NoTrace Security Forum

NoTrace Security Forum
Home | Registrati | Discussioni Attive | Discussioni Recenti | Segnalibro | Msg privati | Utenti | Download | cerca | faq | RSS | Security Chat
Nome Utente:
Password:
Salva Password
Password Dimenticata?

 Tutti i Forum
 Virus
 Computer Virus
 planet49
 Nuova Discussione  Rispondi
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
I seguenti utenti stanno leggendo questo Forum Qui c'è:
Pagina Successiva
Autore Discussione Precedente Discussione Discussione Successiva
Pagina: di 2

jimbo666
Senior Member


Città: foligno


236 Messaggi


Inserito il - 16/04/2016 : 10:21:04  Mostra Profilo  Rispondi Quotando
Buon giorno, ho preso il modificatore di browser planet 49, come faccio a toglierlo?
grazie in anticipo per le risposte

jimbo

Modificato da - in Data

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 17/04/2016 : 21:05:38  Mostra Profilo  Rispondi Quotando



ciao e benvenuto nel forum jimbo666 fai queste due scansioni

scarica adwcleaner sul desktop
•Avvialo e clicca sul pulsante ANALISI.
Al termine della scansione il pulsante PULIZIA diventerà attivo.Clicca su PULIZIA.
•Conferma con OK le varie finestre che ti compariranno.
•Il pc si riavvierà, e uscirà il log con le eliminazioni.
•Salva il log e allegalo



Scarica Farbar Recovery Scan Tool sul desktop [www].bleepingcomputer[.com]/download/farbar-recovery-scan-tool/
n.b. Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)
•Doppio click per avviarlo.
•Quando ti chiede di accettare le condizioni clicca su yes.
•Clicca sul pulsante SCAN
•Quando finito il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
•La prima volta che FRST sarà avviato verrà creato un altro log chiamato Addition.txt
•Allega entrambi i log

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 18/04/2016 : 09:36:33  Mostra Profilo  Rispondi Quotando
Ciao, grazie per la risposta, questi sono i log. volevo anche aggiungere che non riesco piu a cambiare le mie home page. appena faccio partire i broswer non si apre google ma pagina di pubblicità.
[URL=htt*://wikisend[.com]/download/674008/Addition.txt]Addition.txt[/URL]
[URL=htt*://wikisend[.com]/download/704766/FRST.txt]FRST.txt[/URL]
[URL=htt*://wikisend[.com]/download/966066/AdwCleaner[C2].txt]AdwCleaner[C2].txt[/URL]

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 18/04/2016 : 10:29:52  Mostra Profilo  Rispondi Quotando
il log di adwcleaner non riesco ad aprirlo, allegalo di nuovo
per allegarlo usa htt*://[www].wikifortio[.com] oggi wikisend fa i capricci

ora scarica sul desktop il file che ti ho allegato poi apri frst e clicca una sola volta su fix, a fine operazione verra' redatto un log come fixlog.txt che dovrai allegare

fixlist

importante: se il pc non dovesse riavviarsi dopo questa operazione riavvialo tu

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento

Modificato da - shang in data 18/04/2016 11:07:30
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 18/04/2016 : 11:25:45  Mostra Profilo  Rispondi Quotando
[URL=htt*://[www].wikifortio[.com]/760393/AdwCleaner[C2].txt]AdwCleaner[C2].txt[/URL]

