Buongiorno a tutti...sono una nuova iscritta e avrei bisogno di aiuto.
Vi ringrazio preventivamente

Il mio problema è : ho scaricato l'aggiornamento di avg zen , nel giro di poco incominciavano ad uscire varie finestre di errore e non mi permetteva più di accedere a funzione istalla / disistalla . Tra le finestre di errore c'e CCC.Implemententation di Ati graphic corrotto e un errore C:windows\system32\osbaseln.dll

Grazie

Qualcuno perfavore potrebbe controllare i log ...grazie

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11.07.50, on 03/12/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16717)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ilaria\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
O3 - Toolbar: Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soda PDF 5 Helper Service - LULU Software Limited - C:\Program Files (x86)\Soda PDF 5\HelperService.exe
O23 - Service: Soda PDF 5 Service - LULU Software Limited - C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater40.2.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 15384 bytes

Fatto ma nulla, continua darmi questi errori

CCC.Implementation Version=2.3314.38850 Cultur=neutral Pubblic Key token= 90ba9c70f846762

C:windows\system32\osbaseln.dll

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by ilaria (administrator) on PC-ILARIA (03-12-2015 16:41:18)
Running from C:\Users\ilaria\Downloads
Loaded Profiles: ilaria (Available Profiles: ilaria)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: Italiano (Italia)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2819984 2015-12-02] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-04] (Hewlett-Packard)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3209216 2012-02-02] (Ares Development Group)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-26] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-07-31] (EasyBits Software Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2011-12-24]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk [2013-12-01]
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FA398DEF-1EE9-4888-877B-34EC11D91545}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.it/
SearchScopes: HKLM -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKLM-x32 -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {E45EECB3-902D-4DB8-A238-0F2C121AB48E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll [2015-12-02] (AVG)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll [2013-05-13] (LULU Software Limited)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll [2013-05-13] (LULU Software Limited)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll [2014-01-29] (Alawar)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.1\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-300956757-2756368608-3835130273-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ilaria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-25] [not signed]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=it-it
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (trivia games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
CHR Extension: (new game) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
CHR Extension: (Gmail) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (dr games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]
CHR HKU\S-1-5-21-300956757-2756368608-3835130273-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mibfbmhijjgpkmobcfdlelpccpeafoom] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2015-12-03]

