Jump to content

Unable to Install Malwarebytes, Runtime Error (at 97:137)


Recommended Posts

Hello everyone, i'm trying to clean up a friend's windows 10 PC that installed malware via harmful websites. Avast detected but cannot clean WIN32:Patched AWK(trj). Chrome cannot be executed with avast running, IE works fine. When running a scan with avast it detects WIN32:Patched AWK(trj), asks for a reboot, and then says it cannot delete the file in the scan before the boot. I've tried installing malwarebytes but it fails with the error in the subject. 

I've attached also a dnsapi.dll files search (search.txt) other than frst.txt and addition.txt

Addition.txt

FRST.txt

Search.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Let me see that log...

 

Kevin

Link to post
Share on other sites

Here is the log:

 

RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Gratuito) di Adlice Software
Discussione : http://www.adlice.com
 
Sistema Operativo : Windows 10 (10.0.10586) 64 bits version
Iniziato in : Modalità Normale
Utente : Francesca [Amministratore]
Iniziato da : C:\Program Files\RogueKiller\RogueKiller64.exe
Modalità : Scansione -- Data : 02/21/2016 22:27:33
 
¤¤¤ Processi : 0 ¤¤¤
 
¤¤¤ Registro : 0 ¤¤¤
 
¤¤¤ Attività : 0 ¤¤¤
 
¤¤¤ Archivi : 0 ¤¤¤
 
¤¤¤ Archivio Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤
 
¤¤¤ Web Browser : 0 ¤¤¤
 
¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: HFS128G3AMNB-2200A +++++
--- User ---
[MBR] 4d0f9c15bcb428da0ab6bbc73fd45837
[bSP] 3287c485a16ef1421a49c083d39292d5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 360 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 739328 | Size: 200 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1148928 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1411072 | Size: 115765 MB
4 - [sYSTEM][MAN-MOUNT]  | Offset (sectors): 238497792 | Size: 450 MB
5 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 239419392 | Size: 5200 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] fedad7fbb5c533236d072781859bad7e
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 3560 | Size: 1952 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Richiesta non supportata. )
Link to post
Share on other sites

Thanks for that log, unfortunately it shows as clean... There is an obvious problem with this file C:\WINDOWS\SysWOW64\dnsapi.dll unfortunately the search you completed did not find a replacement for that file.

 

I`ve attached dnsapi.zip to this reply. Navigate to this file C:\WINDOWS\SysWOW64\dnsapi.dll right click on the file and select "delete"

 

Download and Unzip the file i`ve attached, copy or move the unzipped file dnsapi.dll into this folder C:\WINDOWS\SysWOW64

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Thanks,

 

Kevin

dnsapi.zip

Link to post
Share on other sites

It asks for authorization of the owner to remove the file (owner is TrustedInstaller), i tried to change the owner to the current pc user, but it still asks for authorization ot that user and is unable to remove the file. I tried also in safe mode or in a cmd with administrative rights but is still impossible to delete the file

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....



 

Fixlist.txt

Link to post
Share on other sites

Done, dnsapi.dll seems deleted because at reboot avast returned an error message, being unable to start because dnsapi.dll is missing.

 

here is the logs:

 

fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Francesca (2016-02-21 23:39:39) Run:2
Running from C:\Users\Francesca\Downloads
Loaded Profiles: Francesca (Available Profiles: Francesca)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Replace: C:\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
CMD: ipconfig /flushdns
EmptyTemp:
end
 
 
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\WINDOWS\SysWOW64\dnsapi.dll => moved successfully
C:\dnsapi.dll copied successfully to C:\WINDOWS\SysWOW64\dnsapi.dll
 
=========  ipconfig /flushdns =========
 
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========= End of CMD: =========
 
EmptyTemp: => 46 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:39:44 ====
 
