Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:\windows\system32\Services.exe infected and WUPDATE errors


  • This topic is locked This topic is locked
24 replies to this topic

#1 jackpera

jackpera

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 18 March 2015 - 12:31 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 18 March 2015 - 08:29 PM

Hello 

jackpera

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 March 2015 - 03:35 AM

Thanks for helping me. As some parts of the logs are in Italian, please just ask if you miss something, I'm a translator.
 
There you go:
 
# AdwCleaner v4.112 - Creato file registro eventi 19/03/2015 in 09:19:23
# Aggiornato 09/03/2015 da Xplode
# Database : 2015-03-15.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Jacopo-Perenchio - PTT_JPERENCHIO
# In esecuzione da : C:\Users\Jacopo-Perenchio\Downloads\AdwCleaner.exe
# Opzione : Pulizia
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
[x] Non Eliminato : C:\ProgramData\Babylon
[x] Non Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[x] Non Eliminato : C:\Program Files (x86)\Babylon
[x] Non Eliminato : C:\Users\JACOPO~1\AppData\Local\Temp\Babylon
[x] Non Eliminato : C:\Program Files\Babylon
[x] Non Eliminato : C:\Users\Jacopo-Perenchio\AppData\Local\Babylon
[x] Non Eliminato : C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon
[x] Non Eliminato : C:\Users\Public\Desktop\Babylon.lnk
[x] Non Eliminato : C:\Users\Jacopo-Perenchio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
 
***** [ Attività pianificate ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registry ] *****
 
Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
[x] Non Eliminato : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
[x] Non Eliminato : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
[x] Non Eliminato : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
[x] Non Eliminato : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
[x] Non Eliminato : HKLM\SOFTWARE\Classes\.bdc
[x] Non Eliminato : HKLM\SOFTWARE\Classes\.bgl
[x] Non Eliminato : HKLM\SOFTWARE\Classes\.bof
[x] Non Eliminato : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
[x] Non Eliminato : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabyDict
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabyGloss
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
[x] Non Eliminato : HKLM\SOFTWARE\Classes\BabyOptFile
[x] Non Eliminato : HKLM\SOFTWARE\Classes\Prod.cap
[x] Non Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
[x] Non Eliminato : HKCU\Software\Babylon
[x] Non Eliminato : HKLM\SOFTWARE\Babylon
[x] Non Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
[x] Non Eliminato : [x64] HKCU\Software\Babylon
 
***** [ Browser web ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v35.0.1 (x86 it)
 
[oxplugmo.default\prefs.js] - Linea Eliminato : user_pref("extensions.xpiState", "{\"app-profile\":{\"firebug@software.joehewitt.com\":{\"d\":\"C:\\\\Users\\\\Jacopo-Perenchio\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\oxplugmo.defa[...]
 
-\\ Google Chrome v41.0.2272.89
 
 
*************************
 
AdwCleaner[R1].txt - [5934 byte] - [19/03/2015 09:08:58]
AdwCleaner[S1].txt - [5966 byte] - [19/03/2015 09:19:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6024  byte] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jacopo-Perenchio (administrator) on PTT_JPERENCHIO on 19-03-2015 09:30:08
Running from C:\Users\Jacopo-Perenchio\Downloads
Loaded Profiles: Jacopo-Perenchio (Available profiles: Jacopo-Perenchio)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-28] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-28] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{277D9672-2123-480E-860D-84DE6A912C4A}: [NameServer]  
 