Opera:
=======
OPR Extension: (trivia games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
OPR Extension: (new game) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
OPR Extension: (dr games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1096544 2013-05-13] (LULU Software Limited)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-05-13] (LULU Software Limited)
R2 vToolbarUpdater40.2.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe [1926544 2015-12-02] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-02] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2013-04-23] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2011-12-08] (Danish Wireless Design A/S)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
U2 ezSharedSvc; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 16:41 - 2015-12-03 16:42 - 00029705 _____ C:\Users\ilaria\Downloads\FRST.txt
2015-12-03 16:39 - 2015-12-03 16:41 - 00000000 ____D C:\FRST
2015-12-03 16:38 - 2015-12-03 16:38 - 02350080 _____ (Farbar) C:\Users\ilaria\Downloads\FRST64.exe
2015-12-03 15:32 - 2015-12-03 15:33 - 00000000 ____D C:\Users\ilaria\AppData\Local\Facebook
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\ProgramData\Tarma Installer
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-03 15:32 - 2015-04-11 12:58 - 00010355 _____ C:\Quarantine.lst
2015-12-03 15:32 - 2015-04-11 12:58 - 00009018 _____ C:\Quarantine.reg
2015-12-03 11:06 - 2015-12-03 11:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\ilaria\Downloads\HijackThis.exe
2015-12-03 10:51 - 2015-12-03 10:51 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB216F12-A197-44D8-A8B6-A88DBDA969F3}
2015-12-02 18:08 - 2015-12-02 18:09 - 00000000 ____D C:\Users\ilaria\AppData\Local\AVG Web TuneUp
2015-12-02 18:08 - 2015-12-02 18:08 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:09 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-02 17:59 - 2015-12-02 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-02 17:58 - 2015-12-02 17:58 - 00000000 ___HD C:\$AVG
2015-12-02 17:54 - 2015-12-02 17:54 - 00000837 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-02 17:54 - 2015-12-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-02 17:51 - 2015-12-02 17:52 - 02924856 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ilaria\Downloads\AVG_Protection_Free_1005.exe
2015-12-02 17:23 - 2015-12-02 17:23 - 00000941 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-02 16:36 - 2015-12-02 16:36 - 00016330 _____ C:\Windows\SysWOW64\BroomData.bit
2015-12-02 16:36 - 2013-04-08 15:30 - 00022752 _____ C:\Windows\system32\PCloudBroom64.exe
2015-12-02 16:03 - 2015-12-02 16:03 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-02 16:03 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2015-12-02 16:03 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-12-02 16:02 - 2015-12-02 16:02 - 35192968 _____ (Panda Security ) C:\Users\ilaria\Downloads\PandaCloudCleaner.exe
2015-12-02 15:43 - 2015-12-02 15:43 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (1).exe
2015-12-02 15:40 - 2015-12-02 15:40 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-12-02 14:01 - 2015-12-02 14:01 - 00001728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000760 _____ C:\Users\Public\Desktop\Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000231 _____ C:\Users\Public\Desktop\More Great Games.url
2015-12-02 14:00 - 2015-12-02 14:01 - 00000000 ____D C:\Program Files (x86)\bfgclient
2015-12-02 13:59 - 2015-12-02 13:59 - 00237568 _____ (Big Fish Games) C:\Users\ilaria\Downloads\farm-frenzy-inc_s1_l1_gF8904T1L1_d2543295360.exe
2015-12-02 13:30 - 2015-12-02 13:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{E5B9EF64-E83C-400F-A865-38F4E13B8469}
2015-12-02 13:17 - 2015-12-02 13:18 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2D51ECE1-2CCB-4255-8838-4C03DCD93514}
2015-12-02 13:11 - 2015-12-02 13:11 - 00000125 _____ C:\FINIS_IT.TXT
2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 12:20 - 2015-12-02 19:04 - 00000306 _____ C:\Windows\Tasks\RMSchedule.job
2015-12-02 12:20 - 2015-12-02 12:20 - 00002884 _____ C:\Windows\System32\Tasks\RMSchedule
2015-12-02 12:16 - 2015-12-02 12:17 - 00011376 _____ C:\Users\ilaria\Documents\cc_20151202_121640.reg
2015-12-02 11:42 - 2015-12-02 11:48 - 00000000 ____D C:\ProgramData\PC1Data
2015-12-02 11:22 - 2015-12-02 11:22 - 00000000 ____D C:\Users\ilaria\AppData\Local\{97197E8D-654F-4A20-9F6D-5A897EA63016}
2015-12-01 20:19 - 2015-12-01 20:19 - 00004264 _____ C:\Users\ilaria\Documents\cc_20151201_201916.reg
2015-12-01 20:18 - 2015-12-01 20:18 - 00146898 _____ C:\Users\ilaria\Documents\cc_20151201_201800.reg
2015-12-01 18:12 - 2015-12-01 18:27 - 781443488 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X64.exe
2015-12-01 18:03 - 2015-12-01 18:10 - 498580680 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X86.exe
