.zip
2015-08-31 12:11 - 2015-09-07 09:39 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-31 10:22 - 2015-08-31 10:22 - 06512650 _____ C:\Users\Francesco\Documents\duplicate.txt
2015-08-31 09:21 - 2015-08-27 01:40 - 00015223 _____ C:\Users\Francesco\AppData\Roaming\download_vid23.vbs
2015-08-29 13:21 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 13:21 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 13:21 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 13:21 - 2015-08-20 07:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-29 13:21 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 13:21 - 2015-08-20 07:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-29 13:21 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 13:21 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 13:21 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 13:21 - 2015-08-20 07:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-29 13:21 - 2015-08-20 06:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-29 13:21 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 13:21 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 13:21 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 13:21 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 13:21 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 13:21 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 13:21 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 13:21 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 13:21 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 13:21 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 13:21 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 13:21 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 13:21 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 13:21 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 13:21 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 13:21 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 13:21 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 13:21 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 13:21 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 13:21 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 13:21 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 13:21 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 13:21 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 13:21 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 13:21 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 13:21 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 13:21 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 13:21 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 13:21 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 13:21 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 13:21 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 13:21 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 13:21 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 13:21 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 15:54 - 2015-08-28 16:09 - 00004200 _____ C:\Users\Francesco\Documents\Firetto.txt
2015-08-27 20:32 - 2015-08-29 13:01 - 00000000 ____D C:\WinWebExplorer
2015-08-26 09:38 - 2015-08-26 09:38 - 00000000 ____D C:\adb
2015-08-25 20:01 - 2015-08-25 20:01 - 00000000 ____D C:\Users\Francesco\Desktop\Nuova cartella
2015-08-24 15:15 - 2015-08-24 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-20 19:49 - 2015-08-20 19:49 - 00001102 _____ C:\Users\Francesco\Desktop\CompeGPS LAND.lnk
2015-08-19 18:21 - 2015-08-13 06:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 18:21 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 18:21 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 18:21 - 2015-08-13 06:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 18:21 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 18:21 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 18:21 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 18:21 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 18:21 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 18:21 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 18:21 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 18:21 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 18:21 - 2015-08-11 11:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 18:21 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 18:21 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 18:21 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 18:21 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 18:21 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 18:21 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 18:21 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 18:21 - 2015-08-11 11:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 18:21 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 18:21 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 18:21 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 18:21 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 18:21 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 18:21 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 18:21 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 18:21 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 18:21 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 18:21 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 18:21 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 18:21 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 18:21 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 18:21 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 18:21 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 18:21 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 18:21 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 18:21 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 18:21 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 18:21 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 18:21 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 18:21 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 18:21 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 18:21 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 18:21 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 18:21 - 2015-08-11 11:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 18:21 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 18:21 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 18:21 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 18:21 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 18:21 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 