Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus-log Hijackthis

2 pages: [1] 2
Virus-log Hijackthis Opzioni
Topic Precedente · Topic Sucessivo
isabel
Inviato: Tuesday, December 08, 2015 2:27:28 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Ciao a tutti,c'è qualcosa che non va nel mio computer,sa un paio di settimane che è lentissimo.Ho usato Advanced System Care 8,deframmentato,ho pulito anche con CCleaner,scansionato con AVG(nulla),con Malwarebytes(trovato ed eliminato virus),ieri ho aggiornato Houscall(oggi non vuole aprire più).Mi arrivano anche un sacco di email-spam(può darsi che è la conseguenza che mi sono iscritta ad un sito di shopping,mai lo farò più).Ho intenzione di fare qualche scansione in modalità provvisoria,forse con DrWebCureit o online Eset Scanner o Microsoft safety scanner,che ne pensate?Vi posto il log Hijackthis,ci sono alcuni voci sospetti che eliminerei.Grazie mille in anticipo per l'aiuto.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:57, on 08/12/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={8F5132E1-DE4B-4CCC-A5E3-4490E55FF424}&mid=a10814b2870534fdf91e7a89a057454e-6c797ea91391c35014a64bf35e3b30c45ea399b4&lang=it&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-25 17:27:33&v=4.1.5.143&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O2@%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)3 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10338 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, December 08, 2015 2:27:28 PM

 
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 5:47:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



ciao Isabel prova a fare questa scansione

Scarica OTL, e salvalo sul desktop:
http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul desktop .
Metti la spunta su SCAN ALL USERS.
Sotto output, metti la spunta : minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check e Purity Check.
Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop, OTL.txt ed Extras.txt, salvali e caricali su Wikisend
Torna in alto
 
cbbusto
Inviato: Tuesday, December 08, 2015 10:46:27 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In attesa di quanto richiesto da shapiro e della sua risposta, ti do delle indicazioni.
Di Advanced System Care 8 io ne farei a meno, se usato male può creare dei problemi e per le infezioni non serve a niente. Anche le altre scansioni che vorresti fare servirebbero a poco ma nessuno ti vieta di farle. Ogni sito che visiti ti porta pubblicità, vivono su questo.
Il tuo pc ha un po' di porcherie, fai così: prima cosa elimina questo programma-C:\Program Files (x86)\AVG Web TuneUp\vprot.exe, poi:
Chiudi tutti i programmi e disconnessa da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.

Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......basterebbe solo l'antivirus.
Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata meglio sul desktop. Solo così Hijackthis creerà copie di backup di quello che viene eliminato prima di apportare modifiche, così in caso di inconvenienti si possono reinstallare.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={8F5132E1-DE4B-4CCC-A5E3-4490E55FF424}&mid=a10814b 2870534fdf91e7a89a057454e-6c797ea91391c35014a64bf35e3b30c45ea399b4&lang=it&ds=AV G&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-25 17:27:33&v=4.1.5.143&pid=wtu&sg=&sap=hp

O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

Poi visto che malwarebytes lo hai già usato fai queste altre scansioni:

Scarica Adwcleaner sul desktop:
http://dw2.it.uptodown.com/dw/1435411607/a94c018f502a4aea50c76175543cf32ee028bd97/adwcleaner-4-207-multi-win.exe
Per il download cliccare su: Download now
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
ADW crea un backup dei files e delle impostazioni eliminati, si trova in "C:\AdwCleaner\Quarantine" in modo da consentire l'eventuale ripristino di dati erroneamente cancellati.
Per il ripristino, aprire il programma>Strumenti>Gestione quarantena>Ripristino.

Scarica Junkware Removal Tool sul desktop.
http://junkware-removal-tool.it.uptodown.com/download
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.
Poi ti risponderà shapiro per OTL.
Ciao
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 10:55:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


cbbusto una precisazione

se Isabel effettua la scansione con adwcleaner, otl deve farla dopo altrimenti mi ritrovo le infezioni tolte nel vecchio log

a proposito anche la 020 va fixata

O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll

@Isabel come ha specificato cbbusto, prima adwcleaner poi otl
Torna in alto
 
cbbusto
Inviato: Tuesday, December 08, 2015 11:03:13 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
shapiro ha scritto:


cbbusto una precisazione

se Isabel effettua la scansione con adwcleaner, otl deve farla dopo altrimenti mi ritrovo le infezioni tolte nel vecchio log

a proposito anche la 020 va fixata

O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll

@Isabel come ha specificato cbbusto, prima adwcleaner poi otl

Concordo con quanto hai detto, io ho terminato. Ciao
Torna in alto
 
isabel
Inviato: Tuesday, December 08, 2015 11:26:12 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Grazie mille per le risposte,scusate per il tempo,ero al lavoro prima.ecco i 2 file su Wikisend:
http://wikisend.com/download/467938/OTL.Txt
http://wikisend.com/download/358556/Extras.Txt

Adesso comincio a fare il resto.
Hijackthis ho sul desktop sempre.
Non uso per niente IE lo tengo solo per evenienza,vedo troppi IE voci nel log.Mi sembra che tutti quei voci systemroot,file missing nel passato non avevo nei log,non è strano?
Advanced System Care può essere usato male?come intendi,scusami se la domanda è sciocca,credevo che è sicuro per tenere l'ordine nel sistema,lo uso solo ogni tanto.Ccleaner più spesso.
Ciao :-)
Torna in alto
 
isabel
Inviato: Tuesday, December 08, 2015 11:31:37 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Ok,rifaccio Otl dopo la adwcleaner.grazie :-)
Torna in alto
 
cbbusto
Inviato: Tuesday, December 08, 2015 11:55:25 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
isabel ha scritto:
Grazie mille per le risposte,scusate per il tempo,ero al lavoro prima.ecco i 2 file su Wikisend:
http://wikisend.com/download/467938/OTL.Txt
http://wikisend.com/download/358556/Extras.Txt