2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\Users\ilaria\AppData\Local\{517FC8D9-BA79-4BF0-BF14-716682725F5B}
2015-12-01 16:21 - 2015-12-01 16:21 - 00000000 ____D C:\7b361a8e4434a6279e480b71
2015-12-01 16:20 - 2015-12-01 16:20 - 00000000 ____D C:\Windows\CheckSur
2015-12-01 14:38 - 2015-12-01 14:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{50E2C87A-0EC2-4981-B313-57BC84DBEDC6}
2015-12-01 14:29 - 2015-12-01 14:29 - 00000000 ____D C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 14:16 - 2015-12-01 14:16 - 00000000 ____D C:\Users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 14:14 - 2015-12-01 14:57 - 00000000 ____D C:\MATS
2015-12-01 14:03 - 2015-12-01 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F730300D-5371-40DB-B39A-31DB8146DEE2}
2015-12-01 11:43 - 2015-12-01 11:43 - 00000000 ____D C:\8986f1190e149d948a69
2015-12-01 11:42 - 2015-12-01 11:42 - 00000898 _____ C:\Users\ilaria\Downloads\daticert (2).xml
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d.zip
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d (1).zip
2015-12-01 11:20 - 2015-12-01 11:20 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5C503F4E-FED8-43B4-A80E-49645B5768A5}
2015-12-01 11:11 - 2015-12-01 11:11 - 00000000 __SHD C:\found.000
2015-11-30 19:39 - 2015-11-30 19:40 - 00000000 ____D C:\Program Files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 19:33 - 2015-11-30 19:35 - 00000000 ____D C:\Program Files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 18:02 - 2015-11-30 18:02 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\GameInvest
2015-11-30 17:12 - 2015-11-30 17:13 - 00000000 ____D C:\Program Files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-30 11:38 - 2015-11-30 11:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A661D06A-6CC4-4F62-B9CD-BFB45880858E}
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 19:19 - 2015-11-29 19:22 - 00000000 ____D C:\Program Files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-29 18:25 - 2015-11-29 18:25 - 00547517 _____ C:\Users\ilaria\Downloads\p25181.pdf
2015-11-29 11:54 - 2015-11-29 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\{D5077F65-06A8-4C4F-9F1D-56B5BA34FFC0}
2015-11-27 13:07 - 2015-11-27 13:07 - 16176964 _____ C:\Users\ilaria\Downloads\accessori_lartigiana_Bottoni.zip
2015-11-27 11:10 - 2015-11-27 11:10 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1414A7D0-09A5-458C-935B-2161412B1076}
2015-11-26 18:30 - 2015-11-26 18:30 - 00001294 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-11-26 11:17 - 2015-11-26 11:17 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5D63DCE3-F6C4-49EB-9AD9-1173687F5533}
2015-11-25 19:30 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-25 18:50 - 2015-12-02 17:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 18:43 - 2015-11-25 18:43 - 00000000 ____D C:\Users\ilaria\AppData\Local\{DB606EB1-9118-4D4F-B972-55132092B2AE}
2015-11-25 17:40 - 2015-11-25 17:52 - 754825497 _____ C:\Users\ilaria\Downloads\Senza titolo (5).zip
2015-11-25 12:23 - 2015-11-25 12:23 - 00001787 _____ C:\Users\Public\Desktop\Play Farm Frenzy Inc..lnk
2015-11-25 12:22 - 2015-12-02 14:02 - 00000000 ____D C:\Program Files (x86)\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-18 18:00 - 2015-11-18 18:00 - 06633489 _____ C:\Users\ilaria\Downloads\I%3a_FOTO_ARTICOLI.zip
2015-11-17 13:56 - 2015-11-17 13:56 - 00001266 _____ C:\Users\Public\Desktop\Altri fantastici giochi.lnk
2015-11-17 10:30 - 2015-11-17 10:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{0D9E7E5B-0E72-4FF9-8424-886F689582DD}
2015-11-15 10:47 - 2015-11-15 10:47 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1AC681F7-0B67-4877-8EB7-A1C2B3639DF5}
2015-11-13 11:00 - 2015-11-13 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{4FC773F2-93DA-4674-B632-1C45CBE2F820}
2015-11-11 23:13 - 2015-11-11 23:13 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A2B206D7-AE9A-4526-9769-A6EE7E67C7F9}
2015-11-11 22:22 - 2015-10-17 15:35 - 02798592 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 22:22 - 2015-09-26 17:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 22:22 - 2015-09-26 17:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 22:22 - 2015-09-26 17:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00257536 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 14:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-11-11 22:22 - 2015-09-22 14:10 - 00517976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 22:22 - 2015-09-22 14:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 22:16 - 2015-10-17 17:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 22:16 - 2015-10-17 16:41 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 22:13 - 2015-10-10 16:48 - 00736192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 22:04 - 2015-10-13 15:45 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 22:04 - 2015-10-13 15:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 22:01 - 2015-10-14 21:25 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 22:01 - 2015-10-14 21:25 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 22:01 - 2015-10-14 16:47 - 04691392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:25 - 2015-11-11 19:25 - 00324628 _____ C:\Users\ilaria\Downloads\Scheda Sintetica di Polizza_Alitalia Programma Viaggi_Mod. 012015_tcm12-6220.pdf
