francesco87
Posts: 21 +0
Followed steps 1-3
FRST and ADDITION to follow:
==FRST==
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Francesco (administrator) on LUSSOSTRAVELMAT (09-04-2017 09:36:39)
Running from C:\Users\Francesco\Downloads
Loaded Profiles: Francesco (Available Profiles: Francesco & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [WallpaperStyle] 2
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [DisableLockWorkstation] 0
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [DisableChangePassword] 0
HKU\AvGeneric_S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\RunOnce: [Uninstall C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\Explorer: [NoViewContextMenu] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-03] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3873062197-3200669252-3306472523-1000] => www.luiss.it:80
AutoConfigURL: [S-1-5-21-3873062197-3200669252-3306472523-1000] => hxxp://www.luiss.it/httpgw.pac
Tcpip\..\Interfaces\{2e08d130-348a-41de-a650-53c51b699f74}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{58ff5474-a757-4b48-a447-13e1a9b7dca4}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://www.luiss.it/httpgw.pac
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_IT&c=94&bd=Pavilion&pf=cnnb
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_IT&c=94&bd=Pavilion&pf=cnnb
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.it/
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {18EAB056-9057-F224-FD4C-1F6569C4D8D2} URL = hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {623A9E46-BC65-4A1A-BF97-A4BD55699B01} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={0037AB6C-7289-4B5D-9323-E14421D5CE32}&mid=8b3e2819223f41ee97e4d108f05d8292-81a6b846ba559d58f2854f1d4af8c3674b71bbbc&lang=it&ds=AVG&pr=fr&d=2011-12-26 03:59:59&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {B61A2A4E-559E-FEA4-259F-6EBD3BC10172} URL = hxxp://www.forexstart.net/s/?q={searchTerms}&s=sbox
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {CF418B05-72F5-4cca-96D5-D39EA22BE927} URL = hxxp://search.cypet-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {D36DCF15-FB68-420A-95D4-90BE6871109F} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {E66F5633-151C-42A8-8943-917846C72DE9} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {F710A7AE-3CA8-44A2-8EF0-CBFD30B49626} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> DefaultScope {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7GGLD_it
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {33997FB1-5F53-45F2-97C9-BE2F79FF4ECC} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7GGLD_it
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {D36DCF15-FB68-420A-95D4-90BE6871109F} URL =
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {F710A7AE-3CA8-44A2-8EF0-CBFD30B49626} URL =
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {6A719530-8443-4898-9BC4-69E76B5F1C89} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {E3393495-8103-46A0-8181-270273EDDD60} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1377963275403
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.it/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\vsonqrl7.default [2017-04-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\vsonqrl7.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\vsonqrl7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\vsonqrl7.default -> hxxps://it.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Extension: (Easy Google Translate) - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\vsonqrl7.default\Extensions\easygtranslate@wrlf.com.br.xpi [2014-08-10] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-09] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012-04-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-09-14] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( )
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\Plug-in browser BlackBerry App World\npappworld.dll [2012-01-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Francesco\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Francesco\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @talk.google.com/O1DPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.it/
CHR StartupUrls: Default -> "hxxps://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
CHR DefaultSearchKeyword: Default -> google.it_
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Google Traduttore) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (AdBlock) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-08]