Adesso comincio a fare il resto.
Hijackthis ho sul desktop sempre.
Non uso per niente IE lo tengo solo per evenienza,vedo troppi IE voci nel log.Mi sembra che tutti quei voci systemroot,file missing nel passato non avevo nei log,non è strano?
Advanced System Care può essere usato male?come intendi,scusami se la domanda è sciocca,credevo che è sicuro per tenere l'ordine nel sistema,lo uso solo ogni tanto.Ccleaner più spesso.
Ciao :-)


Rispondo alle tue domande, poi segui shapiro, i file missing sono file inesistenti, ma quelli in systemroot non vanno toccati sono del Sistema.
Advanced System Care se lasci fare tutte quello che propone potrebbe eliminare anche file utili, meglio usare Ccleaner.
Per eventuali altre eliminazioni shapiro ti preparerà uno script apposito. Ciao
Torna in alto
 
isabel
Inviato: Wednesday, December 09, 2015 12:25:32 AM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
# AdwCleaner v5.024 - Creato file registro eventi 09/12/2015 in 00:18:08
# Aggiornato 07/12/2015 da Xplode
# Database : 2015-12-07.3 [Locale]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x64)
# Nome utente : Iza - IZA-PC
# In esecuzione da : C:\Users\Iza\Downloads\adwcleaner_5.024.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****

[-] Servizio Eliminato : YahooAUService
[-] Servizio Eliminato : vToolbarUpdater40.1.8

***** [ Cartelle ] *****

[-] Cartella Eliminato : C:\Program Files (x86)\AVG\AVG10\Toolbar
[-] Cartella Eliminato : C:\Program Files (x86)\Yahoo!\Companion
[-] Cartella Eliminato : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Cartella Eliminato : C:\ProgramData\AVG Secure Search
[-] Cartella Eliminato : C:\ProgramData\AVG Security Toolbar
[-] Cartella Eliminato : C:\ProgramData\Partner
[-] Cartella Eliminato : C:\ProgramData\Yahoo! Companion
[-] Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[-] Cartella Eliminato : C:\Users\Iza\AppData\Local\Ilivid Player
[-] Cartella Eliminato : C:\Users\Iza\AppData\Local\PackageAware
[-] Cartella Eliminato : C:\Users\Iza\AppData\LocalLow\AVG Secure Search
[-] Cartella Eliminato : C:\Users\Iza\AppData\LocalLow\Conduit
[-] Cartella Eliminato : C:\Users\Iza\AppData\LocalLow\Yahoo! Companion
[-] Cartella Eliminato : C:\Users\Iza\AppData\LocalLow\Yahoo!\Companion
[-] Cartella Eliminato : C:\Users\Iza\AppData\Roaming\Yahoo!\Companion

***** [ File ] *****


***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****

[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\ilivid
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Chiave Eliminata : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Chiave Eliminata : HKCU\Software\AVG Secure Search
[-] Chiave Eliminata : HKCU\Software\ilivid
[-] Chiave Eliminata : HKCU\Software\Softonic
[-] Chiave Eliminata : HKCU\Software\Yahoo\Companion
[-] Chiave Eliminata : HKCU\Software\Yahoo\YFriendsBar
[-] Chiave Eliminata : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
[-] Chiave Eliminata : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Chiave Eliminata : HKLM\SOFTWARE\AVG Secure Search
[-] Chiave Eliminata : HKLM\SOFTWARE\ilivid
[-] Chiave Eliminata : HKLM\SOFTWARE\SearchquMediabarTb
[-] Chiave Eliminata : HKLM\SOFTWARE\Yahoo\Companion
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Chiave Eliminata : HKU\.DEFAULT\Software\AVG Secure Search
[-] Chiave Eliminata : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
[-] Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E6369472-2971-4C42-BBB6-912A46FCAE10}

***** [ Browser web ] *****


*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8292 byte] ##########
Torna in alto
 
isabel
Inviato: Wednesday, December 09, 2015 2:48:25 AM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Iza on 09/12/2015 at 0:36:25,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2080970237-1845409042-3966681951-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/12/2015 at 0:49:38,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Torna in alto
 
isabel
Inviato: Wednesday, December 09, 2015 2:56:13 AM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
http://wikisend.com/download/302090/OTL.Txt

http://wikisend.com/download/957948/Extras.Txt
al secondo scan non me l'ha dato di nuovo il testo Extras,cosi ho allegato quello di prima.Buona notte,ci vediamo domani.
Torna in alto
 
shapiro
Inviato: Wednesday, December 09, 2015 7:34:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Isabel i log non presentano altro, i due programmini hanno fatto una bella pulizia

apri otl e clicca su cleanup, fammi sapere se il problema e' risolto o no
Torna in alto
 
isabel
Inviato: Thursday, December 10, 2015 2:49:17 AM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Ho fatto tutto e dopo l'ho testato,è più veloce di prima.Prima non si poteva giocare nemmeno con i giochi semplici e guardare video,perchè si bloccava continuamente,l'uso del CPU durante questi operazioni sfiorava quasi sempre il 100%.Un po si blocca ancora,l'uso del CPU durante questi usi va a ondata tra 60 e 85%,di rado supera il 90%.Posso fare qualcos'altro?
Dopo il Cleanup Otl mi ha chiesto il reboot,ho consentito e dopo il riavvio Otl è sparito dal computer,è normale?
Grazie mille per l'aiuto,buona notte :-)
Torna in alto
 
fax71ita
Inviato: Thursday, December 10, 2015 7:38:02 AM

Rank: AiutAmico

Iscritto dal : 4/23/2010
Posts: 3,832
Ciao
Apri il task manager e controlla nella colonna processi , quale impegna la CPU .