FireFox:
========
FF ProfilePath: C:\Users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2014-12-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-1679795485-2240383637-3727778220-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jacopo-Perenchio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-04] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.gazzetta.it/", "hxxp://www.repubblica.it/", "hxxp://www.lastampa.it/sport", "hxxp://it.buyvip.com/", "https://secure.it.vente-privee.com/authentication/login/IT?ReturnUrl=%2fhome%2fit%3fseq%3dSjHEzFmpSS%2bm5d8G5jSgsw%3d%3d&seq=SjHEzFmpSS+m5d8G5jSgsw%3d%3d", "hxxp://it.privalia.com/public/notlogged", "hxxp://www.saldiprivati.com/MySaldiPrivati/Sales/ListSales.aspx", "hxxp://www.showroomprive.it/accueil.aspx", "hxxp://www.gourmant.com/vetrina-offerte.php", "hxxp://www.dalani.it/campaign/", "https://www.facebook.com/", "hxxp://espn.go.com/nba/"
CHR Profile: C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (YouTube) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (Chrono Download Manager) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-01-07]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Gmail) - C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-25] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2014-07-18] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.)
S2 NewServiceInstall1; C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [11264 2007-04-23] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-04-14] (Glarysoft Ltd)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2014-10-14] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2014-07-18] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-18] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 09:30 - 2015-03-19 09:30 - 00017648 _____ () C:\Users\Jacopo-Perenchio\Downloads\FRST.txt
2015-03-19 09:29 - 2015-03-19 09:30 - 00000000 ____D () C:\FRST
2015-03-19 09:29 - 2015-03-19 09:29 - 02095616 _____ (Farbar) C:\Users\Jacopo-Perenchio\Downloads\FRST64.exe
2015-03-19 09:08 - 2015-03-19 09:19 - 00000000 ____D () C:\AdwCleaner
2015-03-19 09:07 - 2015-03-19 09:07 - 02171392 _____ () C:\Users\Jacopo-Perenchio\Downloads\AdwCleaner.exe
2015-03-18 17:03 - 2015-03-18 17:40 - 325435392 _____ () C:\Users\Jacopo-Perenchio\Downloads\kav_rescue_10.iso
2015-03-18 13:58 - 2015-03-18 14:10 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-18 13:58 - 2015-03-18 13:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-18 13:49 - 2015-03-18 13:49 - 02347384 _____ (ESET) C:\Users\Jacopo-Perenchio\Downloads\esetsmartinstaller_enu.exe
2015-03-18 13:48 - 2015-03-18 13:48 - 00003640 _____ () C:\Windows\system32\.crusader
2015-03-18 12:32 - 2015-03-18 14:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-18 10:27 - 2015-03-18 10:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 10:27 - 2015-03-18 10:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-18 10:27 - 2015-03-18 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 10:27 - 2015-03-18 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 10:27 - 2015-03-18 10:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 10:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 10:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 10:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 10:21 - 2015-03-18 10:44 - 10995632 _____ (SurfRight B.V.) C:\Users\Jacopo-Perenchio\Downloads\HitmanPro_x64.exe
2015-03-18 10:20 - 2015-03-18 10:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jacopo-Perenchio\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-18 09:44 - 2015-03-18 10:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-18 09:44 - 2015-03-18 09:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 09:32 - 2015-03-18 09:42 - 15648856 _____ () C:\Users\Jacopo-Perenchio\Downloads\RogueKiller.exe
2015-03-18 09:14 - 2015-03-18 09:14 - 00049590 _____ () C:\ComboFix.txt
2015-03-17 18:54 - 2015-03-17 18:54 - 05615380 ____R (Swearware) C:\Users\Jacopo-Perenchio\Downloads\ComboFix.exe
2015-03-17 17:57 - 2015-03-17 17:58 - 00000310 _____ () C:\Users\Jacopo-Perenchio\Downloads\RootkitRemover_20150317_175714.log
2015-03-17 17:56 - 2015-03-17 17:56 - 00783120 _____ (McAfee, Inc.) C:\Users\Jacopo-Perenchio\Downloads\java.exe
2015-03-17 16:36 - 2015-03-19 09:10 - 00000000 ____D () C:\ProgramData\Babylon
2015-03-17 16:36 - 2015-03-17 18:22 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 16:36 - 2015-03-17 16:37 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00001151 _____ () C:\Users\Public\Desktop\Babylon.lnk
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\Program Files\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\Program Files (x86)\Babylon
2015-03-17 16:35 - 2015-03-17 16:35 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Jacopo-Perenchio\Downloads\Babylon10_setup_ns.exe
2015-03-17 16:18 - 2015-03-17 16:18 - 00000054 _____ () C:\Users\Jacopo-Perenchio\Desktop\mal.txt
2015-03-17 16:17 - 2015-03-17 16:18 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jacopo-Perenchio\Downloads\iexplore.exe
2015-03-17 16:17 - 2015-03-17 16:18 - 04176437 _____ () C:\Users\Jacopo-Perenchio\Downloads\tdsskiller.zip
2015-03-17 15:49 - 2015-03-17 15:52 - 39739064 _____ (Microsoft Corporation) C:\Users\Jacopo-Perenchio\Downloads\Windows-KB890830-x64-V5.21.exe
2015-03-17 15:40 - 2015-03-17 15:46 - 00000000 _____ () C:\Users\Jacopo-Perenchio\Downloads\hijackthis.log
2015-03-17 14:14 - 2015-03-17 14:14 - 00283772 _____ () C:\Users\Jacopo-Perenchio\Downloads\OTL.Txt
2015-03-17 14:14 - 2015-03-17 14:14 - 00101326 _____ () C:\Users\Jacopo-Perenchio\Downloads\Extras.Txt
2015-03-17 13:48 - 2015-03-17 13:49 - 00003017 _____ () C:\Users\Jacopo-Perenchio\Downloads\FSS.txt
2015-03-17 11:07 - 2015-03-17 11:07 - 00000000 ____D () C:\Repair
2015-03-17 10:30 - 2015-03-17 10:54 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 09:08 - 2015-03-17 09:08 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-03-16 18:17 - 2015-03-17 10:22 - 00000000 ____D () C:\Users\Jacopo-Perenchio\Desktop\test massimo
2015-03-13 16:19 - 2015-03-13 16:20 - 00000000 ____D () C:\Windows\system32\catroot2.bak
2015-03-13 12:20 - 2015-03-16 15:38 - 00000000 ____D () C:\Windows\SoftwareDistribution.bak
2015-03-11 18:43 - 2015-03-13 15:37 - 00000000 ____D () C:\Windows\sdold.old
2015-03-11 17:46 - 2015-03-13 15:37 - 00000000 ____D () C:\Windows\system32\catroot2old
2015-03-11 17:41 - 2015-03-19 09:20 - 00002330 _____ () C:\Windows\setupact.log
2015-03-11 17:41 - 2015-03-13 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-11 16:40 - 2015-03-11 16:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PTT_JPERENCHIO-Windows-7-Professional-(64-bit).dat