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by Francesca (administrator) on FRANCESCA-PC (21-02-2016 23:41:45)
Running from C:\Users\Francesca\Downloads
Loaded Profiles: Francesca (Available Profiles: Francesca)
Platform: Windows 10 Pro Version 1511 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-17] (AVAST Software)
HKU\S-1-5-21-3250896902-1011329848-1539467395-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3250896902-1011329848-1539467395-1001\...\RunOnce: [uninstall C:\Users\Francesca\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francesca\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-17] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0a3ae053-1488-4372-83f8-84f48b4fde51}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0a3ae053-1488-4372-83f8-84f48b4fde51}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-17] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-17] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Documenti offline) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (Avast Online Security) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-17]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-17] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-17] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373152 2016-01-05] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2013-01-11] (Windows ® Codename Longhorn DDK provider)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-17] (AVAST Software)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-12-10] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-12-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2015-09-06] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [128504 2015-09-06] (Intel Corporation)
S3 jrdusbser; C:\Windows\System32\drivers\jrdusbser.sys [123776 2013-05-08] (TCT International Mobile Ltd.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-12-10] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1058832 2016-01-07] (Marvell Semiconductors Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-17] (AVAST Software)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [423144 2015-09-17] (Realsil Semiconductor Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-12-10] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-12-10] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-12-10] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-10] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-12-10] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [102552 2016-01-26] (Microsoft Corporation)
S3 SurfacePro4TypeCoverIntegration; C:\Windows\System32\drivers\SurfacePro4TypeCoverIntegration.sys [68144 2015-10-30] (Microsoft Corporation)
S3 SurfaceSoftwareServicing; C:\Windows\System32\drivers\SurfaceSoftwareServicingDriver.sys [37480 2014-12-10] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-12-10] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [67592 2015-10-30] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52760 2015-10-30] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-12-10] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-17] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 23:23 - 2016-02-21 23:24 - 00266674 _____ C:\Users\Francesca\Downloads\dnsapi.zip
2016-02-21 23:20 - 2016-02-21 23:20 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-02-21 23:20 - 2016-02-21 23:20 - 00000000 ____D C:\Program Files\Unlocker
2016-02-21 23:19 - 2016-02-21 23:19 - 01078591 _____ C:\Users\Francesca\Downloads\Unlocker1.9.2.exe
2016-02-21 23:19 - 2016-02-21 23:19 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\Babylon
2016-02-21 23:19 - 2016-02-21 23:19 - 00000000 ____D C:\Users\Francesca\AppData\Local\Babylon
2016-02-21 23:19 - 2016-02-21 23:19 - 00000000 ____D C:\ProgramData\Babylon
2016-02-21 22:01 - 2016-02-21 23:39 - 00000956 _____ C:\Users\Francesca\Downloads\Fixlog.txt
2016-02-21 21:54 - 2016-02-21 21:59 - 00000212 _____ C:\Users\Francesca\Desktop\fixlist.txt.txt
2016-02-21 21:41 - 2016-02-21 21:42 - 00654118 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_21.41.52_log.txt
2016-02-21 21:40 - 2016-02-21 21:41 - 00006460 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_21.40.29_log.txt
2016-02-21 21:39 - 2016-02-21 21:40 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Francesca\Downloads\tdsskiller (1).exe
2016-02-21 21:36 - 2016-02-21 21:37 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Francesca\Downloads\SpyHunter-Installer (1).exe
2016-02-21 21:36 - 2016-02-21 21:36 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Francesca\Downloads\SpyHunter-Installer.exe
2016-02-21 20:38 - 2016-02-21 21:25 - 00164428 _____ C:\WINDOWS\ntbtlog.txt
2016-02-21 20:38 - 2016-02-21 20:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-21 14:25 - 2016-02-21 14:25 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-21 14:24 - 2016-02-21 14:25 - 02870984 _____ (ESET) C:\Users\Francesca\Downloads\esetsmartinstaller_enu.exe
2016-02-21 14:22 - 2016-02-21 14:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Francesca\Downloads\tdsskiller.exe
2016-02-21 14:22 - 2016-02-21 14:22 - 00054108 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_14.22.37_log.txt
2016-02-21 14:11 - 2016-02-21 14:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-21 14:08 - 2016-02-21 23:42 - 00012255 _____ C:\Users\Francesca\Downloads\FRST.txt
2016-02-21 13:40 - 2016-02-21 13:40 - 00000000 ____D C:\Users\Francesca\Downloads\comintrep_2103
2016-02-21 13:39 - 2016-02-21 13:39 - 01378217 _____ C:\Users\Francesca\Downloads\comintrep_2103.zip
2016-02-21 13:36 - 2016-02-21 14:11 - 00001095 _____ C:\Users\Francesca\Downloads\Search.txt
2016-02-21 13:36 - 2016-02-21 14:09 - 00020714 _____ C:\Users\Francesca\Downloads\Addition.txt
2016-02-21 13:35 - 2016-02-21 23:41 - 00000000 ____D C:\FRST
