Re: PC checked for malware
Hi Corrine.
I have found a second folder named FRST (2):
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Gianfranco (administrator) on EH-PC (02-08-2017 22:02:59)
Running from C:\Users\Gianfranco\Desktop
Loaded Profiles: Gianfranco (Available Profiles: Gianfranco & Guest)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sysinternals) C:\Windows\PSEXESVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [1980-01-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2017-04-07]
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1476158224-1758418250-2409185508-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
FireFox:
========
FF DefaultProfile: h2ihtrgj.default
FF ProfilePath: C:\Users\Gianfranco\AppData\Roaming\Mozilla\Firefox\Profiles\h2ihtrgj.default [2017-07-31]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp","hxxp://www.google.com/"
CHR Profile: C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Documenti Google) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-19]
CHR Extension: (Google Drive) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-21]
CHR Extension: (YouTube) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-19]
CHR Extension: (Avast Passwords) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-07-21]
CHR Extension: (Google Documenti offline) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-19]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-19]
CHR Extension: (Gmail) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 AviraPhantomVPN; C:\Program Files\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42824 2017-07-12] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2017-06-23] (Sysinternals)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-03-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppProtectEx; C:\Windows\System32\drivers\AppProtectEx.sys [104256 2014-10-23] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-02-11] (IVT Corporation.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-12-25] (Windows (R) Win 7 DDK provider)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [56832 2017-02-11] (GenesysLogic)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43176 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [25440 2016-03-04] (ThreatTrack Security)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2017-06-20] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-11] (REALiX(tm))
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2017-06-26] (Highresolution Enterprises [
www.highrez.co.uk])
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [31592 1980-01-04] (Kingsoft Corporation)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [114264 1980-01-04] (Kingsoft Corporation)
R2 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [28288 2017-05-01] (OPSWAT, Inc.)
R2 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [30848 2017-05-01] (OPSWAT, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-02] (Malwarebytes)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2017-02-11] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [31032 2017-07-13] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-21] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [428832 2017-07-24] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-02 22:00 - 2017-08-02 22:02 - 000012294 _____ C:\Users\Gianfranco\Desktop\FRST.txt
2017-08-02 21:55 - 2017-08-02 21:55 - 001777664 _____ (Farbar) C:\Users\Gianfranco\Desktop\FRST.exe
2017-08-01 21:24 - 2017-08-01 21:29 - 000003462 _____ C:\Users\Gianfranco\Desktop\SFCFix.txt
2017-08-01 21:12 - 2017-08-01 21:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\niemiro
2017-08-01 21:11 - 2017-08-01 21:11 - 002884096 _____ (niemiro) C:\Users\Gianfranco\Desktop\SFCFix.exe
2017-08-01 13:29 - 2017-08-01 13:29 - 001250816 _____ C:\Users\Gianfranco\Documents\MicrosoftEasyFix50202.msi
2017-07-31 22:56 - 2017-07-31 22:27 - 000983302 _____ C:\Windows\ntbtlog.txt
2017-07-31 22:44 - 2017-07-31 22:44 - 000002228 _____ C:\Users\Gianfranco\Desktop\JRT.txt