2015-03-11 16:35 - 2015-03-11 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-11 16:34 - 2015-03-11 16:34 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-11 16:16 - 2015-03-11 16:16 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 16:16 - 2015-03-11 16:16 - 00000000 ____D () C:\ProgramData\KSafe
2015-03-11 16:16 - 2015-03-11 16:16 - 00000000 ____D () C:\Program Files (x86)\DllTool
2015-03-11 13:16 - 2015-03-11 13:16 - 00000000 ____D () C:\Windows\CheckSur
2015-03-10 11:04 - 2015-03-17 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 18:29 - 2015-02-25 18:36 - 00000000 ____D () C:\Windows\SoftwareDistribution.old
2015-02-25 17:59 - 2015-02-25 17:59 - 00024485 _____ () C:\Windows\SysWOW64\hs_err_pid2196.log
2015-02-24 11:24 - 2015-02-26 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 11:24 - 2015-02-24 11:24 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-24 11:23 - 2015-02-26 01:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 11:23 - 2015-02-26 01:16 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 11:23 - 2015-02-26 01:16 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 11:23 - 2015-02-26 01:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 09:29 - 2014-09-11 17:34 - 00712165 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 09:27 - 2014-12-30 08:17 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-19 09:27 - 2014-04-19 07:29 - 00000000 ____D () C:\Users\Jacopo-Perenchio\Documents\File di Outlook
2015-03-19 09:27 - 2014-04-18 22:48 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-19 09:27 - 2014-04-18 20:59 - 00742028 _____ () C:\Windows\system32\perfh010.dat
2015-03-19 09:27 - 2014-04-18 20:59 - 00149470 _____ () C:\Windows\system32\perfc010.dat
2015-03-19 09:27 - 2009-07-14 06:13 - 01698762 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 09:23 - 2014-11-10 16:34 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 09:23 - 2014-04-24 13:47 - 00000354 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2015-03-19 09:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 09:18 - 2014-04-18 17:27 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\Skype
2015-03-19 08:59 - 2014-11-10 16:35 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 08:47 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 08:47 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 08:43 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 17:16 - 2014-04-18 11:51 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\Deployment
2015-03-18 16:47 - 2014-04-18 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-18 16:37 - 2014-04-18 16:50 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-18 13:53 - 2014-04-21 07:25 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\CrashDumps
2015-03-18 13:50 - 2014-09-12 10:07 - 00042742 _____ () C:\Windows\PFRO.log
2015-03-18 12:02 - 2015-02-12 12:35 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-18 10:00 - 2014-04-18 11:51 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\Apps\2.0
2015-03-18 09:14 - 2013-03-01 14:02 - 00000000 ____D () C:\Qoobox
2015-03-18 09:12 - 2014-04-18 17:21 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\FileZilla
2015-03-18 09:03 - 2014-09-11 17:17 - 00000000 ____D () C:\Windows\erdnt
2015-03-18 09:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-17 12:50 - 2014-11-12 12:11 - 00000000 ____D () C:\Users\Operatore.SEI2
2015-03-16 11:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-13 16:19 - 2014-04-24 13:47 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2015-03-13 16:02 - 2014-11-07 18:15 - 00001890 _____ () C:\Windows\diagwrn.xml
2015-03-13 16:02 - 2014-11-07 18:15 - 00001890 _____ () C:\Windows\diagerr.xml
2015-03-13 15:38 - 2014-04-18 11:17 - 00000000 ____D () C:\Users\Jacopo-Perenchio
2015-03-13 15:37 - 2015-02-13 12:31 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-13 15:37 - 2014-04-22 08:48 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-03-13 15:37 - 2014-04-18 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-13 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Catroot2.old
2015-03-13 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-11 17:44 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-11 17:41 - 2009-07-14 05:45 - 00465064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 17:40 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2015-03-11 17:23 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini
2015-03-11 16:55 - 2014-04-18 11:51 - 00127320 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 16:15 - 2014-09-11 17:03 - 00000000 ____D () C:\Windows\Minidump
2015-03-11 16:15 - 2014-04-18 08:31 - 00000000 ____D () C:\found.001
2015-03-11 16:15 - 2014-04-17 15:14 - 00000000 ____D () C:\found.000
2015-03-11 15:29 - 2014-11-10 16:12 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 15:00 - 2014-04-24 13:47 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\DiskDefrag
2015-03-11 13:40 - 2014-04-18 23:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 12:45 - 2014-04-18 17:24 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\Notepad++
2015-03-10 15:41 - 2014-08-04 14:20 - 00000154 _____ () C:\Users\Jacopo-Perenchio\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-03-10 15:41 - 2014-08-04 14:20 - 00000154 _____ () C:\Users\Jacopo-Perenchio\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-10 15:08 - 2014-05-12 17:48 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\vlc
2015-03-09 15:25 - 2014-09-22 17:41 - 00011264 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 09:25 - 2014-04-18 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-09 09:25 - 2014-04-18 17:12 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-03-05 21:56 - 2015-02-13 12:32 - 00003626 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-02 17:25 - 2014-04-18 16:36 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-26 17:09 - 2014-08-12 18:50 - 00000000 ____D () C:\ProgramData\firebird
2015-02-26 16:17 - 2014-12-06 09:48 - 00000333 _____ () C:\Windows\pos.ini
2015-02-26 12:46 - 2011-11-26 21:40 - 00000000 ____D () C:\Dell
2015-02-26 01:16 - 2015-02-05 14:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-26 01:16 - 2014-04-25 07:42 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-02-26 01:15 - 2011-12-16 13:09 - 00000000 __RHD () C:\MSOCache
2015-02-25 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-25 17:50 - 2014-11-13 10:07 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-02-25 14:07 - 2014-09-04 16:41 - 00000000 ____D () C:\Users\Jacopo-Perenchio\EurekaLog
2015-02-24 16:39 - 2014-11-21 14:48 - 00000120 _____ () C:\Windows\SysWOW64\s
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-18 19:30 - 2014-04-28 14:58 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-18 19:30 - 2014-04-28 14:58 - 00001092 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
 