CHR Extension: (Google Maps) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20]
CHR Extension: (FreshStart – Gestore di Sessioni Browser) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-01-04]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (ImTranslator: Traduttore, Dizionario, Voce) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-04-08]
CHR Extension: (Learn Portuguese Free - PortuguesePod101.com) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehhnjcaajmakfljacomgihcjdekaonf [2012-08-27]
CHR Extension: (Gmail) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - C:\Users\FRANCE~1\AppData\Local\Temp\crxBF89.tmp <not found>
StartMenuInternet: Google Chrome.4JSVQTXHZRC5OMKYZFWKM73WXU - C:\Users\Francesco\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
S4 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-10-30] (Kingsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 QuickPDFTCPService0721; C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe [1918464 2010-08-13] (Debenu Pty Ltd) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-06-16] (Disc Soft Ltd)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-30] (Kingsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 Tcpip; C:\Windows\SysWOW64\drivers\tcpip.sys [802816 2007-03-25] (Microsoft Corporation) [File not signed]
S3 Tcpip6; C:\Windows\SysWOW64\drivers\tcpip.sys [802816 2007-03-25] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 uxgiqpoc; C:\Users\Francesco\AppData\Local\Temp\uxgiqpoc.sys [56584 2017-04-09] (GMER) [File not signed] <==== ATTENTION
U3 aspnet_state; no ImagePath
S1 nm3; system32\DRIVERS\nm3.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-09 09:36 - 2017-04-09 09:38 - 00033328 _____ C:\Users\Francesco\Downloads\FRST.txt
2017-04-09 09:36 - 2017-04-09 09:36 - 00000000 ____D C:\FRST
2017-04-09 09:34 - 2017-04-09 09:34 - 02424832 _____ (Farbar) C:\Users\Francesco\Downloads\FRST64.exe
2017-04-09 09:10 - 2017-04-09 09:10 - 00030297 _____ C:\Users\Francesco\Desktop\hijackfree.txt
2017-04-09 08:57 - 2017-04-09 08:57 - 01907573 _____ C:\Users\Francesco\Documents\gmer log.txt
2017-04-08 23:59 - 2017-04-08 23:59 - 00380928 _____ C:\Users\Francesco\Downloads\lyd9zlww.exe
2017-04-08 19:30 - 2017-04-08 19:30 - 00380928 _____ C:\Users\Francesco\Desktop\u9e496bl.exe
2017-04-08 16:33 - 2017-04-08 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-08 16:33 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-04-08 16:15 - 2017-04-08 16:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-08 16:15 - 2017-04-08 16:15 - 00001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-08 16:15 - 2017-04-08 16:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-04-08 16:15 - 2017-04-08 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-08 16:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-04-08 16:12 - 2017-04-08 16:13 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Francesco\Downloads\spybot-2.4.exe
2017-04-08 16:12 - 2017-04-08 16:12 - 04089296 _____ C:\Users\Francesco\Downloads\adwcleaner_6.045 (1).exe
2017-04-08 15:56 - 2017-04-08 15:56 - 04089296 _____ C:\Users\Francesco\Downloads\adwcleaner_6.045.exe
2017-04-08 15:38 - 2017-04-08 15:38 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC6C.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC7C.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFCFA.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC3B.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFB7D.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC4B.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC1B.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFB3E.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF9E4.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF965.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF9B4.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF8C8.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFA14.tmp
2017-04-08 15:35 - 2017-04-08 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-08 15:27 - 2017-04-08 15:27 - 03449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Francesco\Downloads\Antivirus_Free_1892.exe
2017-04-08 15:01 - 2017-04-08 15:01 - 00103712 _____ C:\Users\Francesco\Downloads\elibagla (1).zip
2017-04-08 11:28 - 2017-04-08 15:23 - 00003178 _____ C:\InfoSat.txt
2017-04-08 11:15 - 2017-04-08 11:15 - 00103712 _____ C:\Users\Francesco\Downloads\elibagla.zip