18:21 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 18:21 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 18:21 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 18:21 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 18:21 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 18:21 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 18:21 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 18:21 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 18:21 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 18:21 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 18:21 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 18:21 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 18:21 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 18:21 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 18:21 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 18:21 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 18:21 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 18:21 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 18:21 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 18:21 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 18:21 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 18:21 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 18:21 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-15 17:37 - 2015-08-18 12:03 - 00000993 _____ C:\Users\Francesco\Desktop\CamStudio-.lnk
2015-08-14 21:43 - 2015-08-14 21:43 - 00000000 ____D C:\Users\Francesco\AppData\Local\NVIDIA Corporation
2015-08-14 18:05 - 2015-03-30 07:59 - 00017600 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\BootDefragDriver.sys
2015-08-13 21:20 - 2015-08-13 21:20 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\DiskDefrag
2015-08-12 15:20 - 2015-08-03 04:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 15:20 - 2015-08-03 03:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 15:19 - 2015-08-08 09:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 15:19 - 2015-08-08 09:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 15:19 - 2015-08-08 09:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 15:19 - 2015-08-08 08:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 15:19 - 2015-08-08 08:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 15:19 - 2015-08-08 08:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 15:19 - 2015-08-08 08:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 15:19 - 2015-08-08 08:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 15:19 - 2015-08-08 08:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 15:19 - 2015-08-06 05:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 15:19 - 2015-08-06 05:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 15:19 - 2015-08-06 04:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 15:19 - 2015-08-05 06:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 15:19 - 2015-08-05 06:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 15:19 - 2015-08-05 06:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 15:19 - 2015-08-05 05:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 15:19 - 2015-08-05 05:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 15:19 - 2015-08-05 05:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 15:19 - 2015-08-04 06:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 15:19 - 2015-08-04 06:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 15:19 - 2015-08-04 06:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 15:19 - 2015-08-04 05:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 15:19 - 2015-08-04 04:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 15:19 - 2015-08-04 04:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 15:19 - 2015-08-03 04:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 15:19 - 2015-08-03 04:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 15:19 - 2015-08-03 04:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 15:19 - 2015-08-03 04:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 15:19 - 2015-08-03 04:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 15:19 - 2015-08-03 04:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 15:19 - 2015-08-03 04:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 15:19 - 2015-08-03 04:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 15:19 - 2015-08-03 04:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 15:19 - 2015-08-03 04:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 15:19 - 2015-08-03 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 15:19 - 2015-08-03 03:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 15:19 - 2015-08-03 03:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 15:19 - 2015-08-03 03:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 15:19 - 2015-08-03 03:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 15:19 - 2015-08-03 03:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 15:19 - 2015-08-03 03:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 15:19 - 2015-08-03 03:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 15:19 - 2015-08-03 03:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 15:19 - 2015-08-03 03:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 15:19 - 2015-08-03 03:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 15:19 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 15:19 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 15:19 - 2015-08-03 03:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 15:19 - 2015-08-03 03:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 15:19 - 2015-08-03 03:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 15:19 - 2015-08-03 03:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 15:19 - 2015-08-03 03:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 15:19 - 2015-08-03 03:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 15:19 - 2015-08-03 03:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 15:19 - 2015-08-03 03:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 15:19 - 2015-08-03 03:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 15:19 - 2015-08-03 03:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 15:19 - 2015-08-03 03:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 15:19 - 2015-08-03 03:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 15:19 - 2015-08-03 03:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 15:19 - 2015-08-03 03:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 15:19 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 15:19 - 2015-08-03 03:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 15:19 - 2015-08-03 03:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-12 15:19 - 2015-08-03 03:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 15:19 - 2015-08-03 03:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 15:19 - 2015-08-03 02:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-12 01:02 - 2015-08-12 01:02 - 00000000 ____D C:\Program Files (x86)\PrivaZer