Clicca sulla Parolina CPU in modo che i processi attivi più impegnati risultano in alto alla lista.
Torna in alto
 
shapiro
Inviato: Thursday, December 10, 2015 8:45:46 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Isabel vediamo se c'e' qualcosa ancora da togliere

scarica e installa mbam aggiornalo e fai una scansione completa, alla fine dovrai selezionare tutte le caselline e cliccare su ''rimuovi selezionati''

Allega il log come hai fatto con gli altri

Dopo eseguimi questo

scarica farbar-recovery e mettilo sul desktop


Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

Avvialo e clicca su yes quando ti chiede di accettare le condizioni

Clicca su SCAN

Una volta terminata la scansione il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.

Allegalo nella tua prossima risposta


Commenta:
Dopo il Cleanup Otl mi ha chiesto il reboot,ho consentito e dopo il riavvio Otl è sparito dal computer,è normale?



si e' giusto, dopo il clean up otl viene rimosso dal pc


ops... non avevo letto

segui anche il consiglio di fax71ita
Torna in alto
 
cbbusto
Inviato: Thursday, December 10, 2015 12:29:22 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
isabel ha scritto:
Ho fatto tutto e dopo l'ho testato,è più veloce di prima.Prima non si poteva giocare nemmeno con i giochi semplici e guardare video,perchè si bloccava continuamente,l'uso del CPU durante questi operazioni sfiorava quasi sempre il 100%.Un po si blocca ancora,l'uso del CPU durante questi usi va a ondata tra 60 e 85%,di rado supera il 90%.Posso fare qualcos'altro?
Dopo il Cleanup Otl mi ha chiesto il reboot,ho consentito e dopo il riavvio Otl è sparito dal computer,è normale?
Grazie mille per l'aiuto,buona notte :-)


Attenzione i blocchi non sempre vengono causati da infezioni, per i giochi, in particolare quelli nuovi, devi avere una CPU molto performante, minimo una core-i5 meglio una i7di 4a generazione e soprattutto una scheda grafica potente con almeno 2 giga di ram altrimenti ti provoca dei blocchi e la CPU può arrivare tranquillamente al 100% con guai che ne conseguono.
Torna in alto
 
isabel
Inviato: Friday, December 11, 2015 2:56:45 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Non gioco con giochi nuovi,solo Diamond Dash su Facebook e ogni tanto guardo qualche piccolo filmato,musica su You-tube.Questo è tutto il mio uso,fino a 2 settimane fa non c'èra niente di problema.
Oggi il Taskmanager non mostra grandi spicchi,solo all'avvio era al 100%.
Malwarebytes non ha trovato nulla,allego il file:
Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 11/12/2015
Ora scansione: 13:47
File di log: mbam text.txt
Amministratore: Sì

Versione: 2.2.0.1024
Database malware: v2015.12.11.03
Database rootkit: v2015.12.07.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Iza

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 382114
Tempo impiegato: 35 min, 16 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Avviso
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 0
(Nessun elemento nocivo rilevato)

Valori di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settori fisici: 0
(Nessun elemento nocivo rilevato)
Torna in alto
 