2017-04-08 10:40 - 2017-04-08 10:41 - 03867724 _____ (Swearware) C:\Users\Francesco\Downloads\6748.tmp
2017-04-08 10:35 - 2017-04-08 15:35 - 00000000 ____D C:\Users\Francesco\AppData\Local\AvgSetupLog
2017-04-08 09:25 - 2017-04-08 09:25 - 00170528 _____ C:\Users\Francesco\Downloads\E7AC.tmp
2017-04-08 09:11 - 2017-04-08 09:11 - 00592248 _____ C:\Users\Francesco\Downloads\A5C4.tmp
2017-04-08 08:46 - 2017-04-08 08:46 - 00000661 _____ C:\Users\Francesco\Downloads\audio10.diagcab
2017-03-27 10:53 - 2017-03-27 10:53 - 00063224 _____ C:\Users\Francesco\Downloads\Lettera presentazione DELOITTE.pdf
2017-03-27 10:52 - 2017-03-27 10:52 - 00178958 _____ C:\Users\Francesco\Downloads\CV Francesco Pasquarelli.pdf
2017-03-27 10:44 - 2017-03-27 10:44 - 00169856 _____ C:\Users\Francesco\Desktop\Curriculum vitae Francesco Pasquarelli ENG.pdf
2017-03-24 09:37 - 2017-03-24 09:37 - 00702484 _____ C:\Users\Francesco\Downloads\documenti graziella.pdf
2017-03-24 09:37 - 2017-03-24 09:37 - 00688884 _____ C:\Users\Francesco\Downloads\documenti giovanni P..pdf
2017-03-20 12:02 - 2017-04-08 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-19 09:58 - 2017-03-19 09:57 - 00659280 _____ (PortableApps.com) C:\Users\Francesco\Downloads\SkypePortable_7.32.0.104_online.paf.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-09 08:43 - 2016-09-22 03:26 - 00003288 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFrancesco
2017-04-09 08:43 - 2016-02-08 20:25 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFrancesco.job
2017-04-09 08:28 - 2016-09-22 02:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-08 19:26 - 2016-07-16 22:35 - 01305040 _____ C:\WINDOWS\system32\perfh010.dat
2017-04-08 19:26 - 2016-07-16 22:35 - 00329704 _____ C:\WINDOWS\system32\perfc010.dat
2017-04-08 19:26 - 2015-12-20 15:15 - 03016690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-08 19:19 - 2016-09-22 03:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-08 19:18 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-08 19:18 - 2016-07-16 06:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-04-08 18:47 - 2014-10-01 03:24 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-08 18:04 - 2010-01-29 09:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-08 16:03 - 2014-04-16 19:17 - 00000000 ____D C:\AdwCleaner
2017-04-08 16:02 - 2015-07-29 12:33 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-08 15:35 - 2016-04-10 17:27 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-08 15:33 - 2016-09-22 03:26 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-08 15:28 - 2010-11-20 07:43 - 00000000 ____D C:\ProgramData\MFAData
2017-04-08 15:25 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-04-08 14:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-08 14:55 - 2016-09-22 03:26 - 00003698 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0400d355dd262
2017-04-08 14:55 - 2016-09-22 03:26 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0400d34c2efae
2017-04-08 14:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-08 14:46 - 2016-09-22 02:48 - 00000000 ____D C:\Users\Francesco
2017-04-08 12:45 - 2016-09-22 02:48 - 00000000 ____D C:\Users\Guest
2017-04-08 12:44 - 2016-09-22 02:48 - 00000000 ____D C:\Users\DefaultAppPool
2017-04-08 12:44 - 2016-09-22 02:44 - 00000000 ____D C:\Program Files\IDT
2017-04-08 12:44 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-08 12:44 - 2009-12-13 16:24 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Skype
2017-04-08 12:43 - 2015-08-27 11:53 - 00000000 ____D C:\Users\Francesco\AppData\Local\Packages
2017-04-08 12:43 - 2013-07-28 12:46 - 00000000 ____D C:\Program Files\PhotomatixPro4
2017-04-08 12:43 - 2012-09-19 16:44 - 00000000 ____D C:\Program Files (x86)\PDF24
2017-04-08 12:43 - 2011-09-11 15:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-08 12:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-08 12:27 - 2015-06-27 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-08 12:26 - 2015-12-14 17:07 - 00000000 ____D C:\ProgramData\Avg
2017-04-08 12:26 - 2010-01-24 15:01 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-08 11:28 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-08 10:48 - 2009-12-24 18:00 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-08 10:30 - 2015-06-03 01:13 - 00000000 ____D C:\Users\Francesco\AppData\Local\Avg
2017-04-08 10:19 - 2010-01-01 13:49 - 00000000 ____D C:\Users\Francesco\AppData\Local\ElevatedDiagnostics