==================== Files in the root of some directories =======
 
2014-08-04 14:20 - 2015-03-10 15:41 - 0000154 _____ () C:\Users\Jacopo-Perenchio\AppData\Roaming\Rim.Desktop.Exception.log
2014-08-04 14:18 - 2014-08-04 14:18 - 0001153 _____ () C:\Users\Jacopo-Perenchio\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-08-04 14:20 - 2015-03-10 15:41 - 0000154 _____ () C:\Users\Jacopo-Perenchio\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-22 17:41 - 2015-03-09 15:25 - 0011264 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 17:22 - 2014-04-22 17:22 - 0000104 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\fusioncache.dat
2014-04-24 14:05 - 2015-02-02 10:38 - 0007606 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe
C:\Users\Jacopo-Perenchio\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jacopo-Perenchio\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jacopo-Perenchio\AppData\Local\Temp\Quarantine.exe
C:\Users\Jacopo-Perenchio\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2015-03-15 00:14
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jacopo-Perenchio at 2015-03-19 09:32:03
Running from C:\Users\Jacopo-Perenchio\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee 5.0 PowerPack (HKLM-x32\...\{5058B085-AA79-41E5-A726-681B4C4B846E}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe Acrobat X Standard - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-BA7E-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApSIC Xbench 2.9 (HKLM-x32\...\ApSIC Xbench) (Version: 2.9 - ApSIC, S.L.)
ATI AVIVO64 Codecs (Version: 11.6.0.10511 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{58C50F85-1CB8-7C68-8235-003814E701F0}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Attribute Changer 7.10g (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10g - Romain Petges)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
Babylon (HKLM-x32\...\Babylon) (Version:  - Babylon)
BB FlashBack Pro 4 (Italian) (HKLM-x32\...\BB FlashBack Pro 4 (Italian)) (Version: 4.1.11.3278 - Blueberry)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ChangeTracker version 1.0.2 (HKLM-x32\...\{AF4D8472-4913-4D50-9638-4397A3ED74F2}_is1) (Version: 1.0.2 - Technolex Translation Studio)
Deja Vu X (HKLM-x32\...\{E1BF7A39-31E7-44B7-9A7F-0B7A28DDDF64}) (Version: 7.5.0.338 - ATRIL)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell System Detect (HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
EaseUS Todo Backup Free 7.5  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Glary Utilities 4.10 (HKLM-x32\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grande Dizionario Tecnico Inglese (HKLM-x32\...\Grande Dizionario Tecnico Inglese) (Version: 1.0.0.0 - edPan search engine)
Idiom WorldServer Desktop Workbench (HKLM-x32\...\{7AD087F4-C7B6-4349-A9BF-0484BE301033}) (Version: 9.0.1.60 - Idiom Technologies, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 10 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 11 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - Sun Microsystems, Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.20.09.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
Passolo Translator 2009 SP7 (HKLM-x32\...\Passolo Translator 2009 SP7) (Version: Passolo Translator 2009 SP7 - SDL Passolo GmbH)
Passolo Translator 2011 (HKLM-x32\...\Passolo Translator 2011) (Version: Passolo Translator 2011 SP4 - SDL Passolo GmbH)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Nome società) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QA Distiller 8.5.0 (HKLM-x32\...\{00000000-0000-11D2-B60F-006097C998E7}) (Version: 8.5.0 - )
QMS AutoImport (HKLM-x32\...\{BC858908-D810-428A-BFD2-F376A785B461}) (Version: 1.0.0.0 - Moravia)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.383 - SDL)
SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.372 - SDL)
SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL)
SDL Trados 2007 Freelance (HKLM-x32\...\{43BD0C58-6E6E-4500-AFB0-263423319604}) (Version: 8.2.835 - SDL International)
SDL Trados 2011 SP2R - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3046 - SDL)
SDL Trados Compatibility module (HKLM-x32\...\{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}) (Version: 1.0.72 - SDL)
SDL Trados Studio 2011 SP2R (HKLM-x32\...\{D771A633-D6A3-4DB0-9E8B-4E6F44B93348}) (Version: 2.2.3123 - SDL)
SDLX (HKLM-x32\...\{CE98383B-7BB4-457C-AEAB-D89E9537628F}) (Version: 9.2.7035 - )
SDLX (x32 Version: 9.2.7035 - SDL International) Hidden
SDLXLIFF to Legacy Converter (HKLM-x32\...\{E5D6558A-5558-4A28-BC18-6155E8D6FEC9}) (Version: 1.0.0 - Logos Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TextPad Lexicons (HKLM-x32\...\{5A06BB8F-A3CB-49CB-9DDB-BA88F63D714D}) (Version: 6.0.0 - Nome società)
Tor 0.2.4.23 (HKLM-x32\...\Tor) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.2 - Tweaking.com)
UltraFileSearch (HKLM-x32\...\UltraFileSearch) (Version:  - Stegisoft)
UltraFileSearch (x32 Version: 3.6.0.14083 - Stegisoft) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Y-Snell-Tools (HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\...\58c55cd8f3fd5e2a) (Version: 7.5.0.6 - Yamagata Europe)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
17-03-2015 19:01:11 ComboFix created restore point
18-03-2015 13:47:02 Punto di controllo di HitmanPro
18-03-2015 13:47:55 Punto di controllo di HitmanPro
18-03-2015 16:36:32 Windows Update
18-03-2015 16:53:21 Windows Update
18-03-2015 17:49:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-03-18 09:54 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {222655B9-EC39-461E-9571-5609F5D8082B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32131820-EEA0-40EC-8770-1E609E225DA7} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {5E8857FF-36F0-4009-B9A4-2DFD8082241E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {65B47B4E-4098-46F8-A8B1-29DA1B32E7D6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {674303BB-8400-4C2B-9298-6B2B4489B47A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {67EA2ECC-B6B8-4C9E-A38A-6F8D8A36F7AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77C5DD32-D4EF-4D3F-BCC1-9976B806D9FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: {B49131C5-33EF-401A-87E8-13A6E35CAFF2} - System32\Tasks\{6897CFC8-A100-40C3-89E9-EACD49CE56DC} => pcalua.exe -a C:\Traduzioni\Software\XBench\Setup.Xbench.2.9.488.exe -d C:\Traduzioni\Software\XBench
Task: {B931D3CC-3CE4-4199-8333-93E571ABB5C4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {C4D4B0B4-8D7D-450E-B707-7FE622279209} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-18 11:44 - 2011-01-18 10:33 - 00182560 _____ () C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2015-03-02 15:43 - 2015-03-02 15:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-07-18 15:04 - 2014-07-18 15:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-11-07 17:53 - 2014-10-20 16:56 - 00240680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2014-11-07 17:53 - 2014-10-14 09:42 - 00098824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-11-07 17:53 - 2014-10-14 09:41 - 00031240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2014-11-07 17:53 - 2014-10-14 10:01 - 01296392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2014-11-07 17:53 - 2014-10-14 10:19 - 00060936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2014-11-07 17:53 - 2014-10-14 09:42 - 00017416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2014-11-07 17:53 - 2014-10-14 10:13 - 00088584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-11-07 17:53 - 2014-10-14 09:36 - 00107528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-11-07 17:53 - 2014-10-14 10:02 - 00075784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2014-11-07 17:53 - 2014-10-14 09:44 - 00030216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-11-07 17:53 - 2014-10-14 10:05 - 00068104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2014-11-07 17:53 - 2014-10-14 09:55 - 00158216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2014-11-07 17:53 - 2014-10-14 09:45 - 00275976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2014-11-07 17:53 - 2014-10-14 09:40 - 00072200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2014-11-07 17:53 - 2014-10-14 10:17 - 00139784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2014-11-07 17:53 - 2014-10-14 09:39 - 00037384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2014-11-07 17:53 - 2014-10-20 16:46 - 00743976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-11-07 17:53 - 2014-10-14 09:46 - 00193032 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-11-07 17:53 - 2014-10-14 09:37 - 00255496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-11-07 17:53 - 2014-10-14 09:47 - 00145928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2014-11-07 17:53 - 2014-10-14 09:50 - 00076808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2014-11-07 17:53 - 2014-10-14 10:08 - 00207880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2014-11-07 17:53 - 2014-10-14 09:54 - 00024584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2014-11-07 17:53 - 2014-10-14 09:42 - 00020488 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2014-11-07 17:53 - 2014-10-14 09:47 - 00032264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-11-07 17:53 - 2014-10-14 10:14 - 00034824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-11-07 17:53 - 2014-10-14 10:10 - 00064008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2014-11-07 17:53 - 2014-10-14 09:36 - 00022536 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2014-11-07 17:53 - 2014-10-14 10:06 - 00115720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2014-11-07 17:53 - 2014-10-14 09:46 - 00194056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-11-07 17:53 - 2014-10-14 09:41 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-11-07 17:53 - 2014-10-14 09:36 - 00037896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-11-07 17:53 - 2014-10-14 10:18 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2014-11-07 17:53 - 2014-10-14 09:37 - 00019976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-11-07 17:53 - 2014-10-14 10:12 - 00043016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2014-11-07 17:53 - 2014-10-14 10:12 - 00096776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-18 15:04 - 2014-07-18 15:03 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-11-07 17:53 - 2014-10-14 10:11 - 00223752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-03 19:06 - 2014-12-03 19:06 - 02897304 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-12-03 19:07 - 2014-12-03 19:07 - 01432064 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\it_IT\PDFMaker\AdobePDFMakerX.ITA
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-03-11 15:29 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-11 15:29 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2014-11-10 17:46 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-11-10 17:46 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Jacopo-Perenchio\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacopo-Perenchio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: Babylon Client => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Jacopo-Perenchio\AppData\Local\Apps\2.0\AT5ZJE5Z.TDP\L0K1C1EY.4W0\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1679795485-2240383637-3727778220-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1679795485-2240383637-3727778220-1004 - Limited - Enabled)
Guest (S-1-5-21-1679795485-2240383637-3727778220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1679795485-2240383637-3727778220-1002 - Limited - Enabled)
Jacopo-Perenchio (S-1-5-21-1679795485-2240383637-3727778220-1000 - Administrator - Enabled) => C:\Users\Jacopo-Perenchio
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2015 09:32:47 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Impossibile accedere al file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat per uno dei motivi seguenti: 
Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver
di archiviazione installati nel computer oppure il disco è assente.
Il programma Processo host per servizi di Windows è stato chiuso a causa dell'errore.
 