isabel
Inviato: Friday, December 11, 2015 3:23:14 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Iza (administrator) on IZA-PC (11-12-2015 15:07:52)
Running from C:\Users\Iza\Downloads
Loaded Profiles: Iza (Available Profiles: Iza & Arcobaleno)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: {1e4a7273-2f44-11e2-ae89-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: {244aae7d-2074-11e3-a2ca-001e101faa49} - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: {51370f73-08cd-11e2-95de-001060e22caf} - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: {51370f8b-08cd-11e2-95de-001060e22caf} - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\MountPoints2: {6fc68d51-1678-11e3-a576-001060e22caf} - E:\AutoRun.exe
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\system32\ACER.SCR [438272 2009-07-08] ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2080970237-1845409042-3966681951-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4A6448DA-9374-47D6-904B-5A95F4FE32F5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8F5132E1-DE4B-4CCC-A5E3-4490E55FF424}&mid=a10814b2870534fdf91e7a89a057454e-6c797ea91391c35014a64bf35e3b30c45ea399b4&lang=it&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-25 17:27:33&v=4.1.5.143&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2080970237-1845409042-3966681951-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-31] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2080970237-1845409042-3966681951-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Handler: linkscanner - No CLSID Value
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-03-19] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2080970237-1845409042-3966681951-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Iza\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2080970237-1845409042-3966681951-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Iza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Iza\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Iza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-14]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-08] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47888 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [47888 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\DRIVERS\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\DRIVERS\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-02] (REALiX(tm))
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys 12A5062C06E03FF70DB47800F91C7A13
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 8A7F289B45CEACAC761E14D5FAC59EB9
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 88A02B6046356E6BE4E387FAA7451439
C:\Windows\System32\drivers\AtiHdmi.sys 3B9014FB7CE9E20FD726321C7DB7D8B0
C:\Windows\System32\DRIVERS\atikmdag.sys 2DB9047AAC9D981F59CE06D04D70C4D8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\System32\DRIVERS\avgdiska.sys E7C8FBDCB1C079C332F962DD1C075E5E
C:\Windows\System32\DRIVERS\avgidsdrivera.sys A77AF0ABA67969E7AC28B34E686ACC5C
C:\Windows\System32\DRIVERS\avgidsha.sys 87AC702B45501609BE76F703A73FD558
C:\Windows\System32\DRIVERS\avgldx64.sys 0CFB17D66DC1D76214F50E33C41CC8B6
C:\Windows\System32\DRIVERS\avgloga.sys 7EC2B7BBA7A30691D2E0D8478F219B90
C:\Windows\System32\DRIVERS\avgmfx64.sys 93B6EF1B73E7AF384F2574F7FB4282F5
C:\Windows\System32\DRIVERS\avgrkx64.sys 719EF00B1C5BED9CF5675274A4F774B9
C:\Windows\System32\DRIVERS\avgtdia.sys 3D295116030186FC6A014CA5388A4A55
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blueletaudio.sys C3F2FE3BFEAD2434862FBB265554278F
C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys C3F2FE3BFEAD2434862FBB265554278F
C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 7E40DFB0CB6DD07EB63CF6F8C67C0962
C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys 7E40DFB0CB6DD07EB63CF6F8C67C0962
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF
C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF
C:\Windows\System32\Drivers\btcusb.sys F4D1857E3B6FB857F3F2F8D78CBCBD07
C:\Windows\SysWOW64\Drivers\btcusb.sys F4D1857E3B6FB857F3F2F8D78CBCBD07
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\vbtenum.sys E49A371185D5E79C103765DA93856EE1
C:\Windows\SysWOW64\DRIVERS\vbtenum.sys E49A371185D5E79C103765DA93856EE1
C:\Windows\System32\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6
C:\Windows\SysWOW64\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\CAXHWAZL.sys D1787E11C6A0078DDEAF8CF3EE2AB293
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\DKbFltr.sys D5BCB77BE83CF99F508943945D46343D
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CAX_DPV.sys 26C5D00321937E49B6BC91029947D094
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 9AA6A93852E36FE76C3F7FC2904F3B01
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys 249EE2D26CB1530F3BEDE0AC8B9E3099
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BCC83F22805F560C8A487F2F296A78FE
C:\Windows\System32\Drivers\ksecpkg.sys 33D52A96BEEE8AFCE9E07EEC9FE0C9DB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys 2AC603C3188C704CFCE353659AA7AD71
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys CFBC6C6D8A492697CABD1D353EE64933
C:\Windows\system32\drivers\mwac.sys D61070CFAD43038DC56AEAD9BFE9CE2A
C:\Windows\System32\DRIVERS\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 73ADDCC406B86E7DA4416691E8E74BDA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7C81098FBAF2EAF5B54B939F832B0F61
C:\Windows\System32\DRIVERS\mrxsmb20.sys ACB763673BCCE6C7B3B8F858C9FE4F1F
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys DB30AA4DAA0D492FA5D7717D8181FFA1
C:\Windows\SysWOW64\Drivers\RtsUStor.sys DB30AA4DAA0D492FA5D7717D8181FFA1
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys ED6D1424E5B0C21A57B28DD8508D6843
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 6648C6D7323A2CE0C4776C36CEFBCB14
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61
C:\Windows\SysWOW64\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61
C:\Windows\System32\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B
C:\Windows\SysWOW64\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CAX_CNXT.sys A6EA7A3FC4B00F48535B506DB1E86EFD
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 15:07 - 2015-12-11 15:08 - 00035744 _____ C:\Users\Iza\Downloads\FRST.txt
2015-12-11 15:06 - 2015-12-11 15:07 - 00000000 ____D C:\FRST
2015-12-11 15:02 - 2015-12-11 15:02 - 02369024 _____ (Farbar) C:\Users\Iza\Desktop\FRST64.exe
2015-12-11 14:33 - 2015-12-11 14:33 - 00001188 _____ C:\Users\Iza\Desktop\mbam text.txt
2015-12-11 13:46 - 2015-12-11 13:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 13:46 - 2015-12-11 13:46 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-11 13:46 - 2015-12-11 13:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-11 13:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-11 13:46 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-11 13:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-11 13:04 - 2015-12-11 13:04 - 22908888 _____ (Malwarebytes ) C:\Users\Iza\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-09 00:49 - 2015-12-09 00:49 - 00001408 _____ C:\Users\Iza\Desktop\JRT.txt
2015-12-09 00:10 - 2015-12-09 00:18 - 00000000 ____D C:\AdwCleaner
2015-12-09 00:03 - 2015-12-09 00:03 - 01738240 _____ C:\Users\Iza\Downloads\adwcleaner_5.024.exe
2015-12-08 23:52 - 2015-12-08 23:52 - 01388274 _____ (Thisisu) C:\Users\Iza\Downloads\junkware-removal-tool-6-4-2-en-win.exe
2015-12-08 13:27 - 2015-12-08 13:27 - 02494944 _____ (Trend Micro Inc.) C:\Users\Iza\Downloads\HousecallLauncher64.exe
2015-12-08 12:58 - 2015-12-08 12:58 - 00274672 _____ C:\Windows\Minidump\120815-44709-01.dmp
2015-12-06 14:31 - 2015-12-08 12:58 - 420993817 _____ C:\Windows\MEMORY.DMP
2015-12-06 14:31 - 2015-12-06 14:31 - 00274672 _____ C:\Windows\Minidump\120615-53633-01.dmp
2015-12-06 13:40 - 2015-12-06 13:40 - 97239040 _____ C:\Windows\system32\config\software.iobit
2015-12-06 13:40 - 2015-12-06 13:40 - 69160960 _____ C:\Windows\system32\config\components.iobit
2015-12-06 13:40 - 2015-12-06 13:40 - 00364544 _____ C:\Windows\system32\config\default.iobit
2015-12-06 13:40 - 2015-12-06 13:40 - 00098304 _____ C:\Windows\system32\config\sam.iobit
2015-12-06 13:40 - 2015-12-06 13:40 - 00028672 _____ C:\Windows\system32\config\security.iobit
2015-11-27 07:53 - 2015-11-27 07:53 - 07942416 _____ (IObit ) C:\Users\Iza\Downloads\smart-defrag-setup (1).exe
2015-11-13 14:39 - 2015-11-13 14:39 - 07942416 _____ (IObit ) C:\Users\Iza\Downloads\smart-defrag-setup.exe
2015-11-12 20:45 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 00:06 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 00:06 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 00:06 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 00:06 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 00:06 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 00:06 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 00:06 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 00:06 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 00:06 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 00:06 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 00:06 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 00:06 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 00:06 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 00:06 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 00:06 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 00:06 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 00:06 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 00:06 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 00:06 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 00:06 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 00:06 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 00:06 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 00:06 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 00:06 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 00:06 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 00:06 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 00:06 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 00:06 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 00:06 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 00:06 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 00:06 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 00:06 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 00:06 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 00:06 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 00:06 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 00:06 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 00:06 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 00:06 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 00:06 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 00:06 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 00:06 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 00:06 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 00:06 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 00:06 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 00:06 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 00:06 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 00:06 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 00:06 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 00:06 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 00:06 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 00:06 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 00:06 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 00:06 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 00:06 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 00:06 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 00:06 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 00:06 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 00:06 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 00:06 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 00:06 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 00:05 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 00:05 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 00:05 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 00:05 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 00:04 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 00:04 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 00:04 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 00:04 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 00:04 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 00:04 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 00:04 