2017-07-31 22:42 - 2017-07-31 22:43 - 001790024 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\JRT.exe
2017-07-31 13:38 - 2017-07-31 13:42 - 008162248 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\adwcleaner_7.0.0.0.exe
2017-07-30 12:42 - 2017-07-30 17:33 - 000000000 ___RD C:\Users\Gianfranco\Dropbox
2017-07-30 12:42 - 2017-07-30 12:42 - 000001188 _____ C:\Users\Gianfranco\Desktop\Dropbox.lnk
2017-07-30 12:40 - 2017-07-30 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-30 12:38 - 2017-07-30 12:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Dropbox
2017-07-30 12:34 - 2017-08-02 21:43 - 000001100 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-30 12:34 - 2017-08-02 13:39 - 000001104 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-30 12:34 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Dropbox
2017-07-30 12:34 - 2017-07-30 12:41 - 000000000 ____D C:\Program Files\Dropbox
2017-07-30 12:34 - 2017-07-30 12:34 - 000690080 _____ (Dropbox, Inc.) C:\Users\Gianfranco\Documents\DropboxInstaller.exe
2017-07-30 12:34 - 2017-07-30 12:34 - 000000000 ____D C:\ProgramData\Dropbox
2017-07-30 12:31 - 2017-07-30 17:32 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SendSpace Wizard
2017-07-30 12:29 - 2017-07-30 12:29 - 000002509 _____ C:\Users\Public\Desktop\Sendspace Wizard.lnk
2017-07-30 12:29 - 2017-07-30 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sendspace Wizard
2017-07-30 12:25 - 2017-07-30 12:26 - 012263424 _____ C:\Users\Gianfranco\Documents\SendSpace Wizard v1.6.3 Windows Installer.msi
2017-07-29 17:54 - 2017-07-29 17:54 - 000000792 _____ C:\Windows\system32\config\components.zip
2017-07-29 00:51 - 2017-07-30 16:49 - 000741376 _____ C:\Windows\system32\LanguageDB.mdb
2017-07-28 23:22 - 2017-07-28 23:22 - 000000000 ____D C:\Users\Gianfranco\Desktop\Nuova cartella
2017-07-28 23:20 - 2017-07-28 23:20 - 000347440 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\MicrosoftFixit-portable.exe
2017-07-28 22:51 - 2017-07-28 22:51 - 012286056 _____ (Intel Corporation) C:\Users\Gianfranco\Documents\SetupRST.exe
2017-07-28 22:51 - 2017-07-28 22:51 - 000000000 ____D C:\Users\Gianfranco\Intel
2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Documents\Cartella Scambio Bluetooth
2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Bluetooth Software
2017-07-28 22:08 - 2017-07-28 22:08 - 000876048 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\mssstool32.exe
2017-07-28 14:46 - 2017-07-28 14:46 - 000226500 _____ C:\Windows\system32\ExpandedRegCLP.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000002038 _____ C:\Windows\system32\AllLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000001403 _____ C:\Windows\system32\UnknownLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000605 _____ C:\Windows\system32\WhiteLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\deletedfiles.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\BlackLog.txt
2017-07-28 01:13 - 2017-07-28 01:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\LibreOffice
2017-07-28 01:06 - 2017-07-28 01:06 - 000367863 _____ C:\Users\Gianfranco\Documents\Cv Grillone.pdf
2017-07-28 00:21 - 2017-07-30 18:05 - 004476928 _____ C:\Windows\system32\RefGuide.mdb
2017-07-27 12:25 - 2017-07-27 12:25 - 000001006 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-07-26 21:39 - 2017-07-26 21:39 - 000313366 _____ C:\Users\Gianfranco\Downloads\WindowsUpdate.diagcab
2017-07-26 13:14 - 2017-07-26 13:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-26 13:00 - 2017-07-30 18:04 - 000003421 _____ C:\Windows\system32\FileInfoCheck.txt
2017-07-26 13:00 - 2017-07-30 18:04 - 000001635 _____ C:\Windows\system32\ReturnFromWS.txt
2017-07-26 13:00 - 2017-07-30 18:04 - 000000474 _____ C:\Windows\system32\TimeLog.txt
2017-07-26 12:59 - 2017-07-30 18:04 - 000006455 _____ C:\Windows\system32\Testing.txt
2017-07-26 12:59 - 2017-07-30 18:04 - 000006134 _____ C:\Windows\system32\XMLSent.txt
2017-07-26 12:50 - 2017-07-30 17:54 - 000024223 _____ C:\Windows\system32\Ext.txt
2017-07-26 12:50 - 2017-07-30 17:54 - 000000000 _____ C:\Windows\system32\SkippedFiles.txt