2016-02-21 13:34 - 2016-02-21 13:35 - 02371072 _____ (Farbar) C:\Users\Francesca\Downloads\FRST64.exe
2016-02-21 13:25 - 2016-02-21 22:19 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-21 13:25 - 2016-02-21 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-02-21 13:24 - 2016-02-21 13:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-21 13:24 - 2016-02-21 13:25 - 00000000 ____D C:\Program Files\RogueKiller
2016-02-21 13:23 - 2016-02-21 13:24 - 31264808 _____ (Adlice Software ) C:\Users\Francesca\Downloads\setup.exe
2016-02-21 13:14 - 2016-02-21 14:02 - 22908888 _____ (Malwarebytes ) C:\Users\Francesca\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-21 12:36 - 2016-02-21 12:36 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-21 12:36 - 2016-02-21 12:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-21 12:33 - 2016-02-21 12:37 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-02-21 12:33 - 2016-02-21 12:37 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-02-17 17:37 - 2016-02-17 17:37 - 05956080 _____ (AVAST Software) C:\Users\Francesca\Downloads\avastclear.exe
2016-02-17 17:08 - 2016-02-17 17:08 - 00242304 _____ C:\Users\Francesca\Downloads\Firefox Setup Stub 44.0.2.exe
2016-02-17 16:58 - 2016-02-17 16:58 - 00000000 ____D C:\Users\Francesca\AppData\Local\PeerDistRepub
2016-02-17 16:52 - 2016-02-17 16:52 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 16:52 - 2016-02-17 16:52 - 00002341 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-17 16:51 - 2016-02-17 16:52 - 45855312 _____ (Google Inc.) C:\Users\Francesca\Downloads\ChromeStandaloneSetup.exe
2016-02-17 16:50 - 2016-02-17 16:52 - 00000000 ____D C:\Users\Francesca\AppData\Local\Google
2016-02-17 16:47 - 2016-02-21 23:40 - 00001178 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-17 16:47 - 2016-02-21 23:10 - 00001182 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-17 16:47 - 2016-02-17 16:47 - 00004240 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-17 16:47 - 2016-02-17 16:47 - 00004008 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-17 16:41 - 2016-02-17 16:41 - 00987728 _____ (Google Inc.) C:\Users\Francesca\Downloads\ChromeSetup (2).exe
2016-02-17 16:38 - 2016-02-21 19:58 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7749AFF7-B0B4-4D0F-A55F-7B3FD5FFCFDD}
2016-02-17 16:09 - 2016-02-17 16:09 - 00154024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2016-02-17 16:09 - 2016-02-17 16:07 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-17 16:07 - 2016-02-17 16:09 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-17 16:07 - 2016-02-17 16:07 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-17 16:07 - 2016-02-17 16:07 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-02-17 16:07 - 2016-02-17 16:07 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-17 16:07 - 2016-02-17 16:07 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\AVAST Software
2016-02-17 16:07 - 2016-02-17 16:06 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-02-17 16:06 - 2016-02-17 16:06 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-17 16:05 - 2016-02-17 16:05 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-17 16:04 - 2016-02-17 16:05 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-17 16:04 - 2016-02-17 16:04 - 05207096 _____ (AVAST Software) C:\Users\Francesca\Downloads\avast_free_antivirus_setup_online.exe
2016-02-17 15:51 - 2016-02-17 16:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-17 15:51 - 2016-02-17 15:51 - 00987728 _____ (Google Inc.) C:\Users\Francesca\Downloads\ChromeSetup (1).exe
2016-02-17 15:50 - 2016-02-21 22:01 - 00000000 ____D C:\Users\Francesca\AppData\LocalLow\Temp
2016-02-17 15:50 - 2016-02-17 15:50 - 00987728 _____ (Google Inc.) C:\Users\Francesca\Downloads\ChromeSetup.exe
2016-02-17 15:32 - 2016-02-21 23:41 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\Skype
2016-02-17 15:32 - 2016-02-17 15:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-17 15:32 - 2016-02-17 15:32 - 00000000 ____D C:\ProgramData\Skype
2016-02-17 15:32 - 2016-02-17 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-17 15:30 - 2016-02-17 15:30 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Francesca\Downloads\SkypeSetup (1).exe
2016-02-17 15:16 - 2016-02-17 15:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-17 15:12 - 2016-02-17 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-17 15:10 - 2016-02-17 15:10 - 01115400 _____ (Microsoft Corporation) C:\Users\Francesca\Downloads\Setup.X86.it-IT_HomeStudentRetail_99510596-2bbf-4e5f-b5dc-b8991bacc76b_TX_DB_.exe
2016-02-17 15:10 - 2016-02-17 15:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-17 15:05 - 2016-02-17 15:05 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-17 15:01 - 2016-02-17 15:01 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\Macromedia
2016-02-17 15:00 - 2016-02-17 15:00 - 00000000 ____D C:\Users\Francesca\AppData\Local\MicrosoftEdge
2016-02-17 14:58 - 2016-02-21 22:26 - 01743930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-17 14:56 - 2016-02-17 15:46 - 00000000 ____D C:\Users\Francesca\AppData\Local\Comms
2016-02-17 14:56 - 2016-02-17 14:57 - 00002432 _____ C:\Users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-17 14:56 - 2016-02-17 14:56 - 00007866 _____ C:\Users\Francesca\Desktop\Applicazioni rimosse.html
2016-02-17 14:56 - 2016-02-17 14:56 - 00000000 ____D C:\Users\Francesca\AppData\Local\ActiveSync
2016-02-17 14:56 - 2016-02-17 14:56 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-17 14:54 - 2016-02-17 15:52 - 00000000 ____D C:\Users\Francesca\AppData\Local\Packages
2016-02-17 14:54 - 2016-02-17 14:54 - 00000020 ___SH C:\Users\Francesca\ntuser.ini
2016-02-17 14:54 - 2016-02-17 14:54 - 00000000 ____D C:\Users\Francesca\AppData\Roaming\Adobe