2017-04-08 08:47 - 2015-07-27 08:28 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Foxit Software
2017-03-27 14:44 - 2014-06-28 15:54 - 00000000 ____D C:\Users\Francesco\Desktop\Curriculum
2017-03-27 10:12 - 2010-02-15 13:22 - 00000000 _____ C:\Users\Guest\AppData\LocalLow\prvlcl.dat
2017-03-27 10:12 - 2010-01-24 16:15 - 00000000 _____ C:\Users\Francesco\AppData\LocalLow\prvlcl.dat
2017-03-22 13:10 - 2011-01-19 10:08 - 00000000 ____D C:\Users\Francesco\Documents\Calibre Library
2017-03-22 11:40 - 2014-06-03 21:22 - 00002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-20 12:02 - 2009-12-13 16:24 - 00000000 ____D C:\ProgramData\Skype
2017-03-19 09:59 - 2013-02-08 14:27 - 00000000 ____D C:\Users\Francesco\Downloads\SkypePortable
2017-03-17 11:20 - 2015-07-20 15:13 - 00000000 ____D C:\Users\Francesco\Desktop\Thailandia Cambogia
==================== Files in the root of some directories =======
2009-12-25 21:45 - 2009-12-25 21:45 - 0002528 _____ () C:\Users\Francesco\AppData\Roaming\$_hpcst$.hpc
2010-01-31 14:00 - 2010-01-31 14:00 - 0000582 _____ () C:\Users\Francesco\AppData\Roaming\AutoGK.ini
2010-01-31 11:56 - 2014-04-12 19:58 - 0000085 _____ () C:\Users\Francesco\AppData\Roaming\AVSDVDPlayer.m3u
2011-04-19 11:12 - 2011-05-31 12:36 - 0001854 _____ () C:\Users\Francesco\AppData\Roaming\GhostObjGAFix.xml
2012-03-01 17:54 - 2014-11-10 08:16 - 0029556 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.Exception.log
2012-03-01 17:52 - 2016-03-05 12:44 - 0011728 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-03-01 17:54 - 2014-11-10 08:16 - 0003696 _____ () C:\Users\Francesco\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-10-08 12:45 - 2012-01-03 09:11 - 0002075 _____ () C:\Users\Francesco\AppData\Roaming\SAS7_000.DAT
2014-11-23 19:52 - 2014-11-23 19:52 - 0038530 _____ () C:\Users\Francesco\AppData\Roaming\Valori separati da virgola.ADR
2013-08-14 13:57 - 2013-08-14 13:57 - 0000037 ___SH () C:\Users\Francesco\AppData\Local\70149b02515b3bb20dd492.47983420
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\AtStart.txt
2012-09-04 19:04 - 2014-11-10 07:12 - 0011776 _____ () C:\Users\Francesco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\DSwitch.txt
2015-02-22 11:58 - 2015-02-22 11:58 - 0004096 ____H () C:\Users\Francesco\AppData\Local\keyfile3.drm
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\QSwitch.txt
2010-10-24 12:34 - 2010-10-24 12:34 - 0063508 _____ () C:\Users\Francesco\AppData\Local\tmpGOLDFINGER - YVES LAROCK 9.JPG
2012-12-04 06:58 - 2012-12-04 06:58 - 0004130 _____ () C:\Users\Francesco\AppData\Local\unins000.dat
2014-10-04 18:08 - 2014-10-04 18:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-12 18:24 - 2012-12-14 16:11 - 0000184 _____ () C:\ProgramData\HPWALog.txt
2009-08-24 23:59 - 2009-08-24 23:59 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-09-03 15:15 - 2009-09-03 15:16 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-24 23:58 - 2009-08-24 23:58 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-09-03 15:09 - 2009-09-03 15:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-24 23:58 - 2009-08-24 23:58 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-24 23:59 - 2009-08-24 23:59 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-09-03 15:08 - 2009-09-03 15:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-09-03 15:11 - 2009-09-03 15:15 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-24 23:59 - 2009-08-24 23:59 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Some files in TEMP:
====================
2016-12-17 09:18 - 2016-12-01 08:31 - 0050720 _____ (HP Inc.) C:\Users\Francesco\AppData\Local\Temp\ACLMInstaller.exe
2016-09-24 16:19 - 2017-02-25 17:20 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Francesco\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-08 17:32
==================== End of FRST.txt ============================
FRST and ADDITION to follow:
==FRST==
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Francesco (administrator) on LUSSOSTRAVELMAT (09-04-2017 09:36:39)
Running from C:\Users\Francesco\Downloads
Loaded Profiles: Francesco (Available Profiles: Francesco & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [WallpaperStyle] 2
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [DisableLockWorkstation] 0
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\...\Policies\system: [DisableChangePassword] 0