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 18/04/2016 : 11:35:12  Mostra Profilo  Rispondi Quotando

oggi i server fanno le bizze

copiali senza allegarli, manca la parte del fix che ti ho postato

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 18/04/2016 : 12:11:43  Mostra Profilo  Rispondi Quotando
Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Admin (2016-04-18 11:27:33) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
Task: {D9349ECA-9119-45A5-84AE-4FC9A2714E81} - System32\Tasks\{FED48273-815F-4D6A-AEEA-A29DA68229AD} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Tcpip\..\Interfaces\{94343AC6-B067-4C97-A881-DFDF6A233B4A}: [NameServer] 172.24.5.7,172.24.5.6
end
EmptyTemp:
Reboot:
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9349ECA-9119-45A5-84AE-4FC9A2714E81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9349ECA-9119-45A5-84AE-4FC9A2714E81}" => key removed successfully
C:\Windows\System32\Tasks\{FED48273-815F-4D6A-AEEA-A29DA68229AD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FED48273-815F-4D6A-AEEA-A29DA68229AD}" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94343AC6-B067-4C97-A881-DFDF6A233B4A}\\NameServer => value removed successfully

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 18/04/2016 : 12:51:57  Mostra Profilo  Rispondi Quotando

per favore il log di AdwCleaner poi dimmi se il pc e' migliorato

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 18/04/2016 : 13:03:41  Mostra Profilo  Rispondi Quotando
# AdwCleaner v5.112 - File di log creato 18/04/2016 a 08:55:40
# Aggiornato 17/04/2016 da Xplode
# Database : 2016-04-17.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (X64)
# Nome utente : Admin - ADMIN-PC
# Eseguendo da : C:\Users\Admin\Downloads\adwcleaner_5.112.exe
# Opzione : Pulizia
# Supporto : htt*://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****


***** [ File ] *****


***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registro ] *****


***** [ Browser web ] *****


*************************

:: "Tracce" di chiavi rimosse
:: Impostazioni Winsock ripristinate

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1393 byte] - [16/04/2016 14:48:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [815 byte] - [18/04/2016 08:55:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1167 byte] - [16/04/2016 14:46:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [935 byte] - [17/04/2016 10:19:32]
C:\AdwCleaner\AdwCleaner[S3].txt - [1006 byte] - [18/04/2016 08:54:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1101 byte] ##########



non riesco a cambiare le home page

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 18/04/2016 : 13:12:41  Mostra Profilo  Rispondi Quotando


scarica hijackthis

lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Ricordati di mettere HIJACKTHIS in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee è importante se vuoi salvare i backup

Posta il log che ti rilascia

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 18/04/2016 : 13:43:10  Mostra Profilo  Rispondi Quotando
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:42:45, on 18/04/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)

FIREFOX: 45.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Chiavetta Internet 14.4(200)\ModemApplication.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 x32 x64.dat
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable\Adobe Dreamweaver CC 2015 (32 Bit).exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\Admin\Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [www].google[.com]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [www].google[.com]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [www].google[.com]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 172.24.0.84 dem.uslumbria1.it
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Sepang Olivetti ModemListener] C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe start
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [FUJ02B1_Apps] "%PROGRAMFILES(X86)%\Fujitsu\FUJ02B1\CheckBatteryPack.exe" -ViewTarget -langid 0x411
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{94343AC6-B067-4C97-A881-DFDF6A233B4A}: Domain = asl3.umbria.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB71DDE-9A6C-4D19-BA2D-C45FAF25662F}: NameServer = 10.206.56.132 10.207.43.46
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FUJ02E3Service - FUJITSU LIMITED - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: %SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Olivetti Silverstone Modem Device Helper - Unknown owner - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ServiceManager.exe
O23 - Service: PFNService - FUJITSU LIMITED - C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: %systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Agent - Sophos Limited - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Limited - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe
O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WatchGuard SSLVPN Service (wgsslvpnsrc) - Unknown owner - C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13444 bytes

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 18/04/2016 : 14:17:43  Mostra Profilo  Rispondi Quotando


leggi qui come cambiare la home page

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 19/04/2016 : 12:04:24  Mostra Profilo  Rispondi Quotando
ciao, ho seguito le istruzioni ma appena apro il broswer mi appare una cosa del genere:
htt*://play.leadzupc[.com]/?m=1GSQDOWNLOADS&aff_sub2=6f287461766f7463716350

secondo te perchè? l ho tolto planet49?