2016-02-17 14:54 - 2016-02-17 14:54 - 00000000 ____D C:\Users\Francesca\AppData\Local\VirtualStore
2016-02-17 14:54 - 2016-02-17 14:54 - 00000000 ____D C:\Users\Francesca\AppData\Local\TileDataLayer
2016-02-17 14:54 - 2016-02-17 14:54 - 00000000 ____D C:\Users\Francesca\AppData\Local\Publishers
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Risorse di stampa
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Risorse di rete
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Recenti
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Modelli
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Menu Avvio
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Impostazioni locali
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Documents\Video
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Documents\Musica
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Documents\Immagini
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Documenti
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\Dati applicazioni
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dati applicazioni
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Cronologia
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\Documents\Video
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\Documents\Musica
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\Documents\Immagini
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dati applicazioni
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Cronologia
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\Default User
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Users\All Users
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\ProgramData\Modelli
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programmi
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\ProgramData\Menu Avvio
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\ProgramData\Documenti
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\ProgramData\Dati applicazioni
2016-02-17 14:52 - 2016-02-17 14:52 - 00000000 _SHDL C:\Program Files\File comuni
2016-02-17 14:51 - 2016-02-21 19:14 - 00000000 ____D C:\Users\Francesca
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Risorse di stampa
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Risorse di rete
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Recenti
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Modelli
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Menu Avvio
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Impostazioni locali
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Documents\Video
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Documents\Musica
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Documents\Immagini
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Documenti
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\Dati applicazioni
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\AppData\Local\Dati applicazioni
2016-02-17 14:51 - 2016-02-17 14:51 - 00000000 _SHDL C:\Users\Francesca\AppData\Local\Cronologia
2016-02-17 14:50 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-17 14:49 - 2016-02-21 23:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TrueColor_01011.Wdf
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____D C:\WINDOWS\system32\TrueColor5.2
2016-02-17 14:49 - 2016-02-17 14:49 - 00000000 ____D C:\ProgramData\USOShared
2016-02-17 14:49 - 2016-01-05 23:01 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-17 14:48 - 2016-02-21 23:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-17 14:48 - 2016-02-21 23:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-17 14:48 - 2016-02-21 13:42 - 00227232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-17 14:48 - 2016-02-17 14:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsHid_02_15_00.Wdf
2016-02-17 14:48 - 2016-02-17 14:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-02-17 14:48 - 2016-02-17 14:48 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-17 14:48 - 2016-02-17 14:48 - 00000000 ____D C:\Program Files\Intel
2016-02-17 14:47 - 2016-02-21 12:40 - 00000000 ____D C:\Windows.old
2016-02-17 14:47 - 2016-02-17 14:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-17 14:47 - 2016-02-17 14:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-17 14:47 - 2016-02-17 14:47 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-17 14:46 - 2016-02-21 13:12 - 00000000 ____D C:\WINDOWS\Firmware
2016-02-17 14:46 - 2016-02-17 14:46 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-02-17 14:45 - 2016-02-21 22:26 - 00777400 _____ C:\WINDOWS\system32\perfh010.dat
2016-02-17 14:45 - 2016-02-21 22:26 - 00144220 _____ C:\WINDOWS\system32\perfc010.dat
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\it
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\it
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\0409
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\Setup
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\OCR
2016-02-17 14:45 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-17 14:45 - 2016-02-17 14:44 - 00340806 _____ C:\WINDOWS\system32\perfi010.dat
2016-02-17 14:45 - 2016-02-17 14:44 - 00039784 _____ C:\WINDOWS\system32\perfd010.dat
2016-02-17 14:43 - 2016-02-03 20:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 14:43 - 2016-02-03 20:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-17 14:42 - 2016-02-21 14:57 - 00000000 ____D C:\WINDOWS\rescache