2015-11-11 11:22 - 2015-10-31 20:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 11:22 - 2015-10-31 20:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 20:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 20:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-11 11:22 - 2015-10-31 19:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 11:22 - 2015-10-31 19:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 19:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 19:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-11-08 11:18 - 2015-11-08 11:19 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB3702B7-83BB-42DD-BDA5-1EB28FC1AED1}
2015-11-06 15:50 - 2015-11-06 15:50 - 00184240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-11-05 23:41 - 2015-11-05 23:41 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F6782731-13CC-4BB2-BD8E-A4F18B0DBEC3}
2015-11-05 10:58 - 2015-11-05 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{BDF8F4BD-C1CC-427B-9649-A5A9FBF22211}
2015-11-03 10:59 - 2015-11-03 10:59 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2A19DB56-8D03-4BDA-A08E-8A06597B4D4E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 16:39 - 2006-11-02 14:33 - 00000000 ____D C:\Windows
2015-12-03 16:03 - 2011-12-28 14:04 - 00001985 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 16:03 - 2011-12-28 14:02 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 15:55 - 2012-04-13 21:43 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 15:51 - 2011-12-24 17:01 - 00000000 ____D C:\ProgramData\MFAData
2015-12-03 15:51 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\tracing
2015-12-03 15:50 - 2011-12-26 18:11 - 00000000 ____D C:\Users\ilaria\Tracing
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:46 - 2014-05-26 10:21 - 00000912 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-12-03 15:46 - 2011-12-28 14:02 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 15:46 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 15:45 - 2006-11-02 16:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-03 15:44 - 2015-04-11 11:58 - 00000693 _____ C:\Windows\wininit.ini
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-03 14:50 - 2011-12-24 16:35 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Skype
2015-12-03 13:04 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Temp
2015-12-02 20:27 - 2009-08-01 04:31 - 00714792 _____ C:\Windows\system32\perfh010.dat
2015-12-02 20:27 - 2009-08-01 04:31 - 00143172 _____ C:\Windows\system32\perfc010.dat
2015-12-02 20:27 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2015-12-02 20:27 - 2006-11-02 13:46 - 01606136 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 20:16 - 2011-12-24 16:39 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-12-02 19:38 - 2011-12-24 15:32 - 00000936 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-12-02 18:01 - 2015-03-10 14:25 - 00000000 ____D C:\Users\ilaria\AppData\Local\Avg
2015-12-02 17:58 - 2015-03-10 14:20 - 00000000 ____D C:\ProgramData\AVG
2015-12-02 17:56 - 2011-12-24 17:05 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-02 17:23 - 2011-12-24 15:32 - 00000951 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-02 17:23 - 2011-12-24 15:32 - 00000917 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-12-02 16:36 - 2013-03-18 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TavoliVerdi 2013
2015-12-02 16:35 - 2014-11-06 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden World
2015-12-02 14:02 - 2013-07-09 22:07 - 00000000 ____D C:\BigFishCache
2015-12-02 14:00 - 2013-09-08 12:48 - 00000000 ____D C:\ProgramData\Big Fish
2015-12-02 13:11 - 2009-08-01 05:41 - 00000000 ___HD C:\hp
2015-12-02 13:09 - 2009-07-31 20:42 - 00000000 ____D C:\Program Files (x86)\SMINST
2015-12-02 12:21 - 2006-11-02 14:33 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-02 11:31 - 2006-11-02 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-01 20:13 - 2012-09-12 14:03 - 00000000 ____D C:\Windows\Minidump
2015-12-01 16:52 - 2009-07-31 20:48 - 00003576 _____ C:\Windows\System32\Tasks\HP Health Check
2015-12-01 16:47 - 2012-01-01 16:48 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\HpUpdate
2015-12-01 16:30 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-01 15:24 - 2011-12-24 15:27 - 00000000 ____D C:\Users\ilaria