2015-08-11 15:03 - 2015-08-11 15:03 - 00000000 ____D C:\Program Files\ConvertHelper3
2015-08-11 10:28 - 2015-08-11 10:28 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-11 10:28 - 2015-08-11 10:28 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-10 18:07 - 2011-08-10 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2015-08-10 18:07 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-08-10 18:07 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-08-10 17:09 - 2015-08-10 18:07 - 00001009 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-08-10 17:09 - 2015-08-10 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2015-08-10 17:09 - 2006-10-13 00:00 - 00093184 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esxcwiad.dll
2015-08-09 22:15 - 2015-09-07 07:38 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-08-09 22:14 - 2015-08-09 22:14 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-09 21:42 - 2015-08-09 21:42 - 00065456 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
2015-08-09 21:42 - 2015-08-09 21:42 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-08-09 21:42 - 2015-08-09 21:42 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-08-09 21:29 - 2015-08-09 21:29 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-09 21:27 - 2015-08-09 22:13 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-08-09 21:27 - 2015-08-09 22:13 - 00000000 ____D C:\WINDOWS\system32\NV
2015-08-08 10:21 - 2015-08-08 10:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-08 08:25 - 2015-08-10 17:55 - 00050176 _____ C:\Users\Francesco\Desktop\area a rischio CTP.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:05 - 2015-08-07 15:00 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-07 10:58 - 2015-08-07 06:58 - 00000000 ____D C:\Users\Francesco\OneDrive
2015-09-07 10:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-07 10:20 - 2015-07-13 21:09 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002UA.job
2015-09-07 10:18 - 2012-12-15 18:28 - 00001168 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 10:15 - 2013-09-12 14:15 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\vlc
2015-09-07 10:15 - 2012-12-15 22:26 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002UA.job
2015-09-07 09:43 - 2014-10-28 11:20 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
2015-09-07 08:18 - 2012-12-15 18:28 - 00001164 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 07:51 - 2014-03-16 11:54 - 00000000 ____D C:\Users\Francesco\Desktop\FAST LINK
2015-09-07 07:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-07 07:38 - 2014-06-05 10:03 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-07 07:35 - 2015-08-07 15:00 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-07 07:30 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-06 22:32 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-06 22:30 - 2012-12-14 15:49 - 00000380 _____ C:\Users\Francesco\AppData\Roaming\sp_data.sys
2015-09-06 21:50 - 2014-12-24 13:27 - 00000000 ____D C:\Program Files (x86)\Tribler
2015-09-06 21:50 - 2014-09-03 18:23 - 00000000 ____D C:\Program Files (x86)\CDex
2015-09-06 20:37 - 2013-02-20 22:30 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\dvdcss
2015-09-06 20:00 - 2014-01-21 17:22 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9DBACBB2-2718-4E1D-915F-92BEC0AB05BD}
2015-09-06 19:56 - 2014-06-14 08:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-06 19:29 - 2014-09-24 12:45 - 00000000 ____D C:\Program Files (x86)\Zoom Player
2015-09-06 18:38 - 2013-12-15 18:28 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\tor
2015-09-06 18:38 - 2013-12-15 18:23 - 00000000 ____D C:\Users\Francesco\AppData\Local\Vidalia
2015-09-06 15:20 - 2015-07-13 21:09 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002Core.job
2015-09-06 09:05 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-09-06 08:01 - 2012-12-15 22:05 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Dropbox
2015-09-05 23:15 - 2012-12-15 22:26 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002Core.job
2015-09-05 20:40 - 2015-08-07 02:31 - 01823504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 20:40 - 2015-07-10 18:56 - 00808340 _____ C:\WINDOWS\system32\perfh010.dat
2015-09-05 20:40 - 2015-07-10 18:56 - 00150762 _____ C:\WINDOWS\system32\perfc010.dat
2015-09-05 09:15 - 2015-08-07 15:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-05 08:21 - 2014-01-09 00:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-03 19:30 - 2012-12-30 19:18 - 00000000 ____D C:\Users\Francesco\Documents\File di Outlook
2015-09-03 11:47 - 2013-01-13 23:50 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Skype
2015-08-31 10:00 - 2013-10-11 13:10 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\uTorrent
2015-08-31 10:00 - 2013-09-25 21:40 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\TeamViewer
2015-08-31 10:00 - 2013-03-15 01:31 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\AIMP3
2015-08-31 09:59 - 2015-08-07 02:59 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-31 09:55 - 2012-12-25 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-31 09:55 - 2012-12-25 19:59 - 00000000 ____D C:\Program Files\CCleaner
2015-08-31 09:34 - 2014-06-14 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 09:34 - 2014-06-14 08:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 02:21 - 2013-09-25 21:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-30 13:53 - 2012-12-14 15:47 - 00000000 ____D C:\Users\Francesco\AppData\Local\Packages
2015-08-30 10:54 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-30 08:13 - 2012-12-15 18:28 - 00004226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 08:13 - 2012-12-15 18:28 - 00003994 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 19:51 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-29 19:51 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-29 13:23 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-29 13:01 - 2012-12-15 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 23:10 - 2012-12-15 22:26 - 00004060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002UA
2015-08-28 23:10 - 2012-12-15 22:26 - 00003684 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2044738553-2148129836-1739379785-1002Core
2015-08-28 14:08 - 2015-08-07 02:08 - 00000000 ____D C:\Users\Francesco