Programma: Processo host per servizi di Windows
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
 
Il valore dell'errore è indicato nella sezione Dati aggiuntivi.
Azione utente
1. Aprire nuovamente il file.
Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.
2.
Se il file risulta comunque non accessibile e:
- Si trova in rete,
è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.
- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.
3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.
4. Se il problema persiste, ripristinare il file da una copia di backup.
5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware
del computer per ottenere assistenza.
 
Dati aggiuntivi
Valore errore: C0000185
Tipo disco: 3
 
Error: (03/19/2015 09:32:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc, versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1
Nome del modulo che ha generato l'errore: bcryptprimitives.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7c4f0
Codice eccezione: 0xc0000006
Offset errore 0x00000000000080bf
ID processo che ha generato l'errore: 0xa20
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe_CryptSvc0
Percorso dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc1
Percorso del modulo che ha generato l'errore: svchost.exe_CryptSvc2
ID segnalazione: svchost.exe_CryptSvc3
 
Error: (03/19/2015 09:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/19/2015 09:27:16 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Impossibile accedere al file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat per uno dei motivi seguenti: 
Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver
di archiviazione installati nel computer oppure il disco è assente.
Il programma Processo host per servizi di Windows è stato chiuso a causa dell'errore.
 
Programma: Processo host per servizi di Windows
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
 
Il valore dell'errore è indicato nella sezione Dati aggiuntivi.
Azione utente
1. Aprire nuovamente il file.
Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.
2.
Se il file risulta comunque non accessibile e:
- Si trova in rete,
è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.
- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.
3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.
4. Se il problema persiste, ripristinare il file da una copia di backup.
5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware
del computer per ottenere assistenza.
 
Dati aggiuntivi
Valore errore: C0000185
Tipo disco: 3
 
Error: (03/19/2015 09:27:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc, versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1
Nome del modulo che ha generato l'errore: bcryptprimitives.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7c4f0
Codice eccezione: 0xc0000006
Offset errore 0x00000000000080bf
ID processo che ha generato l'errore: 0x330
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe_CryptSvc0
Percorso dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc1
Percorso del modulo che ha generato l'errore: svchost.exe_CryptSvc2
ID segnalazione: svchost.exe_CryptSvc3
 
Error: (03/19/2015 09:26:46 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Impossibile accedere al file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat per uno dei motivi seguenti: 
Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver
di archiviazione installati nel computer oppure il disco è assente.
Il programma Processo host per servizi di Windows è stato chiuso a causa dell'errore.
 