2015-12-01 15:24 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-01 15:22 - 2006-11-02 13:33 - 94633984 _____ C:\Windows\system32\config\software_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 70254592 _____ C:\Windows\system32\config\components_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 24379392 _____ C:\Windows\system32\config\system_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 04980736 _____ C:\Windows\system32\config\default_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-01 15:20 - 2015-10-04 13:46 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\PlayFavoriteGames
2015-12-01 15:20 - 2015-09-12 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\DominiGames
2015-12-01 15:20 - 2015-08-16 13:36 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\MAI
2015-12-01 15:20 - 2014-11-18 14:54 - 00000000 ____D C:\Program Files (x86)\Burraconline
2015-12-01 15:20 - 2013-03-25 18:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-01 15:20 - 2006-11-02 16:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-01 15:20 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\spool
2015-12-01 15:20 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\registration
2015-12-01 15:19 - 2015-10-15 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\4 Friends Games
2015-12-01 15:19 - 2015-09-10 11:57 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Deep Shadows
2015-12-01 15:19 - 2015-08-04 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar Entertainment
2015-12-01 15:19 - 2015-08-02 11:08 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\SMIGames
2015-12-01 15:19 - 2015-07-12 13:09 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Awem
2015-12-01 15:19 - 2015-07-05 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Vendel-GAMES
2015-12-01 15:19 - 2015-04-15 21:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2015-12-01 14:33 - 2014-11-26 13:01 - 00000000 ____D C:\ProgramData\AVG2015
2015-11-30 19:35 - 2014-11-13 11:56 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\EleFun Games
2015-11-28 19:41 - 2014-11-09 17:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Elephant Games
2015-11-26 18:48 - 2014-11-07 13:41 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Eipix
2015-11-26 11:21 - 2011-12-24 16:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-25 19:08 - 2011-12-26 22:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AVG
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
2015-11-23 17:58 - 2014-11-07 12:30 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\ERS Game Studios
2015-11-23 16:26 - 2014-09-16 12:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\BlamGames
2015-11-11 23:32 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2015-11-11 23:07 - 2006-11-02 16:21 - 00384336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 23:02 - 2006-11-02 16:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 23:02 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 22:44 - 2013-07-18 13:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 22:24 - 2006-11-02 13:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 22:21 - 2012-05-12 11:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:08 - 2014-03-01 16:50 - 01582104 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 15:55 - 2012-04-13 21:43 - 00003830 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:55 - 2012-04-13 21:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:55 - 2011-12-26 21:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-07-27 10:16 - 2014-09-19 10:43 - 0000244 _____ () C:\Users\ilaria\AppData\Roaming\WB.CFG
2013-12-31 09:56 - 2014-01-02 11:47 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-13 09:22 - 2014-01-28 11:21 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-TTL.DAT
2012-02-18 18:32 - 2014-05-24 10:45 - 0001770 _____ () C:\Users\ilaria\AppData\Roaming\wklnhst.dat
2011-12-26 10:44 - 2015-08-14 12:54 - 0000680 _____ () C:\Users\ilaria\AppData\Local\d3d9caps.dat
2011-12-27 15:24 - 2015-05-02 13:08 - 0021504 _____ () C:\Users\ilaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-12 13:22 - 2015-07-12 13:23 - 0197874 _____ () C:\Users\ilaria\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-07-12 13:22 - 2015-07-12 13:22 - 0000002 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35error.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0114422 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35install.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0386352 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistMSI09C7.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0011368 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistUI09C7.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0008074 _____ () C:\Users\ilaria\AppData\Local\uxeventlog.txt