2015-08-27 02:37 - 2015-08-07 08:37 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-27 02:37 - 2015-08-07 08:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-27 02:36 - 2015-08-07 08:37 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-27 02:36 - 2015-08-07 08:37 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-26 09:39 - 2012-09-10 00:55 - 00000000 ____D C:\Program Files\DIFX
2015-08-26 08:35 - 2015-03-12 11:04 - 00000000 ____D C:\Users\Francesco\AppData\Local\Adobe
2015-08-24 15:15 - 2014-09-17 20:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-24 15:15 - 2013-01-13 23:50 - 00000000 ____D C:\ProgramData\Skype
2015-08-23 18:10 - 2014-05-23 07:54 - 00000000 ____D C:\ProgramData\CompeGPS
2015-08-20 19:49 - 2015-05-04 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompeGPS
2015-08-20 19:49 - 2015-05-04 12:52 - 00000000 ____D C:\Program Files (x86)\CompeGPS
2015-08-20 19:49 - 2013-02-14 19:27 - 00000000 ____D C:\Users\Francesco\Documents\CompeGPS
2015-08-20 16:44 - 2015-08-07 07:02 - 00002434 _____ C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-19 21:40 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-19 21:40 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-19 21:40 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-19 01:06 - 2014-12-04 09:31 - 00000000 ____D C:\Users\Francesco\AppData\Local\PrivaZer
2015-08-18 17:32 - 2013-03-15 08:57 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-18 14:15 - 2012-12-15 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-18 08:09 - 2013-03-15 08:57 - 00003966 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-17 07:42 - 2015-05-21 08:22 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-14 21:43 - 2015-08-07 08:42 - 00000000 ____D C:\Users\Francesco\AppData\Local\NVIDIA
2015-08-13 22:29 - 2012-12-29 20:17 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-08-12 19:27 - 2013-10-25 01:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 19:19 - 2012-12-15 16:34 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 01:02 - 2014-12-04 09:31 - 00001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2015-08-11 13:02 - 2012-12-29 20:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-11 11:04 - 2014-01-14 19:06 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-08-11 10:28 - 2014-12-10 21:22 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-08-11 10:28 - 2014-05-03 10:13 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-11 10:28 - 2013-12-26 13:14 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-11 10:28 - 2013-03-07 10:01 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-11 10:28 - 2013-03-07 10:01 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-11 10:28 - 2012-12-29 20:17 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-11 10:28 - 2012-12-29 20:17 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-11 10:28 - 2012-12-29 20:17 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-11 10:28 - 2012-12-29 20:17 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-11 06:52 - 2015-08-07 08:35 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-11 06:52 - 2015-08-07 08:35 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-10 21:52 - 2015-03-13 09:17 - 00000000 ____D C:\Users\Francesco\AppData\Local\CrashDumps
2015-08-10 18:10 - 2012-12-15 20:51 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Mozilla
2015-08-10 18:07 - 2012-12-23 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-08-10 17:56 - 2012-12-16 21:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-10 17:09 - 2012-12-23 16:47 - 00000000 ____D C:\Program Files (x86)\epson
2015-08-10 16:43 - 2015-06-26 17:18 - 00000000 ____D C:\Users\Francesco\Documents\statuto Mana
2015-08-10 15:31 - 2015-08-07 06:58 - 00000000 ____D C:\Users\Francesco\AppData\Local\Comms
2015-08-10 10:06 - 2014-09-24 12:45 - 00000000 ____D C:\ProgramData\Zoom Player
2015-08-09 21:42 - 2012-08-17 02:53 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-09 16:39 - 2015-04-26 20:31 - 00000000 ____D C:\Users\Francesco\Desktop\QGIS
2015-08-08 17:38 - 2015-07-10 13:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 17:38 - 2015-07-10 13:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-08 09:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-08 03:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2013-02-21 21:00 - 2013-02-21 21:00 - 0000261 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
2015-01-04 18:51 - 2015-01-07 10:31 - 0000700 _____ () C:\Users\Francesco\AppData\Roaming\burnaware.ini
2013-06-04 09:13 - 2015-03-12 12:17 - 0000117 _____ () C:\Users\Francesco\AppData\Roaming\Camdata.ini
2013-06-04 09:13 - 2015-03-12 12:17 - 0000408 _____ () C:\Users\Francesco\AppData\Roaming\CamLayout.ini
2013-06-04 09:13 - 2015-03-12 12:17 - 0000408 _____ () C:\Users\Francesco\AppData\Roaming\CamShapes.ini
2013-06-04 08:32 - 2015-03-12 12:17 - 0004509 _____ () C:\Users\Francesco\AppData\Roaming\CamStudio.cfg
2013-06-04 09:09 - 2013-06-04 09:09 - 0000098 _____ () C:\Users\Francesco\AppData\Roaming\CamStudio.Producer.command
2013-06-04 09:09 - 2013-06-04 09:09 - 0000000 _____ () C:\Users\Francesco\AppData\Roaming\CamStudio.Producer.Data.ini
2013-06-04 09:09 - 2013-06-04 09:09 - 0001205 _____ () C:\Users\Francesco\AppData\Roaming\CamStudio.Producer.ini
2015-08-31 09:21 - 2015-08-27 01:40 - 0015223 _____ () C:\Users\Francesco\AppData\Roaming\download_vid23.vbs
2012-12-15 16:33 - 2012-12-15 16:33 - 0000021 _____ () C:\Users\Francesco\AppData\Roaming\my_intel.sys
2012-12-14 15:49 - 2015-09-06 22:30 - 0000380 _____ () C:\Users\Francesco\AppData\Roaming\sp_data.sys
2013-09-25 13:31 - 2013-09-25 13:31 - 0038503 _____ () C:\Users\Francesco\AppData\Roaming\Valori separati da virgola (DOS).ADR
2014-12-13 19:06 - 2015-01-04 20:13 - 0003584 _____ () C:\Users\Francesco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-15 22:12 - 2012-12-15 22:12 - 0000017 _____ () C:\Users\Francesco\AppData\Local\resmon.resmoncfg
2015-09-01 19:59 - 2015-09-03 07:53 - 0075324 _____ () C:\Users\Francesco\AppData\Local\Snip.txt
2015-09-03 07:52 - 2015-09-03 07:53 - 0000326 _____ () C:\Users\Francesco\AppData\Local\SnipUsages.txt
2013-02-16 20:27 - 2013-02-16 20:27 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\Francesco\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucdp6r.dll
C:\Users\Francesco\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-30 10:18

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 AM

Posted 08 September 2015 - 08:04 AM

Duplicate topic.
Being helped here http://www.bleepingcomputer.com/forums/t/589449/infecting-wscriptexe-by-a-vbs-script/
This topic will be closed.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 AM

Posted 08 September 2015 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users