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 00:04 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 00:04 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 00:04 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 00:03 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 00:03 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 00:03 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 00:03 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 00:03 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 00:03 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 00:03 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 00:03 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 00:03 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 00:03 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 00:03 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 00:03 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 00:03 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 00:02 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 00:02 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 00:02 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 00:02 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 00:02 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 00:02 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 00:02 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 00:02 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 00:02 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 00:02 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 00:02 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 00:02 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 00:02 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 00:02 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 00:02 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 00:02 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 00:02 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 00:02 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 00:02 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 00:02 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 00:02 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 00:02 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 00:02 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 00:02 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 00:02 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 00:02 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 00:02 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 00:02 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 00:02 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 00:02 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 00:02 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 00:02 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 00:01 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 00:01 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 00:01 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 00:01 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 00:01 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 00:01 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 00:01 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 00:01 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 00:01 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 00:01 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 00:01 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-19 18:58 - 2015-10-19 18:58 - 00178723 _____ C:\Users\Iza\Downloads\Stellenangebote.pdf
2015-10-19 12:32 - 2015-10-19 12:32 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-15 19:55 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 19:55 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 19:55 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 19:55 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 19:55 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 19:55 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 19:55 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 18:49 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 18:49 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 18:49 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 18:49 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 18:43 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 18:43 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 18:43 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 18:43 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 18:43 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 18:43 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 18:43 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 18:43 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 18:43 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 18:41 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 18:41 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-10-13 01:22 - 2015-10-13 01:22 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-09-27 21:20 - 2015-09-27 21:20 - 00198785 _____ C:\Users\Iza\Downloads\bildungscenter-hotellerie-und-gastronomie-hotelgewerbe-1-WBS-TRAINING-AG.pdf
2015-09-18 15:38 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-18 15:38 - 2015-07-15 04:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-18 15:38 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-18 15:38 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-18 15:38 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-18 15:38 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-18 15:38 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-18 15:37 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-18 15:37 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-18 15:37 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-18 15:37 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-18 15:37 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-18 15:37 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-18 15:36 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-18 15:36 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-18 15:36 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-18 15:36 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-18 15:36 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-18 15:36 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-18 15:36 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-18 15:36 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-18 15:36 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-18 15:36 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-18 15:36 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-18 15:36 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-18 15:36 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-18 15:36 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-18 15:36 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-18 15:36 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-18 15:36 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-18 15:36 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-18 15:36 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-18 15:36 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-18 15:36 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-18 15:36 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 15:06 - 2009-10-05 21:50 - 00000000 ____D C:\Windows
2015-12-11 14:53 - 2012-09-07 22:48 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000UA.job
2015-12-11 14:24 - 2010-03-27 20:17 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 14:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-12-11 13:48 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 13:48 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 13:43 - 2010-03-27 20:17 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 13:32 - 2011-05-10 11:08 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-11 13:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 13:12 - 2012-09-07 22:48 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000Core.job
2015-12-11 13:03 - 2011-03-21 10:26 - 00000000 ____D C:\ProgramData\MFAData
2015-12-11 03:02 - 2015-05-03 17:43 - 00002189 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-12-09 21:28 - 2013-05-26 14:32 - 00002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-09 00:28 - 2009-12-12 13:41 - 00741652 _____ C:\Windows\system32\perfh010.dat
2015-12-09 00:28 - 2009-12-12 13:41 - 00147674 _____ C:\Windows\system32\perfc010.dat
2015-12-09 00:28 - 2009-07-14 06:13 - 01661252 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-09 00:18 - 2012-06-03 00:19 - 00000000 ____D C:\Users\Iza\AppData\LocalLow\Yahoo!
2015-12-09 00:18 - 2010-03-27 22:39 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-08 23:43 - 2015-05-03 17:42 - 00000000 ____D C:\ProgramData\IObit
2015-12-08 23:29 - 2012-06-05 14:03 - 00005145 _____ C:\Users\Iza\Desktop\info.txt
2015-12-08 12:58 - 2010-03-29 15:50 - 00000000 ____D C:\Windows\Minidump
2015-12-07 00:42 - 2014-09-07 22:41 - 00000000 ____D C:\Users\Iza\Desktop\Deutsch
2015-12-06 23:54 - 2010-03-07 15:46 - 00000000 ____D C:\Users\Iza
2015-12-06 23:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
2015-12-06 22:55 - 2015-03-22 19:10 - 00000582 _____ C:\Users\Iza\Desktop\ref..txt
2015-12-06 15:02 - 2011-05-07 02:51 - 00599552 ___SH C:\Users\Iza\Thumbs.db
2015-12-06 14:56 - 2013-10-07 18:17 - 00005774 _____ C:\Users\Iza\Desktop\tel.txt
2015-12-06 13:40 - 2010-03-27 14:29 - 00000000 ____D C:\Users\Arcobaleno
2015-12-06 01:31 - 2015-05-03 17:44 - 00000000 ____D C:\ProgramData\ProductData
2015-12-06 01:30 - 2015-05-03 17:42 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-05 19:44 - 2012-11-13 20:44 - 00000000 ____D C:\ProgramData\FASTWEB Mobile
2015-12-05 19:40 - 2012-11-13 20:40 - 00000000 ____D C:\ProgramData\DatacardService
2015-12-05 19:34 - 2015-03-22 20:45 - 00000000 ____D C:\Users\Iza\Desktop\imaginette
2015-12-05 13:19 - 2010-03-27 20:17 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 13:19 - 2010-03-27 20:17 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 21:08 - 2014-06-20 22:35 - 00000000 ____D C:\Users\Iza\Desktop\viaggi foto
2015-11-30 22:24 - 2015-03-30 11:57 - 00000000 ____D C:\Users\Iza\Desktop\Arbeit
2015-11-27 17:40 - 2010-03-07 16:00 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-11-27 08:59 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-11-27 08:36 - 2011-10-05 18:56 - 01179214 _____ C:\Users\Iza\AppData\Local\census.cache
2015-11-27 08:35 - 2011-10-05 18:56 - 00120283 _____ C:\Users\Iza\AppData\Local\ars.cache
2015-11-27 07:55 - 2015-08-02 13:25 - 00001178 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-11-27 07:55 - 2015-08-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-11-13 22:52 - 2014-06-20 22:23 - 00000000 ____D C:\Users\Iza\Desktop\fotocamera
2015-11-13 13:12 - 2009-07-14 05:45 - 00418600 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-13 00:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 23:21 - 2015-01-21 22:51 - 00000896 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-11 23:21 - 2015-01-21 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-11 20:10 - 2013-08-16 21:54 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 19:47 - 2010-05-26 09:05 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 19:23 - 2014-02-27 07:33 - 01636074 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 19:17 - 2009-10-28 19:59 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2009-10-29 05:21 - 2009-02-10 20:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2010-04-09 23:28 - 2010-05-21 08:57 - 0000278 _____ () C:\Users\Iza\AppData\Roaming\mainhst.zgh
2010-03-29 22:25 - 2012-09-10 00:49 - 0000302 _____ () C:\Users\Iza\AppData\Roaming\wklnhst.dat
2011-10-05 18:56 - 2015-11-27 08:35 - 0120283 _____ () C:\Users\Iza\AppData\Local\ars.cache
2011-10-05 18:56 - 2015-11-27 08:36 - 1179214 _____ () C:\Users\Iza\AppData\Local\census.cache
2011-10-05 17:01 - 2011-10-05 17:01 - 0000036 _____ () C:\Users\Iza\AppData\Local\housecall.guid.cache
2012-08-31 09:51 - 2012-08-31 09:51 - 0004096 ____H () C:\Users\Iza\AppData\Local\keyfile3.drm
2009-12-12 05:05 - 2009-12-12 05:09 - 0007842 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-10-29 05:22 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Files to move or delete:
====================
C:\Users\Iza\ccsetup319.exe
C:\Users\Iza\ccsetup401.exe
C:\Users\Iza\FHSetup.exe
C:\Users\Iza\FoxitReader605.0618_enu_Setup.exe
C:\Users\Iza\mbam-setup-1.75.0.1300.exe
C:\Users\Iza\REGALO_economica.exe
C:\Users\Iza\revosetup.exe
C:\Users\Iza\word2007-kb974631-fullfile-x86-glb.exe