Programma: Processo host per servizi di Windows
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
 
Il valore dell'errore è indicato nella sezione Dati aggiuntivi.
Azione utente
1. Aprire nuovamente il file.
Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.
2.
Se il file risulta comunque non accessibile e:
- Si trova in rete,
è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.
- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.
3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.
4. Se il problema persiste, ripristinare il file da una copia di backup.
5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware
del computer per ottenere assistenza.
 
Dati aggiuntivi
Valore errore: C0000185
Tipo disco: 3
 
Error: (03/19/2015 09:26:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc, versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1
Nome del modulo che ha generato l'errore: bcryptprimitives.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7c4f0
Codice eccezione: 0xc0000006
Offset errore 0x00000000000080bf
ID processo che ha generato l'errore: 0x17d0
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe_CryptSvc0
Percorso dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc1
Percorso del modulo che ha generato l'errore: svchost.exe_CryptSvc2
ID segnalazione: svchost.exe_CryptSvc3
 
Error: (03/19/2015 09:26:15 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Impossibile accedere al file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat per uno dei motivi seguenti: 
Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver
di archiviazione installati nel computer oppure il disco è assente.
Il programma Processo host per servizi di Windows è stato chiuso a causa dell'errore.
 
Programma: Processo host per servizi di Windows
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
 
Il valore dell'errore è indicato nella sezione Dati aggiuntivi.
Azione utente
1. Aprire nuovamente il file.
Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.
2.
Se il file risulta comunque non accessibile e:
- Si trova in rete,
è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.
- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.
3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.
4. Se il problema persiste, ripristinare il file da una copia di backup.
5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware
del computer per ottenere assistenza.
 
Dati aggiuntivi
Valore errore: C0000185
Tipo disco: 3
 
Error: (03/19/2015 09:26:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc, versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1
Nome del modulo che ha generato l'errore: bcryptprimitives.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7c4f0
Codice eccezione: 0xc0000006
Offset errore 0x00000000000080bf
ID processo che ha generato l'errore: 0x15dc
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe_CryptSvc0
Percorso dell'applicazione che ha generato l'errore: svchost.exe_CryptSvc1
Percorso del modulo che ha generato l'errore: svchost.exe_CryptSvc2
ID segnalazione: svchost.exe_CryptSvc3
 
Error: (03/19/2015 09:25:38 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Impossibile accedere al file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat per uno dei motivi seguenti: 
Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver
di archiviazione installati nel computer oppure il disco è assente.
Il programma Processo host per servizi di Windows è stato chiuso a causa dell'errore.
 
Programma: Processo host per servizi di Windows
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
 
Il valore dell'errore è indicato nella sezione Dati aggiuntivi.
Azione utente
1. Aprire nuovamente il file.
Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.
2.
Se il file risulta comunque non accessibile e:
- Si trova in rete,
è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.
- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.
3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.
4. Se il problema persiste, ripristinare il file da una copia di backup.
5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware
del computer per ottenere assistenza.
 
Dati aggiuntivi
Valore errore: C0000185
Tipo disco: 3
 
 
System errors:
=============
Error: (03/19/2015 09:32:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Servizi Desktop remoto. Questo evento si è già verificato 3 volta(e).
 
Error: (03/19/2015 09:32:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Workstation. Questo evento si è già verificato 4 volta(e).
 
Error: (03/19/2015 09:32:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Client DNS. Questo evento si è già verificato 6 volta(e).
 
Error: (03/19/2015 09:32:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Servizi di crittografia. Questo evento si è già verificato 7 volta(e).
 
Error: (03/19/2015 09:30:22 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: È stato rilevato un nome duplicato sulla rete TCP. L'indirizzo IP del
computer che ha inviato il messaggio è specificato nei dati. Utilizzare nbtstat -n nella
finestra di comando per identificare il nome nello stato di Conflitto.
 
Error: (03/19/2015 09:30:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort0.
 
Error: (03/19/2015 09:30:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort0.
 
Error: (03/19/2015 09:30:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort0.
 
Error: (03/19/2015 09:30:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort0.
 
Error: (03/19/2015 09:30:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2015 09:32:47 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.catProcesso host per servizi di WindowsC00001853
 
Error: (03/19/2015 09:32:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1bcryptprimitives.dll6.1.7601.175144ce7c4f0c000000600000000000080bfa2001d0621e8354a3faC:\Windows\System32\svchost.exeC:\Windows\system32\bcryptprimitives.dll854e7463-ce12-11e4-8249-180373a9caa4
 
Error: (03/19/2015 09:29:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jacopo-Perenchio\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/19/2015 09:27:16 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.catProcesso host per servizi di WindowsC00001853
 
Error: (03/19/2015 09:27:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1bcryptprimitives.dll6.1.7601.175144ce7c4f0c000000600000000000080bf33001d0621e70ede0bbC:\Windows\system32\svchost.exeC:\Windows\system32\bcryptprimitives.dllbfb18cd3-ce11-11e4-8249-180373a9caa4
 
Error: (03/19/2015 09:26:46 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.catProcesso host per servizi di WindowsC00001853
 
Error: (03/19/2015 09:26:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1bcryptprimitives.dll6.1.7601.175144ce7c4f0c000000600000000000080bf17d001d0621e60a8389cC:\Windows\system32\svchost.exeC:\Windows\system32\bcryptprimitives.dllad864bfc-ce11-11e4-8249-180373a9caa4
 
Error: (03/19/2015 09:26:15 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.catProcesso host per servizi di WindowsC00001853
 
Error: (03/19/2015 09:26:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1bcryptprimitives.dll6.1.7601.175144ce7c4f0c000000600000000000080bf15dc01d0621e4e652a02C:\Windows\system32\svchost.exeC:\Windows\system32\bcryptprimitives.dll9b9b504c-ce11-11e4-8249-180373a9caa4
 
Error: (03/19/2015 09:25:38 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.catProcesso host per servizi di WindowsC00001853
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-19 09:22:10.643
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-19 08:52:03.739
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-19 08:39:50.621
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 17:39:43.845
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 17:29:17.970
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 16:54:04.784
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 16:31:14.306
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 16:18:57.267
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 15:49:11.830
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-03-18 15:20:42.529
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8099.17 MB
Available physical RAM: 5585.52 MB
Total Pagefile: 16196.53 MB
Available Pagefile: 13617.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:277.83 GB) NTFS
Drive z: () (Network) (Total:1828.85 GB) (Free:1339.87 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 546085FE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 March 2015 - 09:49 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   6.13KB   3 downloads

 

Let me know how the computer is running after this fix.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 March 2015 - 10:01 AM

Computer restarted without problems. The unique difference I can notice is the application bar that changed its color.