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-17 14:42 - 2016-02-21 13:41 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-17 14:42 - 2016-02-21 13:33 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-17 14:42 - 2016-02-21 13:33 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-17 14:42 - 2016-02-21 12:30 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-17 14:42 - 2016-02-17 15:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-17 14:42 - 2016-02-17 15:11 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-17 14:42 - 2016-02-17 14:54 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-17 14:42 - 2016-02-17 14:54 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-17 14:42 - 2016-02-17 14:52 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-17 14:42 - 2016-02-17 14:52 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-17 14:42 - 2016-02-17 14:52 - 00000000 ____D C:\Program Files\Windows NT
2016-02-17 14:42 - 2016-02-17 14:51 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-17 14:42 - 2016-02-17 14:51 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-17 14:42 - 2016-02-17 14:51 - 00000000 ____D C:\WINDOWS\CSC
2016-02-17 14:42 - 2016-02-17 14:50 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-17 14:42 - 2016-02-17 14:49 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-17 14:42 - 2016-02-17 14:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\IME
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\Help
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-17 14:42 - 2016-02-17 14:45 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 __RSD C:\WINDOWS\Media
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Web
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Vss
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\tracing
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\System
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SKB
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\security
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\schemas
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Resources
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Registration
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\PLA
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Performance
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\Branding
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\addins
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\ProgramData\Comms
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-17 14:42 - 2016-02-17 14:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-17 14:42 - 2016-02-17 14:41 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-17 14:42 - 2016-02-17 14:41 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-17 14:42 - 2016-02-17 14:41 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-17 14:42 - 2016-02-17 14:41 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-17 14:42 - 2016-02-17 14:41 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-17 14:42 - 2016-02-17 14:41 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-17 14:42 - 2016-02-17 14:41 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-17 14:42 - 2016-02-17 14:41 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-17 14:42 - 2016-02-17 14:41 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-17 14:42 - 2016-02-17 14:41 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-17 14:42 - 2016-02-17 14:41 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-17 14:42 - 2016-02-17 14:41 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-17 14:42 - 2016-02-17 14:41 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-17 14:42 - 2016-02-17 14:41 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-02-17 14:42 - 2016-02-17 14:41 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-17 14:42 - 2016-02-17 14:41 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-17 14:42 - 2016-02-17 14:41 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-17 14:42 - 2016-02-17 14:41 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-17 14:42 - 2016-02-17 14:41 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-17 14:42 - 2016-02-17 14:41 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-17 14:41 - 2016-02-21 22:26 - 00000000 ____D C:\WINDOWS\INF
2016-02-17 14:37 - 2016-02-21 13:12 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-17 14:35 - 2016-02-21 23:39 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-17 14:35 - 2016-02-17 14:48 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-17 14:35 - 2016-02-17 14:45 - 00000000 ____D C:\WINDOWS\servicing
2016-02-17 14:35 - 2016-02-17 14:42 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-02-17 14:35 - 2015-10-30 07:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-02-17 14:28 - 2016-02-17 15:19 - 00000000 ___HD C:\$SysReset
2016-02-17 14:08 - 2016-02-17 14:09 - 22908888 _____ (Malwarebytes ) C:\Users\Francesca\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-17 11:34 - 2016-02-17 14:15 - 00000000 ____D C:\Users\Francesca\AppData\LocalLow\Company
2016-02-17 11:34 - 2016-02-17 11:34 - 00000000 ____D C:\uninst
2016-02-16 22:06 - 2016-02-16 22:17 - 00000000 ____D C:\Users\Francesca\Desktop\TASSE
2016-02-16 22:05 - 2016-02-16 22:05 - 00000000 ____D C:\Users\Francesca\Desktop\Nuova cartella (2)
2016-02-16 20:41 - 2016-02-16 20:41 - 00001696 _____ C:\Users\Francesca\Downloads\Setup.exe.search-ms
2016-02-16 20:41 - 2016-02-16 20:41 - 00001696 _____ C:\Users\Francesca\Downloads\Setup.exe (1).search-ms
2016-02-13 11:18 - 2016-02-13 11:18 - 02451693 _____ C:\Users\Francesca\Downloads\il-manifesto-del-13-febbraio-2016.pdf