HKU\AvGeneric_S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\RunOnce: [Uninstall C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\...\Policies\Explorer: [NoViewContextMenu] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-03] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francesco\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3873062197-3200669252-3306472523-1000] => www.luiss.it:80
AutoConfigURL: [S-1-5-21-3873062197-3200669252-3306472523-1000] => hxxp://www.luiss.it/httpgw.pac
Tcpip\..\Interfaces\{2e08d130-348a-41de-a650-53c51b699f74}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{58ff5474-a757-4b48-a447-13e1a9b7dca4}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://www.luiss.it/httpgw.pac
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_IT&c=94&bd=Pavilion&pf=cnnb
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_IT&c=94&bd=Pavilion&pf=cnnb
HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.it/
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3873062197-3200669252-3306472523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {18EAB056-9057-F224-FD4C-1F6569C4D8D2} URL = hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {623A9E46-BC65-4A1A-BF97-A4BD55699B01} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={0037AB6C-7289-4B5D-9323-E14421D5CE32}&mid=8b3e2819223f41ee97e4d108f05d8292-81a6b846ba559d58f2854f1d4af8c3674b71bbbc&lang=it&ds=AVG&pr=fr&d=2011-12-26 03:59:59&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {B61A2A4E-559E-FEA4-259F-6EBD3BC10172} URL = hxxp://www.forexstart.net/s/?q={searchTerms}&s=sbox
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {CF418B05-72F5-4cca-96D5-D39EA22BE927} URL = hxxp://search.cypet-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {D36DCF15-FB68-420A-95D4-90BE6871109F} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {E66F5633-151C-42A8-8943-917846C72DE9} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {F710A7AE-3CA8-44A2-8EF0-CBFD30B49626} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
SearchScopes: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> DefaultScope {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7GGLD_it
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {33997FB1-5F53-45F2-97C9-BE2F79FF4ECC} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {9A0592EA-CAEF-4136-AA5C-DBFE42660992} URL = hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7GGLD_it
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {D36DCF15-FB68-420A-95D4-90BE6871109F} URL =
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {F710A7AE-3CA8-44A2-8EF0-CBFD30B49626} URL =
SearchScopes: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> {F7D7049F-FD61-45A7-A75E-0045064EF00A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {6A719530-8443-4898-9BC4-69E76B5F1C89} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {E3393495-8103-46A0-8181-270273EDDD60} - No File
Toolbar: HKU\AvGeneric_S-1-5-21-3873062197-3200669252-3306472523-501 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3873062197-3200669252-3306472523-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1377963275403
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.it/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\vsonqrl7.default [2017-04-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\vsonqrl7.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\vsonqrl7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\vsonqrl7.default -> hxxps://it.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Extension: (Easy Google Translate) - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\vsonqrl7.default\Extensions\easygtranslate@wrlf.com.br.xpi [2014-08-10] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-02-09] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012-04-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-09-14] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( )
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\Plug-in browser BlackBerry App World\npappworld.dll [2012-01-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Francesco\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Francesco\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Francesco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @talk.google.com/O1DPlugin -> C:\Users\Francesco\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-10-29] (Google)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3873062197-3200669252-3306472523-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Francesco\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-08-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Francesco\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-29] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.it/