2017-07-26 12:49 - 2017-07-30 17:53 - 000000230 _____ C:\Windows\system32\Lnk.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000194670 _____ C:\Windows\system32\RegCLP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000016723 _____ C:\Windows\system32\UniqueCLP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000015274 _____ C:\Windows\system32\FilesFound.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000001652 _____ C:\Windows\system32\LP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000000439 _____ C:\Windows\system32\FilesNotFound.txt
2017-07-25 21:43 - 2017-07-30 18:10 - 000000704 _____ C:\Windows\system32\RefGuide.ldb
2017-07-25 21:43 - 2017-07-30 16:50 - 000000000 _____ C:\Windows\system32\iphist.dat
2017-07-25 13:52 - 2017-07-25 13:52 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\AviraSpeedup
2017-07-25 13:50 - 2017-07-25 13:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\Program Files\Avira
2017-07-25 13:46 - 2017-07-25 13:47 - 004806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\Gianfranco\Downloads\avira_en_asu80___sfc.exe
2017-07-24 21:59 - 2017-07-24 21:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\PCHC
2017-07-24 21:58 - 2017-07-30 18:11 - 000000000 ____D C:\Program Files\Swisscom PC-Assistant
2017-07-24 21:58 - 2017-07-24 21:58 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Swisscom PC-Assistant
2017-07-24 21:57 - 2017-07-24 21:57 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\III
2017-07-24 21:52 - 2017-07-24 21:55 - 017239928 _____ (Sutherland Global Services Inc., ) C:\Users\Gianfranco\Downloads\PcAssistant.exe
2017-07-24 21:51 - 2017-07-24 21:51 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian(1).exe
2017-07-24 21:50 - 2017-07-25 13:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SwisscomPCCheck
2017-07-24 21:49 - 2017-07-24 21:49 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian.exe
2017-07-24 21:12 - 2017-07-24 21:13 - 000000000 __SHD C:\ZIL.QUAR
2017-07-24 20:35 - 2017-07-24 20:35 - 002928600 _____ (Hewlett-Packard ) C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe
2017-07-24 12:13 - 2017-07-24 12:15 - 000000000 ____D C:\KVRT_Data
2017-07-24 11:58 - 2017-07-24 12:05 - 192214113 _____ (Igor Pavlov) C:\Users\Gianfranco\Downloads\ZillyaScanner_en.exe
2017-07-24 11:50 - 2017-07-24 11:52 - 122123224 _____ (Kaspersky Lab ZAO) C:\Users\Gianfranco\Downloads\KVRT.exe
2017-07-24 11:41 - 2017-07-24 11:47 - 139922097 _____ C:\Users\Gianfranco\Downloads\Vba32Check.exe
2017-07-24 11:37 - 2017-07-24 11:40 - 000000056 _____ C:\Windows\Lic.xxx
2017-07-24 11:35 - 2017-07-24 11:35 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000572928 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000428832 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-07-24 11:35 - 2017-07-24 11:35 - 000156392 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\ProgramData\MicroWorld
2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\Program Files\Common Files\MicroWorld
2017-07-24 11:31 - 2017-07-24 11:33 - 204130528 _____ C:\Users\Gianfranco\Downloads\mwav.exe
2017-07-22 10:06 - 2017-07-22 10:08 - 000202670 _____ C:\TDSSKiller.3.1.0.15_22.07.2017_10.06.56_log.txt
2017-07-22 10:06 - 2017-07-22 10:06 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Gianfranco\Downloads\tdsskiller.exe
2017-07-22 08:22 - 2017-08-02 21:46 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-22 08:21 - 2017-07-22 08:21 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-22 08:21 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-22 08:20 - 2017-07-22 08:21 - 065033984 _____ (Malwarebytes ) C:\Users\Gianfranco\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-21 21:21 - 2017-07-21 21:28 - 108221696 _____ (Avanquest Software) C:\Users\Gianfranco\Downloads\Fix-It_Pro_ITA.exe
2017-07-21 20:40 - 2017-07-21 20:41 - 043280592 _____ (Microsoft Corporation) C:\Users\Gianfranco\Downloads\Windows-KB890830-V5.50.exe
2017-07-21 16:59 - 2017-07-22 09:40 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-21 16:59 - 2017-07-21 16:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Zemana