jimbo
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi

Inserito il - 19/04/2016 : 12:56:47  Mostra Profilo  Rispondi Quotando
Scarica malwarebytes [www].malwarebytes.org/products/ sul desktop ed installalo.
Durante l'installazione togli la spunta da attiva malwarebytes premium(di prova).
•Una volta installato avvia il programma.Controlla che nella pagina iniziale(controllo) la versione del database sia aggiornata(spunta verde) altrimenti clicca su aggiornamento.
•Portati in alto e clicca su setting.Alla voce "lingua" setta l'italiano.
•Portati alla voce rilevamento e protezione:metti la spunta a "ricerca rootkit"
•Riportati alla pagina iniziale(controllo) e clicca su scansiona.

Se vengono rilevate minacce clicca sul pulsante APPLICA.MBAM ti chiederà di riavviare il pc.
Al riavvio riapri il programma.Clicca su cronologia-log applicazione.Fai doppio click su log scansione-clicca su esporta in formato txt.
Allega il log



Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona [color=red]60 Days[/color]

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e allegali

Citazione:
devi andare oltre la paura e la speranza e imparare a conoscere la forza della tua mente. Solo allora potrai smettere di soffrire



*************************

==> leggi il regolamento

Modificato da - shang in data 19/04/2016 13:14:26
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 19/04/2016 : 14:34:04  Mostra Profilo  Rispondi Quotando
questo è il log di Maleware bytes:


Malwarebytes Anti-Malware
[www].malwarebytes.org

Data scansione: 19/04/2016
Ora scansione: 13:58
File di log: log.txt
Amministratore: Sì

Versione: 2.2.1.1043
Database malware: v2016.04.19.04
Database rootkit: v2016.04.17.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Admin

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 333529
Tempo impiegato: 18 min, 43 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 3
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Adobe CS3 Portable.DynamicNS, In quarantena, [b4fc2d832079c373e15fd71ce12136ca],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adobe CS3 Portable.DynamicNS, In quarantena, [aa0602aef6a345f19ba57f74bd4528d8],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Adobe CS3 Portable.DynamicNS, In quarantena, [aa0602aef6a345f19ba57f74bd4528d8],

Valori di registro: 1
PUP.Optional.xRocketToolbar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|arthurj8283gmail[.com], C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9sl1ua9q.default-1439657246467\extensions\arthurj8283gmail[.com], In quarantena, [f0c0d2deedacc86e12fd3cfed132d32d]

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 4
FraudTool.YAC, C:\Users\Admin\Downloads\yet_another_cleaner_sk_7669523.exe, In quarantena, [09a7cfe113862f0780526cd758a9ec14],
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Google\Chrome\Application\chrome.bat, Buono: (), Nocivo (htt*://1.loadblanks.ru/c/0d3963b9394e4bc5?"), Sostituito,[cfe1e8c8f1a88caad6e35815ff0645bb]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Internet Explorer\iexplore.bat, Buono: (), Nocivo (htt*://1.loadblanks.ru/c/0d3963b9394e4bc5?"), Sostituito,[327e7a36ddbcc076a11a432ac144b34d]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\firefox.bat, Buono: (), Nocivo (htt*://1.loadblanks.ru/c/0d3963b9394e4bc5?"), Sostituito,[b6faf6bae8b1b1852a92016cc540926e]

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)

jimbo
Torna all'inizio della Pagina

jimbo666
Senior Member


Città: foligno


236 Messaggi

Inserito il - 19/04/2016 : 14:35:02  Mostra Profilo  Rispondi Quotando
questo è OTL:

