Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:\windows\system32\Services.exe infected and WUPDATE errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 jackpera

jackpera

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 March 2015 - 12:34 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


BC AdBot (Login to Remove)

 


#2 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 March 2015 - 12:35 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


#3 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 March 2015 - 12:44 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


#4 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 March 2015 - 12:46 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


#5 jackpera

jackpera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 March 2015 - 12:47 PM

Hello, 

 

  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.

 

After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.

 

I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.

 

After running Combofix, here it's the result:

 

ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 15:36 . 2015-03-17 15:37 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files\Babylon
2015-03-17 15:36 . 2015-03-17 15:36 -------- d-----w- c:\program files (x86)\Babylon
2015-03-17 15:36 . 2015-03-17 17:22 -------- d-----w- c:\programdata\Babylon
2015-03-17 10:07 . 2015-03-17 10:07 -------- d-----w- C:\Repair
2015-03-17 09:30 . 2015-03-17 09:54 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Local\LogMeIn Rescue Applet
2015-03-17 08:08 . 2015-03-17 08:08 -------- d-----w- c:\windows\system32\EventProviders
2015-03-16 14:59 . 2015-03-17 09:59 -------- d-----w- c:\windows\system32\catroot2
2015-03-13 14:41 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A51DDD-729C-4EE4-BC32-172D13481F94}\mpengine.dll
2015-03-11 17:43 . 2015-03-13 14:37 -------- d-----w- c:\windows\sdold.old
2015-03-11 15:58 . 2015-03-13 14:37 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-03-11 15:34 . 2015-03-11 15:34 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\users\Jacopo-Perenchio\AppData\Roaming\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\programdata\KSafe
2015-03-11 15:16 . 2015-03-11 15:16 -------- d-----w- c:\program files (x86)\DllTool
2015-03-11 12:16 . 2015-03-11 12:16 -------- d-----w- c:\windows\CheckSur
2015-03-05 20:57 . 2015-03-05 20:57 -------- dc-h--w- c:\programdata\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-02-25 16:22 . 2015-03-17 10:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:22 . 2015-02-25 16:22 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:22 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:22 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:22 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iTunes
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files\iPod
2015-02-24 10:23 . 2015-02-26 00:16 -------- d-----w- c:\program files (x86)\iTunes
2015-02-17 18:36 . 2015-02-17 18:36 3176632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1040\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-16 12:21 . 2014-04-19 08:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 12:21 . 2014-04-19 08:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36 . 2015-01-30 22:36 23760 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36 . 2015-01-30 22:36 23312 ----a-w- c:\windows\system32\drivers\DellProf.sys
2015-01-29 16:49 . 2014-04-18 15:50 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-15 08:14 . 2015-02-13 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-13 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-13 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-13 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-13 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-13 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-13 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-13 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-13 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-13 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-13 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-13 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-13 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-13 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-13 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-13 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-13 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-13 17:15 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-13 17:15 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-13 17:15 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-13 17:15 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-13 17:26 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-13 17:15 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-13 17:15 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-13 17:15 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-13 17:17 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-13 17:17 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-13 17:25 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-13 17:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-13 17:26 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-13 17:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-13 17:26 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-13 17:26 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-13 17:25 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-13 17:26 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-13 17:26 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-13 17:26 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-13 17:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-13 17:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:33 . 2015-02-13 17:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-01-12 02:32 . 2015-02-13 17:26 6041088 ----a-w- c:\windows\system32\jscript9.dll
2015-01-12 02:25 . 2015-02-13 17:26 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-13 17:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-13 17:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-13 17:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-13 17:26 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-13 17:25 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-13 17:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-13 17:26 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-13 17:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-13 17:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-13 17:26 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-13 17:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:55 . 2015-02-13 17:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-01-12 01:48 . 2015-02-13 17:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-13 17:26 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-13 17:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-13 17:26 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-13 17:26 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-13 17:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29 . 