CHR StartupUrls: Default -> "hxxps://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://www.google.it/search?hl=it&q={searchTerms}&meta=
CHR DefaultSearchKeyword: Default -> google.it_
CHR Profile: C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Google Traduttore) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (AdBlock) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-08]
CHR Extension: (Google Maps) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20]
CHR Extension: (FreshStart – Gestore di Sessioni Browser) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-01-04]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (ImTranslator: Traduttore, Dizionario, Voce) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-04-08]
CHR Extension: (Learn Portuguese Free - PortuguesePod101.com) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehhnjcaajmakfljacomgihcjdekaonf [2012-08-27]
CHR Extension: (Gmail) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Francesco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - C:\Users\FRANCE~1\AppData\Local\Temp\crxBF89.tmp <not found>
StartMenuInternet: Google Chrome.4JSVQTXHZRC5OMKYZFWKM73WXU - C:\Users\Francesco\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
S4 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-10-30] (Kingsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 QuickPDFTCPService0721; C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe [1918464 2010-08-13] (Debenu Pty Ltd) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-06-16] (Disc Soft Ltd)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-30] (Kingsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 Tcpip; C:\Windows\SysWOW64\drivers\tcpip.sys [802816 2007-03-25] (Microsoft Corporation) [File not signed]
S3 Tcpip6; C:\Windows\SysWOW64\drivers\tcpip.sys [802816 2007-03-25] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 uxgiqpoc; C:\Users\Francesco\AppData\Local\Temp\uxgiqpoc.sys [56584 2017-04-09] (GMER) [File not signed] <==== ATTENTION
U3 aspnet_state; no ImagePath
S1 nm3; system32\DRIVERS\nm3.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-09 09:36 - 2017-04-09 09:38 - 00033328 _____ C:\Users\Francesco\Downloads\FRST.txt
2017-04-09 09:36 - 2017-04-09 09:36 - 00000000 ____D C:\FRST
2017-04-09 09:34 - 2017-04-09 09:34 - 02424832 _____ (Farbar) C:\Users\Francesco\Downloads\FRST64.exe
2017-04-09 09:10 - 2017-04-09 09:10 - 00030297 _____ C:\Users\Francesco\Desktop\hijackfree.txt
2017-04-09 08:57 - 2017-04-09 08:57 - 01907573 _____ C:\Users\Francesco\Documents\gmer log.txt
2017-04-08 23:59 - 2017-04-08 23:59 - 00380928 _____ C:\Users\Francesco\Downloads\lyd9zlww.exe
2017-04-08 19:30 - 2017-04-08 19:30 - 00380928 _____ C:\Users\Francesco\Desktop\u9e496bl.exe
2017-04-08 16:33 - 2017-04-08 16:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-08 16:33 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-04-08 16:15 - 2017-04-08 16:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-08 16:15 - 2017-04-08 16:15 - 00001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-08 16:15 - 2017-04-08 16:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-04-08 16:15 - 2017-04-08 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-08 16:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-04-08 16:12 - 2017-04-08 16:13 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Francesco\Downloads\spybot-2.4.exe
2017-04-08 16:12 - 2017-04-08 16:12 - 04089296 _____ C:\Users\Francesco\Downloads\adwcleaner_6.045 (1).exe
2017-04-08 15:56 - 2017-04-08 15:56 - 04089296 _____ C:\Users\Francesco\Downloads\adwcleaner_6.045.exe
2017-04-08 15:38 - 2017-04-08 15:38 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC6C.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC7C.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFCFA.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC3B.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFB7D.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC4B.tmp
2017-04-08 15:38 - 2017-04-08 15:38 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFC1B.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFB3E.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF9E4.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF965.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF9B4.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswF8C8.tmp