 

Reading your logs, I've noticed that you moved Babylon. No problem I'll reinstall it another time, but this is a program I use to work as it's some kind of dictionary.

 

Here it is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Jacopo-Perenchio at 2015-03-19 15:51:48 Run:1
Running from C:\Users\Jacopo-Perenchio\Downloads
Loaded Profiles: Jacopo-Perenchio (Available profiles: Jacopo-Perenchio)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} ->  No File
CHR StartupUrls: Default -> "hxxp://www.gazzetta.it/", "hxxp://www.repubblica.it/", "hxxp://www.lastampa.it/sport", "hxxp://it.buyvip.com/", "https://secure.it.vente-privee.com/authentication/login/IT?ReturnUrl=%2fhome%2fit%3fseq%3dSjHEzFmpSS%2bm5d8G5jSgsw%3d%3d&seq=SjHEzFmpSS+m5d8G5jSgsw%3d%3d", "hxxp://it.privalia.com/public/notlogged", "hxxp://www.saldiprivati.com/MySaldiPrivati/Sales/ListSales.aspx", "hxxp://www.showroomprive.it/accueil.aspx", "hxxp://www.gourmant.com/vetrina-offerte.php", "hxxp://www.dalani.it/campaign/", "https://www.facebook.com/", "hxxp://espn.go.com/nba/"
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
2015-03-17 16:36 - 2015-03-19 09:10 - 00000000 ____D () C:\ProgramData\Babylon
2015-03-17 16:36 - 2015-03-17 18:22 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 16:36 - 2015-03-17 16:37 - 00000000 ____D () C:\Users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00001151 _____ () C:\Users\Public\Desktop\Babylon.lnk
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\Program Files\Babylon
2015-03-17 16:36 - 2015-03-17 16:36 - 00000000 ____D () C:\Program Files (x86)\Babylon
2015-03-17 16:35 - 2015-03-17 16:35 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Jacopo-Perenchio\Downloads\Babylon10_setup_ns.exe
emptytemp:
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1679795485-2240383637-3727778220-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8} => Key not found. 
Chrome StartupUrls deleted successfully.
AthBTPort => Service deleted successfully.
BTATH_A2DP => Service deleted successfully.
BTATH_BUS => Service deleted successfully.
BTATH_HCRP => Service deleted successfully.
BTATH_LWFLT => Service deleted successfully.
BTATH_RCP => Service deleted successfully.
BtFilter => Service deleted successfully.
catchme => Service deleted successfully.
cpuz134 => Service deleted successfully.
C:\ProgramData\Babylon => Moved successfully.
 
"C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon" directory move:
 
Could not move "C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon" directory. => Scheduled to move on reboot.
 
C:\Users\Jacopo-Perenchio\AppData\Local\Babylon => Moved successfully.
C:\Users\Public\Desktop\Babylon.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon => Moved successfully.
C:\Program Files\Babylon => Moved successfully.
 
"C:\Program Files (x86)\Babylon" directory move:
 
Could not move "C:\Program Files (x86)\Babylon" directory. => Scheduled to move on reboot.
 
C:\Users\Jacopo-Perenchio\Downloads\Babylon10_setup_ns.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
EmptyTemp: => Removed 2.1 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-19 15:57:00)<=
 
C:\Users\Jacopo-Perenchio\AppData\Roaming\Babylon => Is moved successfully.
C:\Program Files (x86)\Babylon => Is moved successfully.
 
==== End of Fixlog 15:57:00 ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 March 2015 - 10:15 AM

Babalyon is known to come bundled and have malware as a part of it.

 

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 March 2015 - 11:24 AM

Here it is:

 

RogueKiller V10.5.5.0 (x64) [Mar 16 2015] di Adlice Software
Discussione : http://www.adlice.com
 
Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniziato in : Modalità Normale
Utente : Jacopo-Perenchio [Amministratore]
Iniziato da : C:\Users\Jacopo-Perenchio\Downloads\RogueKillerX64.exe
Modalità : Scansione -- Data : 03/19/2015  17:23:49
 
¤¤¤ Processi : 1 ¤¤¤
[Suspicious.Path] ouc.exe(2736) -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[7] -> Eliminato [TermProc]
 
¤¤¤ Registro : 0 ¤¤¤
 
¤¤¤ Attività : 0 ¤¤¤
 
¤¤¤ Archivi : 0 ¤¤¤
 
¤¤¤ Archivio Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤
 
¤¤¤ Web Browser : 0 ¤¤¤
 
¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 10b92d48f52facd93dd0819a903fd86d
[BSP] 465dc26f48cded96404827d5d30b5871 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_03182015_095530.log - RKreport_DEL_03182015_100327.log - RKreport_SCN_03182015_095258.log - RKreport_SCN_03182015_100309.log


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 March 2015 - 12:00 PM

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 March 2015 - 12:36 PM

Here it is Farbar log. MalwareBytes didn't find anything.
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by Jacopo-Perenchio (administrator) on 19-03-2015 at 18:04:05
Running from "C:\Users\Jacopo-Perenchio\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\system32\cryptsvc.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2014-07-11 13:42] - [2014-05-30 07:45] - 0497152 ____A (Microsoft Corporation) FA886682CFC5D36718D3E436AACF10B9
 
C:\Windows\System32\drivers\tdx.sys
[2014-12-15 10:26] - [2014-11-11 02:46] - 0119296 ____A (Microsoft Corporation) 70988118145F5F10EF24720B97F35F65
 