OTL logfile created on: 19/04/2016 14:25:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18282)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 38,78% Memory free
7,72 Gb Paging File | 5,41 Gb Available in Paging File | 70,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 418,40 Gb Free Space | 89,85% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
PRC - C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe (Google Inc.)
PRC - C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe ()
PRC - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\ModemApplication.exe ()
PRC - C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe (UltraVNC)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe ()
PRC - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ServiceManager.exe ()
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\PROGRA~2\Google\Chrome\APPLIC~1\49.0.2623.112\libglesv2.dll ()
MOD - C:\PROGRA~2\Google\Chrome\APPLIC~1\49.0.2623.112\libegl.dll ()
MOD - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\ModemApplication.exe ()
MOD - C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (FUJ02E3Service) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (wgsslvpnsrc) -- C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uvnc_service) -- C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (PowerSavingUtilityService) -- C:\Programmi\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programmi\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ZeroConfigService) -- C:\Programmi\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programmi\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programmi\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programmi\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programmi\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programmi\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (PFNService) -- C:\Programmi\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (DTSAudioSvc) -- C:\Programmi\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV - (Olivetti Silverstone Modem Device Helper) -- C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ServiceManager.exe ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Limited)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (iaStorS) -- C:\Windows\SysNative\drivers\iaStorS.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (megasr1) -- C:\Windows\SysNative\drivers\megasr1.sys (LSI Corporation, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Olicard200net) -- C:\Windows\SysNative\drivers\Olicard200Usbnet.sys (Olivetti)
DRV:64bit: - (jrdusbser) -- C:\Windows\SysNative\drivers\jrdusbser.sys (Olivetti)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (megasas2) -- C:\Windows\SysNative\drivers\megasas2.sys (LSI Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FBIOSDRV) -- C:\Windows\SysNative\drivers\FBIOSDRV.sys (FUJITSU LIMITED)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [www].google[.com]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [www].google[.com]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = htt*://[www].bing[.com]/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [www].google[.com]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [www].google[.com]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = htt*://[www].google[.com]/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = htt*://[www].bing[.com]/search?q={searchTerms}&FORM=IE8SRC




IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [www].google.it
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [www].google[.com]
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [www].google.it
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = htt*://it.msn[.com]/?ocid=iehp
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = htt*://[www].google[.com]/search?q={searchTerms}
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = htt*://[www].bing[.com]/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "htt*s://[www].google.it/?gws_rd=ssl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\microsoft[.com]/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\Microsoft[.com]/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\intel-webapi.intel[.com]/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\intel-webapi.intel[.com]/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\java[.com]/DTPlugin,version=1.6.0_45: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\java[.com]/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\microsoft[.com]/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Microsoft[.com]/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\tools.google[.com]/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\tools.google[.com]/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/08/15 16:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2016/04/16 13:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\fwda1at6.default-1460738877597\extensions
[2016/04/15 19:21:41 | 000,008,039 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\fwda1at6.default-1460738877597\searchplugins\Google.xml
[2016/04/18 11:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\