Some files in TEMP:
====================
C:\Users\ilaria\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ilaria\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 15:54

==================== End of FRST.txt ============================

controlla questa cartella, dimmi cosa c'e' dentro oppure se e' vuota

C:\Users\ilaria\AppData\Roaming\Eipix



apri blocco note e copia dentro questo codice

start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
end



salvalo sul desktop come fixlist.txt

chiudi tutti i programmi

ora avvia nuovamente FRST e clicca su FIX

attendi la fine delle operazioni, se il pc non si riavvia fallo tu

al termine della scansione verra' rilasciato un file come fixlog.txt

allegalo qui nel forum

C:\Users\ilaria\AppData\Roaming\Eipix
in questa cartella ci son demo di giochi

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by ilaria (2015-12-07 14:54:46) Run:1
Running from C:\Users\ilaria\Desktop
Loaded Profiles: ilaria (Available Profiles: ilaria)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
end


*****************

[3240] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe => process closed successfully.
[3760] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe => process closed successfully.
"HKU\S-1-5-21-300956757-2756368608-3835130273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc <==== ATTENTION => not found
NAVENG => service removed successfully
NAVEX15 => service removed successfully
C:\Program Files (x86)\Yontoo => moved successfully
C:\ProgramData\AVG Secure Search => moved successfully
C:\Windows\system32\Ikeext.etl => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\AVG Security Toolbar => moved successfully
C:\ProgramData\Alawar => moved successfully
C:\Users\ilaria\AppData\Roaming\Alawar => moved successfully
C:\ProgramData\AlawarEntertainment => moved successfully
C:\Users\ilaria\AppData\Roaming\AlawarEntertainment => moved successfully

==== End of Fixlog 15:04:10 ====

Si i problemi sono invariati, non mi fa entrare in istalla /disinstalla programmi del pannello di controllo . E continuano gli errori precedenti.
Comunque ho disinstallato avg con ccleaner e lo ho sostituito con avast.

Grazie del tuo interessamento

Mi dice di disattivare avast...che faccio?