2017-07-21 16:58 - 2017-07-21 16:58 - 006589840 _____ (Zemana Ltd. ) C:\Users\Gianfranco\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-21 16:09 - 2017-07-31 23:29 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\NPE
2017-07-21 16:09 - 2017-07-21 16:09 - 003422432 _____ (Symantec Corporation) C:\Users\Gianfranco\Downloads\NPE.exe
2017-07-21 15:20 - 2017-07-23 12:20 - 000000000 _____ C:\Windows\system32\app.json
2017-07-21 14:28 - 2017-07-21 14:28 - 000000000 ____D C:\Users\Gianfranco\Desktop\Metadefender
2017-07-21 14:26 - 2017-08-02 21:47 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CrashDumps
2017-07-21 14:24 - 2017-07-21 23:30 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Metadefender-Local
2017-07-21 00:12 - 2017-07-21 00:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Adobe
2017-07-21 00:12 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Adobe
2017-07-20 23:16 - 2017-07-20 23:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Google
2017-07-20 22:01 - 2017-07-20 22:01 - 000000000 ____D C:\Users\Gianfranco\Downloads\WRCFree
2017-07-20 22:00 - 2017-07-20 22:00 - 003128889 _____ C:\Users\Gianfranco\Downloads\WRCFree.zip
2017-07-20 21:53 - 2017-07-20 21:55 - 000000000 ____D C:\Users\Gianfranco\Downloads\shexview
2017-07-20 21:52 - 2017-07-20 21:52 - 000066867 _____ C:\Users\Gianfranco\Downloads\shexview.zip
2017-07-20 21:51 - 2017-07-20 21:51 - 000002707 _____ C:\Users\Gianfranco\Downloads\shexview_italian1.zip
2017-07-20 21:14 - 2017-08-02 16:22 - 000000000 ____D C:\Users\Gianfranco\Downloads\ResetWUEng
2017-07-20 01:40 - 2017-07-20 01:40 - 001447799 _____ C:\Users\Gianfranco\Desktop\cbs
2017-07-19 23:45 - 2017-07-31 22:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ElevatedDiagnostics
2017-07-19 22:30 - 2017-07-25 14:15 - 000343280 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-19 22:16 - 2017-07-25 13:50 - 000078168 _____ C:\Users\Gianfranco\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-19 21:49 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2017-07-19 13:42 - 2017-07-19 13:42 - 000000000 ____D C:\Users\Gianfranco\Desktop\ElectronicHouse
2017-07-19 13:28 - 2017-07-31 21:33 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Mozilla
2017-07-19 13:28 - 2017-07-19 13:33 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Mozilla
2017-07-19 13:28 - 2017-07-19 13:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Mozilla
2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Opera Software
2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Opera Software
2017-07-19 12:59 - 2017-07-19 12:59 - 000077768 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-19 12:58 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\LocalLow\360WD
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Local\ATI
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\QSwitch.txt
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\DSwitch.txt
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\AtStart.txt
2017-07-18 16:55 - 2017-07-18 16:55 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CEF
2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\ATI
2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ATI
2017-07-18 16:50 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco
2017-07-18 16:50 - 2017-07-25 21:20 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\hpqLog
2017-07-18 16:50 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Adobe
2017-07-18 16:50 - 2017-07-19 14:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Google
2017-07-18 16:50 - 2017-07-18 16:50 - 000001397 _____ C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-18 16:50 - 2017-07-18 16:50 - 000000020 ___SH C:\Users\Gianfranco\ntuser.ini
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di stampa
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di rete
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Recenti
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Modelli
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Menu Avvio
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Impostazioni locali