Some files in TEMP:
====================
C:\Users\Iza\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
identificatore {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale it-IT
inherit {globalsettings}
default {current}
resumeobject {528c4e1d-e71c-11de-bff3-00262d6c0016}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Caricatore di avvio di Windows
identificatore {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale it-IT
inherit {bootloadersettings}
recoverysequence {528c4e1f-e71c-11de-bff3-00262d6c0016}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {528c4e1d-e71c-11de-bff3-00262d6c0016}
nx OptIn

Caricatore di avvio di Windows
identificatore {528c4e1f-e71c-11de-bff3-00262d6c0016}
device ramdisk=[C:]\Recovery\528c4e1f-e71c-11de-bff3-00262d6c0016\Winre.wim,{528c4e20-e71c-11de-bff3-00262d6c0016}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\528c4e1f-e71c-11de-bff3-00262d6c0016\Winre.wim,{528c4e20-e71c-11de-bff3-00262d6c0016}
systemroot \windows
nx OptIn
winpe Yes

Ripresa da modalit… di ibernazione
identificatore {528c4e1d-e71c-11de-bff3-00262d6c0016}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale it-IT
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Tester memoria di Windows
identificatore {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale it-IT
inherit {globalsettings}
badmemoryaccess Yes

Impostazioni Servizi di gestione emergenze
identificatore {emssettings}
bootems Yes

Impostazioni debugger
identificatore {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Problemi RAM
identificatore {badmemory}

Impostazioni globali
identificatore {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Impostazioni caricatore di avvio
identificatore {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Impostazioni hypervisor
identificatore {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Impostazioni Resume Loader
identificatore {resumeloadersettings}
inherit {globalsettings}

Opzioni dispositivo
identificatore {528c4e20-e71c-11de-bff3-00262d6c0016}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\528c4e1f-e71c-11de-bff3-00262d6c0016\boot.sdi
LastRegBack: 2015-12-10 01:41