ComboFix 15-12-07.01 - ilaria 08/12/2015 17.28.28.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.4093.1710 [GMT 1:00]
Eseguito da: c:\users\ilaria\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ilaria\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2015-11-08 al 2015-12-08 )))))))))))))))))))))))))))))))))))
.
.
2015-12-08 16:46 . 2015-12-08 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-08 15:53 . 2015-12-08 15:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2015-12-08 15:49 . 2015-12-08 15:49 -------- d-----w- c:\program files (x86)\QuickTime
2015-12-08 15:29 . 2015-12-08 15:29 -------- d-----w- c:\program files\ATI
2015-12-07 19:16 . 2015-12-07 19:16 -------- d-----w- C:\9d2972e931e5937411ca38732929
2015-12-07 15:14 . 2015-12-07 15:09 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-07 15:10 . 2015-12-07 15:10 -------- d-----w- c:\users\ilaria\AppData\Roaming\AVAST Software
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-07 15:10 . 2015-12-07 15:09 211448 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-07 15:10 . 2015-12-07 15:09 450504 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-07 15:10 . 2015-12-07 15:09 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-07 15:10 . 2015-12-07 15:09 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-07 15:10 . 2015-12-07 15:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-07 15:10 . 2015-12-07 15:09 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-07 15:10 . 2015-12-07 15:09 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-07 15:09 . 2015-12-07 15:09 43112 ----a-w- c:\windows\avastSS.scr
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\program files\AVAST Software
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\programdata\AVAST Software
2015-12-03 17:30 . 2015-12-03 17:38 -------- d-----w- c:\users\ilaria\AppData\Roaming\Hidden Objects ChaperonRouge
2015-12-03 15:39 . 2015-12-07 14:04 -------- d-----w- C:\FRST
2015-12-03 14:32 . 2015-12-03 14:33 -------- d-----w- c:\users\ilaria\AppData\Local\Facebook
2015-12-03 14:32 . 2015-12-03 14:32 -------- d-----w- c:\programdata\Tarma Installer
2015-12-03 14:32 . 2015-04-11 11:58 9018 ----a-w- C:\Quarantine.reg
2015-12-02 15:36 . 2013-04-08 14:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2015-12-02 15:03 . 2015-01-29 17:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-12-02 15:03 . 2015-09-14 12:03 39672 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2015-12-02 15:03 . 2015-12-02 15:03 -------- d-----w- c:\program files (x86)\Panda Security
2015-12-02 13:00 . 2015-12-02 13:01 -------- d-----w- c:\program files (x86)\bfgclient
2015-12-02 11:21 . 2015-12-02 11:21 -------- d-----w- c:\users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 10:42 . 2015-12-02 10:48 -------- d-----w- c:\programdata\PC1Data
2015-12-02 10:10 . 2015-11-17 06:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C817CA7D-9B92-40DF-8566-1B74EEDF7DAF}\mpengine.dll
2015-12-01 15:21 . 2015-12-01 15:21 -------- d-----w- C:\7b361a8e4434a6279e480b71
2015-12-01 15:20 . 2015-12-01 15:20 -------- d-----w- c:\windows\CheckSur
2015-12-01 13:29 . 2015-12-01 13:29 -------- d-----w- C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 13:16 . 2015-12-01 13:16 -------- d-----w- c:\users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 13:14 . 2015-12-01 13:57 -------- d-----w- C:\MATS
2015-12-01 10:43 . 2015-12-01 10:43 -------- d-----w- C:\8986f1190e149d948a69
2015-12-01 10:11 . 2015-12-01 10:11 -------- d-----w- C:\found.000
2015-11-30 18:39 . 2015-11-30 18:40 -------- d-----w- c:\program files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 18:33 . 2015-11-30 18:35 -------- d-----w- c:\program files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 17:02 . 2015-11-30 17:02 -------- d-----w- c:\users\ilaria\AppData\Roaming\GameInvest
2015-11-30 16:12 . 2015-11-30 16:13 -------- d-----w- c:\program files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-29 18:24 . 2015-11-29 18:24 -------- d-----w- c:\users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 18:19 . 2015-11-29 18:22 -------- d-----w- c:\program files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-25 18:30 . 2015-06-23 11:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 17:50 . 2015-12-07 14:42 -------- d-----w- c:\users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 11:22 . 2015-12-02 13:02 -------- d-----w- c:\program files (x86)\Farm Frenzy Inc
2015-11-11 21:22 . 2015-09-26 16:04 206336 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-11-11 21:22 . 2015-09-26 15:58 257536 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 281600 ----a-w- c:\windows\SysWow64\schannel.dll
2015-11-11 21:22 . 2015-09-26 15:58 350720 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 21:22 . 2015-09-26 13:21 275968 ----a-w- c:\windows\SysWow64\bcrypt.dll
2015-11-11 21:22 . 2015-09-22 13:10 517976 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-11 21:22 . 2015-09-22 13:10 306688 ----a-w- c:\windows\system32\bcrypt.dll
2015-11-11 21:22 . 2015-10-17 14:35 2798592 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 21:16 . 2015-10-17 16:01 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-11-11 21:16 . 2015-10-17 15:41 659456 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 21:13 . 2015-10-10 15:48 736192 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 21:11 . 2015-10-01 15:41 1506816 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-11-11 21:11 . 2015-10-01 16:03 940032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:11 . 2015-10-01 15:41 1823232 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-11-11 21:11 . 2015-10-01 15:41 1482752 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-11-11 21:11 . 2015-10-01 15:41 1455104 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:04 . 2015-10-13 14:45 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 21:04 . 2015-10-13 14:44 94720 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 21:01 . 2015-10-14 20:25 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 21:01 . 2015-10-14 20:25 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-11-11 21:01 . 2015-10-14 15:47 4691392 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 21:24 . 2006-11-02 12:35 145617392 ----a-w- c:\windows\system32\mrt.exe
2015-11-11 14:55 . 2012-04-13 20:42 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 14:55 . 2011-12-26 20:56 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-26 21416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-07 7021880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
c:\users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-648UB\WlanCU.exe [2011-12-24 499712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-03 15:00 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:55]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
2015-12-07 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2011-12-27 13:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-07 15:09 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.com/?trackid=sp-006
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~3\TARMAI~1\{889DF~1\Setup.exe
AddRemove-DSite - c:\users\ilaria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Ora fine scansione: 2015-12-08 18:02:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-12-08 17:02
.
Pre-Run: 748.409.954.304 byte disponibili
Post-Run: 748.690.833.408 byte disponibili
.
- - End Of File - - 2F6AB49CDD5EF27008A7CDBB9775C2E9
81CD5EC01DB0CE57EDD853F82462EF27

2015-12-08 16:59:22 . 2015-12-08 16:59:22 704 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-DSite.reg.dat
2015-12-08 16:59:00 . 2015-12-08 16:59:00 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmartMenu.reg.dat
2015-12-08 16:58:46 . 2015-12-08 16:58:46 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2015-12-08 16:58:46 . 2015-12-08 16:58:46 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2015-12-08 16:41:18 . 2015-12-08 16:41:18 8,142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-12-08 16:22:29 . 2015-12-08 16:22:29 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2015-04-15 20:56:22 . 2015-04-15 20:56:23 115,137 ----a-w- C:\Qoobox\Quarantine\C\Users\ilaria\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll.vir
2015-04-11 10:58:46 . 2015-12-03 14:44:37 693 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir

Questa è la quarantena era in un'altra nota