2016-02-12 11:47 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-12 11:47 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-12 11:47 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-12 11:47 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-12 11:47 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-12 11:47 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-12 11:47 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-12 11:47 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-12 11:47 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-12 11:47 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-12 11:47 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-12 11:47 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-12 11:47 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-12 11:47 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-12 11:47 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-12 11:47 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-12 11:47 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-12 11:47 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-12 11:47 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-12 11:47 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-12 11:47 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-12 11:47 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-12 11:47 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-12 11:47 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-12 11:47 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-12 11:47 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-12 11:47 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-12 11:47 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-12 11:47 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-12 11:47 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-12 11:47 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-12 11:47 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-12 11:47 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-12 11:47 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-12 11:47 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-12 11:47 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-12 11:47 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-12 11:47 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-12 11:47 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-12 11:47 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-12 11:47 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-12 11:47 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-12 11:47 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-12 11:47 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-12 11:47 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-12 11:47 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-12 11:47 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-12 11:47 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-12 11:47 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-12 11:47 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-12 11:47 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-12 11:47 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-12 11:47 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-12 11:47 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-12 11:47 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-12 11:47 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-12 11:47 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-12 11:47 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-12 11:47 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-12 11:47 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-12 11:47 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-12 11:47 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-12 11:47 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-12 11:47 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-12 11:47 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 16:54 - 2016-02-05 16:54 - 02515429 _____ C:\Users\Francesca\Downloads\il-manifesto-del-05-febbraio-2016.pdf
2016-02-05 16:54 - 2016-02-05 16:54 - 02515429 _____ C:\Users\Francesca\Downloads\il-manifesto-del-05-febbraio-2016 (3).pdf
2016-02-05 16:54 - 2016-02-05 16:54 - 02515429 _____ C:\Users\Francesca\Downloads\il-manifesto-del-05-febbraio-2016 (2).pdf
2016-02-05 16:54 - 2016-02-05 16:54 - 02515429 _____ C:\Users\Francesca\Downloads\il-manifesto-del-05-febbraio-2016 (1).pdf
2016-01-28 20:23 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:23 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:23 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:23 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:23 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:23 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:23 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:22 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:22 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:22 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:22 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:22 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:22 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:22 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:22 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:22 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:22 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:22 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:22 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:22 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:22 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:22 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:22 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:22 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:22 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:22 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:22 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:22 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:22 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:22 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:22 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:22 