==================== End of FRST.txt ============================
Torna in alto
 
isabel
Inviato: Friday, December 11, 2015 3:25:36 PM
Rank: Member

Iscritto dal : 12/8/2015
Posts: 14
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Iza (2015-12-11 15:08:56)
Running from C:\Users\Iza\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-07 14:46:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2080970237-1845409042-3966681951-500 - Administrator - Disabled)
Arcobaleno (S-1-5-21-2080970237-1845409042-3966681951-1001 - Limited - Enabled) => C:\Users\Arcobaleno
Guest (S-1-5-21-2080970237-1845409042-3966681951-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2080970237-1845409042-3966681951-1003 - Limited - Enabled)
Iza (S-1-5-21-2080970237-1845409042-3966681951-1000 - Administrator - Enabled) => C:\Users\Iza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3G HSDPA Wireless Modem MD-@ (HKLM-x32\...\{395AB8C5-F3A8-4380-8718-7A11EC5829F2}) (Version: 1.00.0000 - PHD)
7-Zip 9.13 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0913-000001000000}) (Version: 9.13.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7006 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7006 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.5.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
Air Flashback (HKLM-x32\...\Air Flashback_is1) (Version: 1.0 - MyPlayCity, Inc.)
Assistente per l'accesso a Windows Live (HKLM-x32\...\{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}) (Version: 5.000.818.5 - Microsoft Corporation)
ATI Catalyst Install Manager (HKLM\...\{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4483 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
Billiards Club (HKLM-x32\...\Billiards Club_is1) (Version: 1.0 - MyPlayCity, Inc.)
Bluesoleil2.6.0.6 Release 070411 (HKLM-x32\...\{D88AF410-FE60-4404-8740-367EE04A5AF2}) (Version: 2.6.0.6 Release 070411 - IVT Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
ccc-core-static (x32 Version: 2009.0729.2227.38498 - Nome società) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Disinstalla EPSON SX110 Series Printer (HKLM\...\EPSON SX110 Series) (Version: - SEIKO EPSON Corporation)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX110_TX110 Manuale (HKLM-x32\...\Epson Stylus SX110_TX110 Guida utente) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
Feelers (HKLM-x32\...\Feelers_is1) (Version: 1.0 - MyPlayCity, Inc.)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.0.320 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.55 - Conexant Systems)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Jewel Island (HKLM-x32\...\Jewel Island_is1) (Version: 1.0 - MyPlayCity, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.06 - Acer Inc.)
Lost in Reefs (HKLM-x32\...\Lost in Reefs_is1) (Version: 1.0 - MyPlayCity, Inc.)
Magic Farm (HKLM-x32\...\Magic Farm_is1) (Version: 1.0 - MyPlayCity, Inc.)
Malwarebytes Anti-Malware versione 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM-x32\...\{90A10410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Italian) (HKLM-x32\...\{95120000-00AF-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM-x32\...\{903B0410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{34A08914-7A33-4040-A959-1577BF5AFF8A}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Pacchetto di compatibilità per Office System 2007 (HKLM-x32\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Pestering Birds (HKLM-x32\...\Pestering Birds_is1) (Version: 1.0 - MyPlayCity, Inc.)
Pro Evolution Soccer 2011 (HKLM-x32\...\{1148E85C-E1AF-48E0-A29C-68DACE07E054}) (Version: 1.00.0000 - KONAMI)
Raccolta foto di Windows Live (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Rainbow Mystery (HKLM-x32\...\Rainbow Mystery_is1) (Version: 1.0 - MyPlayCity, Inc.)
Rainbow Web (HKLM-x32\...\Rainbow Web_is1) (Version: 1.0 - MyPlayCity, Inc.)
Rainbow Web 2 (HKLM-x32\...\Rainbow Web 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Season Match (HKLM-x32\...\Season Match_is1) (Version: 1.0 - MyPlayCity, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Strike Ball 2 (HKLM-x32\...\Strike Ball 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
Strumento di caricamento di Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Subsea Relic (HKLM-x32\...\Subsea Relic_is1) (Version: 1.0 - MyPlayCity, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Trio - The Great Settlement (HKLM-x32\...\Trio - The Great Settlement_is1) (Version: 1.0 - MyPlayCity, Inc.)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3000.144 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3000.144 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (it-IT) (x32 Version: 13.0.3000.144 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B7DD783E-EE11-4B68-AF39-71AE2C457015}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

08-12-2015 15:26:07 Punto di controllo pianificato
11-12-2015 13:29:37 Revo Uninstaller's restore point - Malwarebytes Anti-Malware versione 2.2.0.1024