C:\Windows\System32\Drivers\tcpip.sys
[2014-06-11 03:13] - [2014-04-05 03:47] - 1903552 ____A (Microsoft Corporation) 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2014-08-26 10:39] - [2014-05-14 17:23] - 2477536 ____A (Microsoft Corporation) 61FF576450CCC80564B850BC3FB6713A
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2015-02-13 18:15] - [2014-07-07 03:06] - 0187904 ____A (Microsoft Corporation) 19D511CC455C19DE1ADF60E6C39C85B6
 
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 19 March 2015 - 12:59 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 20 March 2015 - 03:52 AM

Here it is:

Tweaking.com - Windows Repair v2.11.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: PTT_JPERENCHIO
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Jacopo-Perenchio
Current Profile SID: S-1-5-21-1679795485-2240383637-3727778220-1000
Current Profile Classes: S-1-5-21-1679795485-2240383637-3727778220-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Jacopo-Perenchio\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 17:11:31
 
Process Count: 80
Commit Total: 3,30 GB
Commit Limit: 15,82 GB
Commit Peak: 5,81 GB
Handle Count: 33892
Kernel Total: 607,90 MB
Kernel Paged: 508,98 MB
Kernel Non Paged: 98,92 MB
System Cache: 4,01 GB
Thread Count: 1113
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,91 GB
Memory Used: 4,09 GB(51,6761%)
Memory Avail.: 3,82 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7,91 GB
Memory Used: 2,61 GB(33,0411%)
Memory Avail.: 5,30 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (20/03/2015 09:05:25)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 12
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (20/03/2015 09:05:27)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under Current User Account
   Done (20/03/2015 09:05:43)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (20/03/2015 09:05:43)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,25 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:08:34)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (20/03/2015 09:08:34)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (20/03/2015 09:09:38)
 
03 - Reset Service Permissions
   Start (20/03/2015 09:09:43)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (20/03/2015 09:09:58)
 
04 - Register System Files
   Start (20/03/2015 09:09:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:10:30)
 
05 - Repair WMI
   Start (20/03/2015 09:10:30)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Avira Desktop Exported.
 
   Exporting AntiSpyware Info...
   Avira Desktop Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (20/03/2015 09:18:15)
 
06 - Repair Windows Firewall
   Start (20/03/2015 09:18:15)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,15 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:18:49)
 
07 - Repair Internet Explorer
   Start (20/03/2015 09:18:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:19:07)
 
08 - Repair MDAC/MS Jet
   Start (20/03/2015 09:19:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:19:32)
 
09 - Repair Hosts File
   Start (20/03/2015 09:19:32)
   Running Repair Under System Account
   Done (20/03/2015 09:19:42)
 
10 - Remove Policies Set By Infections
   Start (20/03/2015 09:19:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:19:45)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (20/03/2015 09:19:45)
   Running Repair Under System Account
   Done (20/03/2015 09:19:46)
 
12 - Repair Icons
   Start (20/03/2015 09:19:46)
   Running Repair Under Current User Account
   Done (20/03/2015 09:19:48)
 
13 - Repair Winsock & DNS Cache
   Start (20/03/2015 09:19:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:20:05)
 
15 - Repair Proxy Settings
   Start (20/03/2015 09:20:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:20:07)
 
17 - Repair Windows Updates
   Start (20/03/2015 09:20:07)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,13 seconds.
 
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (20/03/2015 09:20:33)
 
18 - Repair CD/DVD Missing/Not Working
   Start (20/03/2015 09:20:33)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (20/03/2015 09:20:33)
 
19 - Repair Volume Shadow Copy Service
   Start (20/03/2015 09:20:34)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,12 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:20:54)
 
21 - Repair MSI (Windows Installer)
   Start (20/03/2015 09:20:54)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,15 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:21:05)
 
23.01 - Repair bat Association
   Start (20/03/2015 09:21:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:08)
 
23.02 - Repair cmd Association
   Start (20/03/2015 09:21:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:11)
 
23.03 - Repair com Association
   Start (20/03/2015 09:21:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:13)
 
23.04 - Repair Directory Association
   Start (20/03/2015 09:21:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:15)
 
23.05 - Repair Drive Association
   Start (20/03/2015 09:21:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:17)
 
23.06 - Repair exe Association
   Start (20/03/2015 09:21:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:19)
 
23.07 - Repair Folder Association
   Start (20/03/2015 09:21:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:22)
 
23.08 - Repair inf Association
   Start (20/03/2015 09:21:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:24)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (20/03/2015 09:21:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:26)
 
23.10 - Repair msc Association
   Start (20/03/2015 09:21:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:28)
 
23.11 - Repair reg Association
   Start (20/03/2015 09:21:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:30)
 
23.12 - Repair scr Association
   Start (20/03/2015 09:21:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:33)
 
24 - Repair Windows Safe Mode
   Start (20/03/2015 09:21:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:21:35)
 
25 - Repair Print Spooler
   Start (20/03/2015 09:21:35)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,15 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:21:47)
 
26 - Restore Important Windows Services
   Start (20/03/2015 09:21:47)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0,14 seconds.
 
   Running Repair Under System Account
   Done (20/03/2015 09:21:53)
 
27 - Set Windows Services To Default Startup
   Start (20/03/2015 09:21:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:22:00)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (20/03/2015 09:22:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/03/2015 09:22:02)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (20/03/2015 09:22:02)
   Total Repair Time: 00:16:39
 
 
...YOU MUST RESTART YOUR SYSTEM...


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 20 March 2015 - 11:06 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 22 March 2015 - 03:28 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 22 March 2015 - 04:05 PM

Sorry fireman. This is a work pc, tomorrow morning I ll try if it works, and let you know. In case it s ok, I ll make your donation.

Thanks

Jacopo

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 AM

Posted 22 March 2015 - 04:33 PM

Let me know how its running then we will cleanup our tools we used,


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users