2017-04-08 15:38 - 2017-04-08 15:37 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswFA14.tmp
2017-04-08 15:35 - 2017-04-08 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-08 15:27 - 2017-04-08 15:27 - 03449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Francesco\Downloads\Antivirus_Free_1892.exe
2017-04-08 15:01 - 2017-04-08 15:01 - 00103712 _____ C:\Users\Francesco\Downloads\elibagla (1).zip
2017-04-08 11:28 - 2017-04-08 15:23 - 00003178 _____ C:\InfoSat.txt
2017-04-08 11:15 - 2017-04-08 11:15 - 00103712 _____ C:\Users\Francesco\Downloads\elibagla.zip
2017-04-08 10:40 - 2017-04-08 10:41 - 03867724 _____ (Swearware) C:\Users\Francesco\Downloads\6748.tmp
2017-04-08 10:35 - 2017-04-08 15:35 - 00000000 ____D C:\Users\Francesco\AppData\Local\AvgSetupLog
2017-04-08 09:25 - 2017-04-08 09:25 - 00170528 _____ C:\Users\Francesco\Downloads\E7AC.tmp
2017-04-08 09:11 - 2017-04-08 09:11 - 00592248 _____ C:\Users\Francesco\Downloads\A5C4.tmp
2017-04-08 08:46 - 2017-04-08 08:46 - 00000661 _____ C:\Users\Francesco\Downloads\audio10.diagcab
2017-03-27 10:53 - 2017-03-27 10:53 - 00063224 _____ C:\Users\Francesco\Downloads\Lettera presentazione DELOITTE.pdf
2017-03-27 10:52 - 2017-03-27 10:52 - 00178958 _____ C:\Users\Francesco\Downloads\CV Francesco Pasquarelli.pdf
2017-03-27 10:44 - 2017-03-27 10:44 - 00169856 _____ C:\Users\Francesco\Desktop\Curriculum vitae Francesco Pasquarelli ENG.pdf
2017-03-24 09:37 - 2017-03-24 09:37 - 00702484 _____ C:\Users\Francesco\Downloads\documenti graziella.pdf
2017-03-24 09:37 - 2017-03-24 09:37 - 00688884 _____ C:\Users\Francesco\Downloads\documenti giovanni P..pdf
2017-03-20 12:02 - 2017-04-08 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-19 09:58 - 2017-03-19 09:57 - 00659280 _____ (PortableApps.com) C:\Users\Francesco\Downloads\SkypePortable_7.32.0.104_online.paf.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-09 08:43 - 2016-09-22 03:26 - 00003288 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFrancesco
2017-04-09 08:43 - 2016-02-08 20:25 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFrancesco.job
2017-04-09 08:28 - 2016-09-22 02:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-08 19:26 - 2016-07-16 22:35 - 01305040 _____ C:\WINDOWS\system32\perfh010.dat
2017-04-08 19:26 - 2016-07-16 22:35 - 00329704 _____ C:\WINDOWS\system32\perfc010.dat
2017-04-08 19:26 - 2015-12-20 15:15 - 03016690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-08 19:19 - 2016-09-22 03:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-08 19:18 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-08 19:18 - 2016-07-16 06:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-04-08 18:47 - 2014-10-01 03:24 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-08 18:04 - 2010-01-29 09:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-08 16:03 - 2014-04-16 19:17 - 00000000 ____D C:\AdwCleaner
2017-04-08 16:02 - 2015-07-29 12:33 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-08 15:35 - 2016-04-10 17:27 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-08 15:33 - 2016-09-22 03:26 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-08 15:28 - 2010-11-20 07:43 - 00000000 ____D C:\ProgramData\MFAData
2017-04-08 15:25 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-04-08 14:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-08 14:55 - 2016-09-22 03:26 - 00003698 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0400d355dd262
2017-04-08 14:55 - 2016-09-22 03:26 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0400d34c2efae
2017-04-08 14:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-08 14:46 - 2016-09-22 02:48 - 00000000 ____D C:\Users\Francesco
2017-04-08 12:45 - 2016-09-22 02:48 - 00000000 ____D C:\Users\Guest
2017-04-08 12:44 - 2016-09-22 02:48 - 00000000 ____D C:\Users\DefaultAppPool
2017-04-08 12:44 - 2016-09-22 02:44 - 00000000 ____D C:\Program Files\IDT
2017-04-08 12:44 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-08 12:44 - 2009-12-13 16:24 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Skype
2017-04-08 12:43 - 2015-08-27 11:53 - 00000000 ____D C:\Users\Francesco\AppData\Local\Packages
2017-04-08 12:43 - 2013-07-28 12:46 - 00000000 ____D C:\Program Files\PhotomatixPro4
2017-04-08 12:43 - 2012-09-19 16:44 - 00000000 ____D C:\Program Files (x86)\PDF24