O1 HOSTS File: ([2015/11/18 18:32:53 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 172.24.0.84 dem.uslumbria1.it
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programmi\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FUJ02B1_Apps] "%PROGRAMFILES(X86)%\Fujitsu\FUJ02B1\CheckBatteryPack.exe" -ViewTarget -langid 0x411 File not found
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Sepang Olivetti ModemListener] C:\Program Files (x86)\Chiavetta Internet 14.4(200)\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4126592219-479105166-2668201682-1000..\Run: [BingSvc] C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-4126592219-479105166-2668201682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} htt*://java.sun[.com]/update/1.6.0/jinstall-1_6_0_45-windows-i586 .cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} htt*://java.sun[.com]/update/1.6.0/jinstall-1_6_0_45-windows-i586 .cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} htt*://java.sun[.com]/update/1.6.0/jinstall-1_6_0_45-windows-i586 .cab (Java Plug-in 1.6.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DB5CCB7-A757-4F05-A5BF-147FAC76AE3D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94343AC6-B067-4C97-A881-DFDF6A233B4A}: Domain = asl3.umbria.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB71DDE-9A6C-4D19-BA2D-C45FAF25662F}: NameServer = 10.206.56.132 10.207.43.46
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\.[.com]file [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\.[.com]file [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\..[.com] [ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [ = exefile] -- "%1" %*
O37 - HKLM\..[.com] [ = comfile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2016/04/19 13:54:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2016/04/19 13:47:35 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/19 13:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/04/19 13:47:12 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/04/19 13:47:12 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/04/19 13:47:12 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/04/19 13:47:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Malwarebytes Anti-Malware
[2016/04/19 13:35:56 | 022,851,472 | ---- | C] (Malwarebytes ) -- C:\Users\Admin\Desktop\mbam-setup-2.2.1.1043.exe
[2016/04/19 11:59:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/04/18 13:41:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\HijackThis
[2016/04/18 11:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/04/18 08:58:02 | 000,000,000 | ---D | C] -- C:\FRST
[2016/04/18 08:49:23 | 002,375,680 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST64.exe
[2016/04/17 10:09:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Adobe Dreamweaver CC 2015 64 & 32 bit Portable
[2016/04/16 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2016/04/16 15:41:20 | 000,035,592 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2016/04/16 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2016/04/16 15:26:09 | 000,038,144 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2016/04/16 15:00:40 | 000,161,024 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2016/04/16 14:01:52 | 000,027,904 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2016/04/16 13:59:07 | 000,176,120 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\sdccoinstaller.dll
[2016/04/15 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VS Revo Group
[2016/04/15 17:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2016/04/15 17:39:19 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2016/04/15 17:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2016/04/15 17:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2016/04/15 16:58:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\feid
[2016/04/14 11:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2016/04/14 11:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2016/04/14 11:07:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Nico Mak Computing
[2016/04/14 11:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2016/04/14 11:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\UniqueId
[2016/04/12 22:26:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/04/12 22:26:05 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/04/12 22:26:05 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/04/12 22:26:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/04/12 22:26:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/04/12 22:26:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/04/12 22:26:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/04/12 22:26:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/04/12 22:26:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/04/12 22:26:04 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/04/12 22:26:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/04/12 22:26:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/04/12 22:26:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/04/12 22:26:03 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/04/12 22:26:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/04/12 22:26:02 | 002,056,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/04/12 22:26:02 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/04/12 22:26:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/04/12 22:26:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/04/12 22:26:01 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/04/12 22:26:01 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/04/12 22:26:01 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/04/12 22:26:01 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/04/12 22:26:01 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/04/12 22:26:00 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/04/12 22:26:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/04/12 22:25:59 | 002,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/04/12 22:25:59 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/04/12 22:25:59 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/04/12 22:25:58 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/04/12 22:25:58 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/04/12 22:25:57 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/04/12 22:25:57 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/04/12 22:25:57 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/04/12 22:25:56 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/04/12 22:25:56 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/04/12 22:25:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/04/12 22:25:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/04/12 22:25:55 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/04/12 22:25:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/04/12 22:25:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/04/12 22:25:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/04/12 22:25:54 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/04/12 22:24:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2016/04/12 22:24:41 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2016/04/12 22:24:41 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2016/04/12 22:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2016/04/12 22:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2016/04/12 22:24:27 | 002,084,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2016/04/12 22:24:27 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/04/12 22:24:27 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016/04/12 22:24:26 | 003,998,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/04/12 22:24:26 | 003,943,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/04/12 22:24:25 | 005,551,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/04/12 22:24:25 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/04/12 22:24:25 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/04/12 22:24:25 | 000,706,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016/04/12 22:24:25 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/04/12 22:24:25 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/04/12 22:24:24 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/04/12 22:24:24 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/04/12 22:24:24 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/04/12 22:24:24 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/04/12 22:24:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/04/12 22:24:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/04/12 22:24:24 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/04/12 22:24:24 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/04/12 22:24:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/04/12 22:24:24 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/04/12 22:24:23 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/04/12 22:24:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/04/12 22:24:23 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchtt*.dll
[2016/04/12 22:24:23 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016/04/12 22:24:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchtt*.dll