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03330183-F08F-42E1-9DA9-DAEEA663C91F} - System32\Tasks\{B529EC51-F682-448B-A53F-FDDBEE1A8028} => pcalua.exe -a "C:\Program Files (x86)\McAfee\MSC\mcuninst.exe"
Task: {0B6C3961-2C46-4C7E-A999-B7E0695789B0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2080970237-1845409042-3966681951-1000
Task: {1EC21741-C2CA-420B-A3CF-2607CD7D0B85} - System32\Tasks\Programma di aggiornamento online di InstallShield Software => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-08-09] (InstallShield Software Corporation)
Task: {21B1334A-373F-49AB-B9CD-2D695B8B098F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {246D26DE-3C11-4598-9ACA-3146CC046775} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2F9F4CE4-1494-4710-BA46-06485E5EFBAE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000UA => C:\Users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07] (Facebook Inc.)
Task: {48DA9DE6-9C35-4CD3-AB16-DFD4F4ED707B} - System32\Tasks\ASC8_SkipUac_Iza => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
Task: {61D187AD-CE3A-4511-AD34-58FDA14BF510} - System32\Tasks\Programma di aggiornamento online di Egis technology => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04] (Egis Technology Inc.)
Task: {649C1194-24C3-4933-8360-6306E5D3A837} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {69E2A210-AE68-44B8-8D1A-9A257E5A4B08} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {98AAEF72-D623-45E9-B66B-E0E9C64B0620} - System32\Tasks\Driver Booster SkipUAC (Iza) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {AF111327-5E8A-4635-BA86-3CEF86870155} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {B42142DB-0EDA-4FC1-8144-047943E752BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000Core => C:\Users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07] (Facebook Inc.)
Task: {B616B7EF-8776-4161-8A36-35049CCD3CAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {C5291D20-CE0F-402B-84DC-88CCAED51A5F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {D1A075E1-B18C-4666-9791-7E6B36D41BC9} - System32\Tasks\Uninstaller_SkipUac_Iza => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {D1C8131A-52CF-435B-87D2-CB9723791185} - System32\Tasks\Programma di aggiornamento online di Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {E281B89E-55D0-4D3A-8401-4612CB07A4CF} - System32\Tasks\Google Updater and Installer => C:\Users\Iza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E7E4D57D-84EF-4962-8208-9C4E91B1945D} - System32\Tasks\{E4030D8E-3612-4352-BB39-2138B5DCB971} => pcalua.exe -a "C:\Users\Iza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WN9NVK0X\avg_free_stb_eu_9_114_free[1].exe" -d C:\Users\Iza\Desktop
Task: {EAE85556-73E6-4148-BFF3-7E89F7B08FBD} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-06-10] (IObit)
Task: {F83F1DF6-9147-43DC-97D9-3D3A97496C21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000Core.job => C:\Users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2080970237-1845409042-3966681951-1000UA.job => C:\Users\Iza\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-25 16:26 - 2015-10-08 21:55 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2009-05-13 10:44 - 2009-05-13 10:44 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-12 04:58 - 2009-12-12 04:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2080970237-1845409042-3966681951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Iza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: vToolbarUpdater40.1.8 => 2
MSCONFIG\Services: WerSvc => 3
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E5202750-B9B6-4480-8366-F341B74D2144}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{07B3C40B-5F10-4911-943F-C40EC646C2BE}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{92F89C22-4726-425C-AB71-49CCCAEA882C}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{EE4C19A7-A65A-4438-B1EC-78B2EAC2C160}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{0BEF2387-72BE-4D96-846E-DF3C342A181E}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{27B7C5DB-993F-4AE3-A8C3-E57DDAD978BA}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{14782EB0-314D-49D3-9B0C-4E64F775F476}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{213A1718-7AFD-430F-85D7-6521F2759604}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{74A3641C-8394-415F-B4D1-4BEB1ADF4FB3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{CA040F18-15E2-4B1C-8616-14D4E3B7E112}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{76414E4A-8BDA-4C29-962D-BBDF98ACC597}] => (Allow) svchost.exe
FirewallRules: [{A69DD306-44A1-49A2-B8AF-32F5B4DD78A2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{ABBE0425-32B1-40EC-8503-8F07FA32F5C8}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{C2798415-7D61-41F5-85B1-AE9010E5D338}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{69B218F9-647B-4D48-B85F-F97AC92ADFF5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7D7F9E4E-0D03-4BBB-AFED-1C5A5DD3F9E4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{84A12010-AF61-4E63-A82D-59F027A19A2F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F38EF8B4-9E2A-4A6E-B081-239043F4AD14}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{56596B05-E3F1-4F6E-83B8-517ECE2BC1BE}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{BD1F6581-411C-489E-BFF9-E65913423C0A}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{71104338-8C43-463B-BE7C-42A562B94824}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{C84ECF78-C9C6-49B5-B356-5F0A2C3164E5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{4BCE1C9E-B68B-4EA6-894F-19B2C3BDC1C0}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe
FirewallRules: [{BA146082-8B73-4B11-8330-9BEA4C479B6C}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe
FirewallRules: [{D228151E-2456-40E6-AB9B-F9D2BFB042D9}] => (Allow) C:\Users\Iza\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F4BC57D7-738F-4C79-A907-7BB2DFFBF63D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B27A3A52-A63A-431B-A673-36541F3C6937}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C942337C-E13C-4CA8-995E-C27DF676B32C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A17B5F2F-CE39-41A2-A167-C349A7D48142}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{215825F3-708D-432D-91EE-6C21DA1124DB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{817BB622-4248-4294-882A-F9B1DCDB467C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{1157EC0B-3202-4C94-A065-3C0A659EC5A7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{18AF86CD-C30E-4253-BBA8-710B76748E88}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C1091159-257F-44FD-B89D-39252A217445}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F2E14578-2950-4842-8C90-71FF0082554C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D06151B4-6314-4069-8716-9A03E526220A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7FC0A149-0AF2-4A54-B6F5-A32B3013CDE3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AE7D71CF-1411-4C73-976E-6F4BCBDFCC78}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E2A12AFC-EA73-42B5-B560-106FD331A446}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 01:30:58 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Handle non valido

Error: (12/10/2015 12:36:05 PM) (Source: Google Update) (EventID: 20) (User: Iza-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


System errors:
=============
Error: (12/11/2015 02:32:07 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/11/2015 01:35:11 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (12/11/2015 01:35:11 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (12/11/2015 01:32:28 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/11/2015 01:32:28 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/11/2015 12:58:26 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/11/2015 03:02:38 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/10/2015 12:35:57 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/10/2015 02:06:12 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (12/10/2015 02:06:12 AM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422


CodeIntegrity:
===================================
Date: 2010-03-27 18:35:17.239
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:17.223
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:16.209
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:16.209
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:15.023
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:15.008
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:14.040
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:14.030
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:12.976
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2010-03-27 18:35:12.966
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\VComm.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II Dual-Core M300
Percentage of memory in use: 36%
Total physical RAM: 4094.36 MB
Available physical RAM: 2588.11 MB
Total Virtual: 8186.93 MB
Available Virtual: 6568.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:382.35 GB) NTFS
Drive g: () (Removable) (Total:1.89 GB) (Free:0.04 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 35353535)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus-log Hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.