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Video
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Musica
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Immagini
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documenti
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Dati applicazioni
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Dati applicazioni
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Cronologia
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\VirtualStore
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\QSwitch.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\DSwitch.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\AtStart.txt
2017-07-18 16:50 - 2011-04-12 06:27 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Media Center Programs
2017-07-17 09:44 - 2017-08-02 16:11 - 000000000 ____D C:\Program Files\Opera
2017-07-17 09:44 - 2017-07-18 15:50 - 000001933 _____ C:\Users\Public\Desktop\Browser Opera.lnk
2017-07-17 09:44 - 2017-07-17 09:44 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2017-07-17 09:36 - 2017-07-17 09:36 - 000000000 ____D C:\Windows\Tasks\360Disabled
2017-07-17 09:35 - 2017-07-20 20:52 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-16 23:30 - 2016-03-04 12:26 - 000025440 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2017-07-16 23:30 - 2015-08-27 07:31 - 000043176 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2017-07-16 23:28 - 2017-07-17 01:30 - 000000000 ____D C:\VIPRERESCUE
2017-07-16 20:34 - 2017-07-16 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2017-07-16 14:51 - 2017-07-16 14:51 - 000000000 ____D C:\Windows\system32\catroot2.old
2017-07-15 23:24 - 2017-07-15 23:24 - 000000000 ____D C:\MFT 43551
2017-07-15 00:31 - 2017-07-15 00:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2017-07-15 00:28 - 2017-07-15 00:28 - 000000000 ____D C:\Program Files\Common Files\adaware
2017-07-15 00:13 - 2017-07-16 13:42 - 000000000 ____D C:\ProgramData\TuneUp Software
2017-07-15 00:12 - 2017-07-15 00:12 - 000000000 __SHD C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2017-07-14 22:28 - 2017-07-14 22:28 - 000000000 ____D C:\ProgramData\dbg
2017-07-13 13:32 - 2017-07-13 13:32 - 000031032 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys
2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
2017-07-12 23:33 - 2017-07-15 11:47 - 000000000 ____D C:\ProgramData\Bitdefender
2017-07-12 21:58 - 2017-07-12 21:58 - 000042824 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-07-12 11:58 - 2017-07-12 11:58 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2017-07-10 22:32 - 2017-07-25 21:20 - 000000000 ____D C:\Windows\SoftwareDistribution.old
2017-07-10 13:04 - 2017-07-10 13:04 - 000003814 _____ C:\Windows\system32\bddel.dat
2017-07-08 16:58 - 2017-08-02 22:02 - 000000000 ____D C:\FRST
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 21:43 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-02 13:49 - 2017-01-30 11:43 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-01 21:28 - 2017-06-14 13:01 - 000000000 ____D C:\SFCFix
2017-08-01 15:26 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2017-08-01 13:40 - 2017-05-12 11:25 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-31 23:01 - 2017-06-07 01:10 - 000000000 ____D C:\NPE
2017-07-31 22:31 - 2017-05-19 23:11 - 000000000 ____D C:\AdwCleaner
2017-07-28 22:43 - 2017-02-03 12:16 - 000660644 _____ C:\Windows\system32\perfh005.dat
2017-07-28 22:43 - 2017-02-03 12:16 - 000141294 _____ C:\Windows\system32\perfc005.dat
2017-07-28 22:43 - 2017-02-03 11:53 - 000737260 _____ C:\Windows\system32\perfh00A.dat
2017-07-28 22:43 - 2017-02-03 11:53 - 000158342 _____ C:\Windows\system32\perfc00A.dat
2017-07-28 22:43 - 2017-02-01 10:59 - 000732162 _____ C:\Windows\system32\perfh015.dat
2017-07-28 22:43 - 2017-02-01 10:59 - 000155740 _____ C:\Windows\system32\perfc015.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000737520 _____ C:\Windows\system32\perfh00C.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000470818 _____ C:\Windows\system32\perfh001.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000149448 _____ C:\Windows\system32\perfc00C.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000094640 _____ C:\Windows\system32\perfc001.dat