[2016/04/12 22:24:23 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/04/12 22:24:23 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016/04/12 22:24:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016/04/12 22:24:23 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016/04/12 22:24:23 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/04/12 22:24:23 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/04/12 22:24:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/04/12 22:24:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/04/12 22:24:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/04/12 22:24:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/04/12 22:24:23 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016/04/12 22:24:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/04/12 22:24:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/04/12 22:24:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/04/12 22:24:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/04/12 22:24:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/04/12 22:24:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/04/12 22:24:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/04/12 22:24:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/04/12 22:24:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/04/12 22:24:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/04/12 22:24:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/04/12 22:24:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/04/12 22:24:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/04/12 22:24:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/04/12 22:24:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/04/12 22:24:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/04/12 22:24:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/04/12 22:24:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/04/12 22:24:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/04/12 22:24:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/04/12 22:24:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/04/12 22:24:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/04/12 22:24:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/04/12 22:24:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/04/12 22:24:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/04/12 22:24:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/04/12 22:24:06 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2016/04/12 22:24:06 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2016/04/12 22:24:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2016/04/12 22:24:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2016/04/12 22:24:01 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/04/12 22:24:01 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/04/12 22:24:01 | 000,698,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/04/12 22:24:01 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/04/12 22:24:01 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/04/12 22:24:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016/04/12 22:24:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/04/12 22:24:01 | 000,038,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/04/12 22:23:56 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2016/04/12 22:23:55 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2016/03/09 18:09:57 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2016/03/09 18:09:57 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 18:09:57 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 18:09:56 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/03/09 18:09:56 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 18:09:56 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 18:09:56 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 18:09:56 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 18:09:56 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 18:09:56 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 18:09:56 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 18:09:56 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 18:09:56 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 18:09:56 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 18:09:56 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 18:09:56 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 18:09:56 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 18:09:56 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 18:09:56 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 18:09:55 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 18:09:55 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 18:09:55 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 18:09:55 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 18:09:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 18:09:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 18:09:55 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 18:09:55 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 18:09:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 18:09:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 18:09:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 18:09:52 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/03/09 18:09:51 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/03/09 18:09:51 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/09 18:09:51 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/03/09 18:09:51 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/09 18:09:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/03/09 18:09:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/03/09 18:09:51 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/09 18:09:51 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2016/03/09 18:09:51 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/03/09 18:09:51 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/03/09 18:09:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/03/09 18:09:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/09 18:09:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/03/09 18:09:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2016/03/09 18:09:47 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/03/09 18:06:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/03/09 18:06:47 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/09 18:06:46 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/03/09 18:06:46 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/09 18:06:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/03/09 18:06:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/03/09 18:06:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/03/09 18:06:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/03/09 18:06:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/03/09 18:06:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/09 18:06:43 | 014,634,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/03/09 18:06:42 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/09 18:06:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016/03/09 18:06:41 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016/03/09 18:06:41 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/03/09 18:06:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/03/09 18:06:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016/03/09 18:06:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016/03/09 18:06:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/03/09 18:06:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2016/04/19 14:28:08 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/04/19 14:28:08 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/04/19 14:23:27 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/19 14:20:33 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Chiavetta Internet 14.4.lnk
[2016/04/19 14:20:33 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2016/04/19 14:20:33 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Mobile VPN with SSL client.lnk
[2016/04/19 14:20:33 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2016/04/19 14:20:33 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2016/04/19 14:20:33 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/04/19 14:20:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/19 14:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/04/19 14:19:40 | 3107,684,352 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/19 14:14:05 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/04/19 13:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2016/04/19 13:45:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/19 13:42:31 | 022,851,472 | ---- | M] (Malwarebytes ) -- C:\Users\Admin\Desktop\mbam-setup-2.2.1.1043.exe
[2016/04/19 12:33:25 | 001,659,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/04/19 12:33:25 | 000,741,312 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2016/04/19 12:33:25 | 000,654,140 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/04/19 12:33:25 | 000,147,334 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2016/04/19 12:33:25 | 000,122,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/04/18 12:16:15 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2016/04/18 08:49:49 | 002,375,680 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST64.exe
[2016/04/18 08:40:49 | 001,634,674 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/04/17 10:52:21 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2016/04/16 15:26:59 | 000,035,592 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2016/04/16 15:26:10 | 000,038,144 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2016/04/16 15:00:45 | 000,161,024 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2016/04/16 14:01:53 | 000,027,904 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2016/04/16 13:59:13 | 000,176,120 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\sdccoinstaller.dll
[2016/04/15 12:29:27 | 000,323,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/04/09 18:43:57 | 000,022,439 | ---- | M] () -- C:\Users\Admin\Desktop\1-320-Valutatore.ods
[2016/04/09 18:14:21 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/04/09 18:14:21 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/04/04 20:14:06 | 000,038,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/04/04 20:02:17 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/04/02 15:08:13 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/03/31 17:27:16 | 000,039,811 | ---- | M] () -- C:\Users\Admin\Desktop\LISTA VALUTATORI_2 ott_Cingolani.ods
[2016/03/31 02:40:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/03/31 02:28:08 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/03/31 02:28:00 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/03/31 02:27:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/03/31 02:27:33 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/03/31 02:27:19 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/03/31 02:25:33 | 006,052,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/03/31 02:21:29 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/03/31 02:19:04 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/03/31 02:17:56 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/03/31 02:17:56 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/03/31 02:17:47 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/03/31 02:17:39 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/03/31 02:11:12 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/03/31 02:08:07 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/03/31 02:00:50 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/03/31 01:59:38 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/03/31 01:57:14 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/03/31 01:56:41 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/03/31 01:55:48 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/03/31 01:53:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/03/31 01:52:58 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/03/31 01:52:36 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/03/31 01:52:30 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/03/31 01:52:15 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/03/31 01:48:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/03/31 01:46:41 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/03/31 01:45:41 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/03/31 01:45:40 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/31 01:45:24 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/03/31 01:43:29 | 000,725,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/03/31 01:43:00 | 000,806,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/03/31 01:42:16 | 002,131,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/03/31 01:42:11 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/03/31 01:34:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/03/31 01:33:46 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/03/31 01:31:51 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/03/31 01:31:12 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/03/31 01:29:26 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/03/31 01:23:09 | 002,056,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/31 01:22:53 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/03/31 01:06:05 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/03/31 01:00:46 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/23 16:02:01 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016/03/18 01:04:04 | 005,551,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/03/18 01:04:04 | 000,706,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016/03/18 01:01:15 | 000,631,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016/03/18 01:01:02 | 001,732,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/03/18 00:58:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/03/18 00:58:51 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/03/18 00:58:51 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/03/18 00:58:32 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/03/18 00:58:05 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/03/18 00:58:05 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/03/18 00:58:04 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/03/18 00:58:04 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/03/18 00:57:31 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016/03/18 00:57:26 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/03/18 00:57:21 | 001,212,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/03/18 00:57:21 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpchtt*.dll
[2016/03/18 00:56:24 | 002,084,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2016/03/18 00:56:19 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/03/18 00:54:55 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/03/18 00:54:47 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/03/18 00:54:27 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/03/18 00:53:23 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/03/18 00:53:15 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/03/18 00:53:15 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/03/18 00:50:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/03/18 00:50:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/03/18 00:50:21 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/03/18 00:50:11 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016/03/18 00:50:11 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/03/18 00:50:11 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/03/18 00:50:11 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/18 00:50:11 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/18 00:50:11 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/18 00:50:11 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/03/18 00:50:11 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/03/18 00:50:10 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/03/18 00:50:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/18 00:50:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/18 00:50:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/03/18 00:50:09 | 000,880,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/03/18 00:50:09 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/03/18 00:36:28 | 003,998,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/03/18 00:36:28 | 003,943,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/03/18 00:31:09 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/03/18 00:29:22 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchtt*.dll
[2016/03/18 00:27:46 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/03/18 00:27:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/03/18 00:24:48 | 000,342,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/03/18 00:24:26 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016/03/18 00:24:26 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/03/18 00:24:26 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/18 00:24:26 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/18 00:24:26 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/03/18 00:24:24 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/03/17 23:53:08 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016/03/17 23:52:48 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016/03/17 23:51:25 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/03/17 23:44:54 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/03/17 23:43:20 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/03/17 23:41:01 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/03/17 23:35:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/03/17 23:30:55 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/03/17 23:30:53 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/03/17 23:30:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/03/17 23:30:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/03/17 23:29:00 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/03/17 23:29:00 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/17 23:29:00 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/17 23:29:00 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/03/17 20:04:39 | 000,698,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/03/17 20:04:39 | 000,499,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/03/17 20:04:39 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/03/17 20:04:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/03/16 20:50:06 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2016/03/16 20:28:15 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2016/03/16 20:28:12 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2016/03/16 02:16:10 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2016/03/16 02:16:10 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2016/03/14 16:28:27 | 000,868,793 | ---- | M] () -- C:\Users\Admin\Desktop\tac1432016.pdf
[2016/03/14 14:49:32 | 000,806,577 | ---- | M] () -- C:\Users\Admin\Desktop\analisi14_3_2016.pdf
[2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/03/10 14:08:58 | 000,140,672 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/03/07 17:38:21 | 000,019,551 | ---- | M] () -- C:\Users\Admin\Desktop\1-320-Counselor.ods
[2016/03/06 20:53:26 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2016/03/06 20:38:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/04/19 13:47:21 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/04/17 10:52:21 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2016/03/14 16:28:10 | 000,868,793 | ---- | C] () -- C:\Users\Admin\Desktop\tac1432016.pdf
[2016/03/14 14:49:02 | 000,806,577 | ---- | C] () -- C:\Users\Admin\Desktop\analisi14_3_2016.pdf
[2016/03/03 20:35:19 | 000,019,551 | ---- | C] () -- C:\Users\Admin\Desktop\1-320-Counselor.ods
[2016/03/03 20:35:18 | 000,022,439 | ---- | C] () -- C:\Users\Admin\Desktop\1-320-Valutatore.ods
[2015/03/21 23:32:35 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/01 17:13:40 | 001,634,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 08:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016/04/19 13:28:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2014/04/16 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fujitsu
[2014/10/03 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2015/10/07 14:43:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WatchGuard

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2016/04/15 17:49:46 | 000,002,200 | R--- | M] ()(C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk) -- C:\Users\Public\Desktop\G#1086;#1086;gl#1077; #1057;hr#1086;m#1077;.lnk
[2016/04/15 17:49:46 | 000,001,947 | R--- | M] ()(C:\Users\Public\Desktop\??zill? Fir?f??.lnk) -- C:\Users\Public\Desktop\#1052;#1086;zill#1072; Fir#1077;f#1086;#1093;.lnk
[2015/08/15 16:44:15 | 000,001,947 | R--- | C] ()(C:\Users\Public\Desktop\??zill? Fir?f??.lnk) -- C:\Users\Public\Desktop\#1052;#1086;zill#1072; Fir#1077;f#1086;#1093;.lnk
[2015/03/17 23:12:28 | 000,002,200 | R--- | C] ()(C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk) -- C:\Users\Public\Desktop\G#1086;#1086;gl#1077; #1057;hr#1086;m#1077;.lnk

< End of report >

jimbo
Torna all'inizio della Pagina
Pagina: di 2 Discussione Precedente Discussione Discussione Successiva  
Pagina Successiva

 Nuova Discussione  Rispondi
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
Vai a:
NoTrace Security Forum
© Nazzareno Schettino
RSS NEWS
Torna all'inizio della Pagina
Pagina generata in 0,91 secondi. TargatoNA | SuperDeeJay | Snitz Forums 2000