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:22 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:22 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:22 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:22 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:22 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:20 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:20 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:20 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:20 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:19 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:19 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:19 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:19 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:19 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:19 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:19 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:19 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:19 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:19 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:19 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:19 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:19 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:19 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:19 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:19 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:19 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:19 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:19 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:19 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:19 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:19 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:19 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:19 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:19 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:19 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:19 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:19 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:19 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:19 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:19 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:19 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:19 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:19 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:19 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:19 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:19 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:19 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:19 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:19 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:19 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:19 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:19 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:19 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:19 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:19 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:19 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:19 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:19 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:19 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:19 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:19 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:19 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:19 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:19 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:19 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:19 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:19 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:18 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:18 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:18 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:18 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:18 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:18 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:18 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:18 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:18 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-26 23:13 - 2016-01-26 23:13 - 01822112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-01-26 23:13 - 2016-01-26 23:13 - 00102552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SurfacePenDriver.sys
2016-01-26 07:17 - 2016-01-26 07:17 - 00829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2016-01-26 07:17 - 2016-01-26 07:17 - 00608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2016-01-26 06:07 - 2016-01-26 06:07 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2016-01-26 06:07 - 2016-01-26 06:07 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2016-01-25 20:12 - 2016-01-25 20:12 - 00237024 _____ C:\Users\Francesca\Desktop\MANIFESTO GIORNO DELLA MEMORIA.pdf
2016-01-25 15:59 - 2016-01-26 21:07 - 15112664 _____ C:\Users\Francesca\Desktop\POWER POINT 27 GENNAIO.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 23:24 - 2015-07-10 04:39 - 00534064 _____ (Microsoft Corporation) C:\dnsapi.dll
2016-02-21 13:44 - 2015-08-06 11:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-17 15:32 - 2015-09-10 15:35 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-17 14:57 - 2015-09-05 14:23 - 00000000 ___RD C:\Users\Francesca\OneDrive
2016-02-16 20:50 - 2015-08-09 11:08 - 00000000 __SHD C:\Users\Francesca\AppData\LocalLow\EmieUserList
2016-02-16 20:50 - 2015-08-09 11:00 - 00000000 __SHD C:\Users\Francesca\AppData\LocalLow\EmieSiteList
2016-02-16 18:23 - 2015-08-09 16:08 - 00000000 ____D C:\Users\Francesca\Documents\CARTELLA PROVA
 