2015-02-13 17:26 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-01-12 01:27 . 2015-02-13 17:25 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-13 17:26 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-13 17:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-13 17:26 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-13 17:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-13 17:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-13 17:13 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-13 17:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-13 17:13 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-13 17:13 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-13 17:13 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-13 17:13 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-13 17:13 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-13 17:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-13 17:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-13 17:13 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-13 17:13 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-13 17:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-13 17:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-13 17:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-13 17:11 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 16:46 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 16:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . 5FCF588BBD2358538DB17DD0A0A31813 . 118272 . . [6.1.7601.22865] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_48b848380bfa8bbd\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_483c7a50f2d21ee0\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2014-11-11 . 70988118145F5F10EF24720B97F35F65 . 119296 . . [6.1.7601.18658] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[-] 2015-01-14 . 1E31700D9C9E0FB79999D02A8437482C . 31232 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[-] 2015-01-10 . 55C62F66528A7BF58EA964B70BCB3D96 . 31232 . . [6.1.7601.22920] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[-] 2015-01-10 . C8152B86C0F12E61B0AD5C95751547D3 . 31232 . . [6.1.7601.18714] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[-] 2014-09-19 . B84317193B6A29F5F5DCF538C34FDCED . 31232 . . [6.1.7601.22814] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[-] 2014-09-19 . 341655B216721D89CADE9DEA2F33872F . 31232 . . [6.1.7601.18606] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\erdnt\cache64\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[-] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[-] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2015-01-15 . E0105F3B5B1C4B0F5B3D788A13504EC6 . 31232 . . [6.1.7601.18719] .. c:\windows\system32\lsass.exe
.
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[-] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[-] 2014-07-07 . 63A15BA9875364C4147B226CB70468B3 . 190976 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2014-07-07 . 19D511CC455C19DE1ADF60E6C39C85B6 . 187904 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_f585f9ea37467afd\mshtml.dll
[-] 2014-11-22 . D478A4CF07FB8ADF72FB16B88E8030B8 . 25059840 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll
[-] 2014-11-06 . BBD6A636AAA65D874F3863280CD8373D . 25110016 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_f59addd03736dce1\mshtml.dll
[-] 2014-09-19 . 7415B29AFE2E4494A57358B8C7E78600 . 23631360 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_f5a7f85a372cd9fd\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\erdnt\cache64\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17631] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[-] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[-] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[-] 2014-04-18 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2015-01-12 . CD726C899BD9A398E8420564A957320B . 25056256 . . [11.00.9600.17631] .. c:\windows\system32\mshtml.dll
.
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[-] 2014-11-22 . 4AF089160FE082E5EA5C4AA72782DCA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[-] 2014-11-06 . 6FC2819A4F80AAB2DADEDFC1EFEE3C3F . 2365440 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[-] 2014-09-19 . 9D98D4F390F0B14A782F3B931E613A1A . 2309632 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\erdnt\cache64\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[-] 2014-04-18 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2015-01-12 . 9DFE41A69DF70AAB75CB5BA8C1109EA2 . 2358272 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[-] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[-] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\SysWOW64\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_ffef88226b979edc\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_fffca2ac6b8d9bf8\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\erdnt\cache86\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17631] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[-] 2014-04-18 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\erdnt\cache86\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-04-18 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-25 703736]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2015-01-27 3518832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EaseUS Agent;Servizio EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 NewServiceInstall1;NewServiceInstall1;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng;c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz134;cpuz134;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JACOPO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys;c:\users\JACOPO~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 79369528
*NewlyCreated* - MFE_RR
*Deregistered* - 79369528
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 14:27 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-17 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 15:34]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: dell.com
TCP: Interfaces\{23ECBCFC-9C9C-42C3-885D-72BECD4C7745}: NameServer = 192.168.1.254,193.70.192.25
FF - ProfilePath - c:\users\Jacopo-Perenchio\AppData\Roaming\Mozilla\Firefox\Profiles\oxplugmo.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewServiceInstall1]
"ImagePath"="\"c:\program files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Ora fine scansione: 2015-03-18  09:14:37
ComboFix-quarantined-files.txt  2015-03-18 08:14
ComboFix2.txt  2015-03-17 11:50
ComboFix3.txt  2014-09-12 09:23
ComboFix4.txt  2014-04-17 18:11
ComboFix5.txt  2015-03-17 13:25
.
Pre-Run: 302.793.474.048 byte disponibili
Post-Run: 302.679.068.672 byte disponibili
.
- - End Of File - - EFCD6121B1FFFA0BBC4BC1C9F29DD377
 
 
Any help would be much appreciated.
 
Jacopo


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:31 AM

Posted 18 March 2015 - 01:01 PM

merged and closed multi-posting

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users