2017-04-08 12:43 - 2011-09-11 15:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-08 12:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-08 12:27 - 2015-06-27 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-08 12:26 - 2015-12-14 17:07 - 00000000 ____D C:\ProgramData\Avg
2017-04-08 12:26 - 2010-01-24 15:01 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-08 11:28 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-08 10:48 - 2009-12-24 18:00 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-08 10:30 - 2015-06-03 01:13 - 00000000 ____D C:\Users\Francesco\AppData\Local\Avg
2017-04-08 10:19 - 2010-01-01 13:49 - 00000000 ____D C:\Users\Francesco\AppData\Local\ElevatedDiagnostics
2017-04-08 08:47 - 2015-07-27 08:28 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Foxit Software
2017-03-27 14:44 - 2014-06-28 15:54 - 00000000 ____D C:\Users\Francesco\Desktop\Curriculum
2017-03-27 10:12 - 2010-02-15 13:22 - 00000000 _____ C:\Users\Guest\AppData\LocalLow\prvlcl.dat
2017-03-27 10:12 - 2010-01-24 16:15 - 00000000 _____ C:\Users\Francesco\AppData\LocalLow\prvlcl.dat
2017-03-22 13:10 - 2011-01-19 10:08 - 00000000 ____D C:\Users\Francesco\Documents\Calibre Library
2017-03-22 11:40 - 2014-06-03 21:22 - 00002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-20 12:02 - 2009-12-13 16:24 - 00000000 ____D C:\ProgramData\Skype
2017-03-19 09:59 - 2013-02-08 14:27 - 00000000 ____D C:\Users\Francesco\Downloads\SkypePortable
2017-03-17 11:20 - 2015-07-20 15:13 - 00000000 ____D C:\Users\Francesco\Desktop\Thailandia Cambogia
==================== Files in the root of some directories =======
2009-12-25 21:45 - 2009-12-25 21:45 - 0002528 _____ () C:\Users\Francesco\AppData\Roaming\$_hpcst$.hpc
2010-01-31 14:00 - 2010-01-31 14:00 - 0000582 _____ () C:\Users\Francesco\AppData\Roaming\AutoGK.ini
2010-01-31 11:56 - 2014-04-12 19:58 - 0000085 _____ () C:\Users\Francesco\AppData\Roaming\AVSDVDPlayer.m3u
2011-04-19 11:12 - 2011-05-31 12:36 - 0001854 _____ () C:\Users\Francesco\AppData\Roaming\GhostObjGAFix.xml
2012-03-01 17:54 - 2014-11-10 08:16 - 0029556 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.Exception.log
2012-03-01 17:52 - 2016-03-05 12:44 - 0011728 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-03-01 17:54 - 2014-11-10 08:16 - 0003696 _____ () C:\Users\Francesco\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-10-08 12:45 - 2012-01-03 09:11 - 0002075 _____ () C:\Users\Francesco\AppData\Roaming\SAS7_000.DAT
2014-11-23 19:52 - 2014-11-23 19:52 - 0038530 _____ () C:\Users\Francesco\AppData\Roaming\Valori separati da virgola.ADR
2013-08-14 13:57 - 2013-08-14 13:57 - 0000037 ___SH () C:\Users\Francesco\AppData\Local\70149b02515b3bb20dd492.47983420
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\AtStart.txt
2012-09-04 19:04 - 2014-11-10 07:12 - 0011776 _____ () C:\Users\Francesco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\DSwitch.txt
2015-02-22 11:58 - 2015-02-22 11:58 - 0004096 ____H () C:\Users\Francesco\AppData\Local\keyfile3.drm
2009-12-12 18:24 - 2009-12-12 18:24 - 0000000 _____ () C:\Users\Francesco\AppData\Local\QSwitch.txt
2010-10-24 12:34 - 2010-10-24 12:34 - 0063508 _____ () C:\Users\Francesco\AppData\Local\tmpGOLDFINGER - YVES LAROCK 9.JPG
2012-12-04 06:58 - 2012-12-04 06:58 - 0004130 _____ () C:\Users\Francesco\AppData\Local\unins000.dat
2014-10-04 18:08 - 2014-10-04 18:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-12 18:24 - 2012-12-14 16:11 - 0000184 _____ () C:\ProgramData\HPWALog.txt
2009-08-24 23:59 - 2009-08-24 23:59 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-09-03 15:15 - 2009-09-03 15:16 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-24 23:58 - 2009-08-24 23:58 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-09-03 15:09 - 2009-09-03 15:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-24 23:58 - 2009-08-24 23:58 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-24 23:59 - 2009-08-24 23:59 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-09-03 15:08 - 2009-09-03 15:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-09-03 15:11 - 2009-09-03 15:15 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-24 23:59 - 2009-08-24 23:59 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Some files in TEMP:
====================
2016-12-17 09:18 - 2016-12-01 08:31 - 0050720 _____ (HP Inc.) C:\Users\Francesco\AppData\Local\Temp\ACLMInstaller.exe
2016-09-24 16:19 - 2017-02-25 17:20 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Francesco\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-08 17:32
==================== End of FRST.txt ============================