==================== Files in the root of some directories =======
 
2016-02-17 14:49 - 2016-02-17 14:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-17 14:48
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Francesca (2016-02-21 23:42:25)
Running from C:\Users\Francesca\Downloads
Windows 10 Pro (X64) (2016-02-17 13:52:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3250896902-1011329848-1539467395-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3250896902-1011329848-1539467395-503 - Limited - Disabled)
Francesca (S-1-5-21-3250896902-1011329848-1539467395-1001 - Administrator - Enabled) => C:\Users\Francesca
Guest (S-1-5-21-3250896902-1011329848-1539467395-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Microsoft Office Home and Student 2013 - it-it (HKLM\...\HomeStudentRetail - it-it) (Version: 15.0.4797.1002 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1002 - Microsoft Corporation) Hidden
RogueKiller versione 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3250896902-1011329848-1539467395-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Francesca\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E2C7E5D-9BEE-4BA0-B732-F18ADA98FF9D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {28167B89-E6E2-4C4B-9822-9890605A645A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {455F55FA-CF27-46C6-B049-D04B24A04C27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {520A4133-2830-40F2-81D8-835139987374} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {66351EA8-C1BB-4ACA-9161-4F1B11E00621} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-17] (AVAST Software)
Task: {E6C6D3CD-F461-47B4-B9DD-DF6F342071B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-21] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-17 15:10 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-08 16:43 - 2016-01-08 16:43 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-01-12 21:59 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-21 13:32 - 2016-02-21 13:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-08 16:43 - 2016-01-08 16:43 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-08 16:43 - 2016-01-08 16:43 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-08 16:43 - 2016-01-08 16:43 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 21:59 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 21:59 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-28 20:19 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:19 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-21 13:32 - 2016-02-21 13:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-21 13:32 - 2016-02-21 13:33 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-02-24 04:49 - 2014-12-10 23:32 - 00410744 _____ () C:\WINDOWS\SYSTEM32\TrueColor5.2\LcProxy2.ax
2015-02-24 04:49 - 2014-12-10 23:32 - 00749168 _____ () C:\WINDOWS\SYSTEM32\TrueColor5.2\CAL2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36445867.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36445867.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-17 14:42 - 2016-02-21 13:40 - 00000835 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3250896902-1011329848-1539467395-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Francesca\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{257ba641-b236-4cec-89a7-77c05cbb1d2c}.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EE17C4BB-618C-4677-AB81-F0CC7736743E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C5BE0333-6B26-4658-BA83-7A2E1FDF4942}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B5880A3-74AB-4300-A5F8-E3DBE419AF43}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DF70C939-7867-40D0-AB79-06F6BA8912D5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2016 09:28:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Errore nel file manifesto o dei criteri "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2", alla riga C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (02/21/2016 08:39:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca non riuscita con errore: -2144927149 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:31:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:30:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:08:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2147024865 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:08:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:08:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (02/21/2016 08:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: ShellExperienceHost.exe, versione: 10.0.10586.35, timestamp: 0x566505bc
Nome del modulo che ha generato l'errore: StartUI.dll, versione: 10.0.10586.35, timestamp: 0x56650467
Codice eccezione: 0xc0000005
Offset errore 0x0000000000384209
ID processo che ha generato l'errore: 0x1028
Ora di avvio dell'applicazione che ha generato l'errore: 0xShellExperienceHost.exe0
Percorso dell'applicazione che ha generato l'errore: ShellExperienceHost.exe1
Percorso del modulo che ha generato l'errore: ShellExperienceHost.exe2
ID segnalazione: ShellExperienceHost.exe3
Nome completo pacchetto che ha generato l'errore: ShellExperienceHost.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: ShellExperienceHost.exe5
 
Error: (02/21/2016 07:55:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma LockApp.exe versione 0.0.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo.
 
ID processo: 25fc
 
Ora di avvio: 01d16cd958380686
 
Ora di chiusura: 4294967295
 
Percorso applicazione: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
 
ID segnalazione: a7fe3d9c-d8cc-11e5-9fb4-c0335e34a16a
 
Nome completo pacchetto che ha generato l'errore: Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy
 
ID applicazione relativo al pacchetto che ha generato l'errore: WindowsDefaultLockScreen
 
Error: (02/21/2016 07:55:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANCESCA-PC)
Description: Attivazione dell'app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen non riuscita con errore: -2144927142 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
 
System errors:
=============
Error: (02/21/2016 11:40:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio avast! Antivirus non è stato avviato per il seguente errore: 
%%1053
 
Error: (02/21/2016 11:40:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio avast! Antivirus.
 
Error: (02/21/2016 11:39:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Accesso dati utente_6c09e7 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 11:39:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Archiviazione dati utente_6c09e7 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 11:39:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Dati contatti_6c09e7 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 11:39:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Sincronizza host_6c09e7 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 11:39:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile
 
Error: (02/21/2016 11:39:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 11:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Skype Click to Call PNR Service. Questo evento si è già verificato 1 volta(e).
 
Error: (02/21/2016 11:39:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio A portata di clic di Microsoft Office è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-21 23:40:51.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 23:40:51.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 23:21:59.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 23:21:59.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 22:02:38.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 22:02:37.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 21:42:17.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 21:42:17.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 21:26:53.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-21 21:26:52.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 35%
Total physical RAM: 4001.07 MB
Available physical RAM: 2595.7 MB
Total Virtual: 5409.07 MB
Available Virtual: 4040.08 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:113.05 GB) (Free:63.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 44C4B46B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Link to post
Share on other sites

FRST fix log indicates the file being copied successfully....

C:\WINDOWS\SysWOW64\dnsapi.dll => moved successfully
C:\dnsapi.dll copied successfully to C:\WINDOWS\SysWOW64\dnsapi.dll

 

 

The file is then removed as we see in the new FRST log..

 

C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION

 

 

Run the following:

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…
 

Link to post
Share on other sites

Thanks for the update, if you  sure are all is ok run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 

  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.