2017-07-28 22:43 - 2017-01-26 12:32 - 000705684 _____ C:\Windows\system32\prfh0416.dat
2017-07-28 22:43 - 2017-01-26 12:32 - 000147524 _____ C:\Windows\system32\prfc0416.dat
2017-07-28 22:43 - 2017-01-26 12:31 - 000501218 _____ C:\Windows\system32\perfh006.dat
2017-07-28 22:43 - 2017-01-26 12:31 - 000098526 _____ C:\Windows\system32\perfc006.dat
2017-07-28 22:43 - 2017-01-26 12:18 - 000689012 _____ C:\Windows\system32\perfh007.dat
2017-07-28 22:43 - 2017-01-26 12:18 - 000148984 _____ C:\Windows\system32\perfc007.dat
2017-07-28 22:43 - 2017-01-26 12:09 - 000390146 _____ C:\Windows\system32\prfh0404.dat
2017-07-28 22:43 - 2017-01-26 12:09 - 000114958 _____ C:\Windows\system32\prfc0404.dat
2017-07-28 22:43 - 2017-01-23 13:38 - 000648486 _____ C:\Windows\system32\perfh01F.dat
2017-07-28 22:43 - 2017-01-23 13:38 - 000139868 _____ C:\Windows\system32\perfc01F.dat
2017-07-28 22:43 - 2011-04-12 06:18 - 000741312 _____ C:\Windows\system32\perfh010.dat
2017-07-28 22:43 - 2011-04-12 06:18 - 000147334 _____ C:\Windows\system32\perfc010.dat
2017-07-28 22:43 - 2010-11-20 23:01 - 011011858 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-28 22:43 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-07-28 22:43 - 1980-01-04 01:03 - 000720822 _____ C:\Windows\system32\prfh0816.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000716404 _____ C:\Windows\system32\perfh019.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000152774 _____ C:\Windows\system32\prfc0816.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000150710 _____ C:\Windows\system32\perfc019.dat
2017-07-28 22:27 - 2017-03-23 20:12 - 000000000 ____D C:\Windows\pss
2017-07-25 21:20 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oldcatroot2
2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2017-07-24 20:35 - 2017-01-18 10:08 - 000000000 ____D C:\SWSetup
2017-07-24 11:39 - 2009-07-14 04:04 - 000000856 _____ C:\Windows\win.ini
2017-07-22 09:37 - 2017-04-07 22:32 - 000309593 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-22 09:05 - 2017-04-07 22:32 - 002558543 _____ C:\Windows\ZAM.krnl.trace
2017-07-21 20:41 - 2017-06-28 17:15 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-19 22:09 - 2017-06-10 23:34 - 000000422 __RSH C:\ProgramData\ntuser.pol
2017-07-19 21:38 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2017-07-19 13:42 - 2017-02-01 10:24 - 000000000 ____D C:\Windows\system32\appmgmt
2017-07-19 13:42 - 1980-01-04 01:34 - 000000000 ____D C:\Users\ElectronicHouse
2017-07-17 09:43 - 2017-02-07 14:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-17 09:43 - 2017-02-07 14:35 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-17 09:41 - 1980-01-04 01:23 - 000000000 ____D C:\Windows\Panther
2017-07-12 22:46 - 2017-02-10 21:29 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 22:28 - 2009-07-14 06:34 - 000003072 _____ C:\Windows\system32\umstartup.etl
2017-07-12 11:45 - 2017-06-18 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-12 11:45 - 2017-06-18 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-12 11:44 - 2017-01-30 11:29 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-07 13:34 - 1980-01-04 01:02 - 000000000 ____D C:\ProgramData\Kingsoft
==================== Files in the root of some directories =======
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\AtStart.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\DSwitch.txt
2017-07-21 14:25 - 2017-07-23 12:22 - 000001789 _____ () C:\Users\Gianfranco\AppData\Local\infection.log
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\QSwitch.txt
2017-06-28 23:42 - 2017-06-28 23:42 - 000045723 _____ () C:\ProgramData\agent.1498686124.bdinstall.bin
2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ () C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
2017-06-29 11:36 - 2017-06-29 11:36 - 000030398 _____ () C:\ProgramData\agent.update.1498728924.bdinstall.bin
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed