Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect activities in my google account. Am I still infected?


  • Please log in to reply
21 replies to this topic

#1 Gascan

Gascan

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 11:53 AM

Hi.

About a month and a half ago I got infected by a virus called MSIL.Bladabindi when I was installing a (cracked) VPN. I noticed the virus quite soon because google notified me that someone from Turkey tried to access my account (I'm in Italy). Then I looked for the access history and found out that 67.221.255.65 (which I think is a proxy, maybe related to some of my VPN?) tried to access my account, but had been blocked because it's not my usual location. I found out that some program exported my Chrome cookies and maybe sent them somewhere. I was using Kaspersky Internet Security, but it did not notice anything when I downloaded and installed the file and maybe I (stupid) granted the virus internet access through KIS Firewall. Then I ran a scan with Malwarebytes and it found the virus and deleted it. Subsequently I also used Combofix, Microsoft Malware Remover, ADWCleaner, HouseCall, Clamwin and HiJackThis just to be sure everything was ok. Later I got again to the Google access history and the suspect access log was gone along with the above-mentioned IP, but I kept it (in https://security.google.com/settings/security/activity it does not show any access log before 26th of may, but maybe they get deleted after some time. The suspect access happened on 29th of april. It says something like "Access events not available before this date. Below other activities are reported" (such as password change...)). The virus created a registry key which launched it at startup and it was hidden in appdata; after Malwarebytes scan both registry key and files in appdata were gone. Moreover sometimes I got a notify in Chrome asking me if I want to use google.tr instead of google.it (I don't remember if this happened also before I got infected); it's weird because the attacker location was Turkey (.tr is the turkish domain). Today it asked me if I wanted to used google.pk .Sometimes I use a proxy (chrome extension) called Zenmate, but it does not use turkish or pakistan IPs. I did not notice any suspect activity in my PC or in my accounts (actually, when I download stuff and look at the network monitor, the download speed counter raises, but also the upload counter raises; I think it's normal, because I use NetSpeedMonitor to monitor network activity and it shows high upload speed, but when I use Windows Resource Monitor, I don't see a so high upload speed in the Net Tab). Lastly, two times happened that KIS asked me to run or to stop an application that I had not launched at all, and it did not say me the file name; so I read the logs and found out that KIS had asked me if I wanted to run or stop an application heuristically marked as a virus (it was a bitcoin miner: it's marked as a threat but it is not), I don't think this is considerable, but I reported it as it was weird that KIS did not give any information on the file and asked me to run or to stop it like I launched it (though I didn't); maybe it's a Kaspersky bug.

Am I still infected? Is someone using my account? What can I do?

Hope you will understand my twisted english and have the patience to read my long post.

I am on Windows 7, Chrome 35, KIS 2014.

Thank you in advance.



BC AdBot (Login to Remove)

 


#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 12:18 PM

Cracked/hacked software can be embedded with all kinds of viruses, spyware, and other malware. I would remove it at once, if you haven't already. Then resetting your network settings would be a good place to start.



#3 badr0b0t

badr0b0t

  • Members
  • 328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:33 PM

Posted 17 June 2014 - 12:53 PM

Where there is "crack", something is surely about to get broken.

 

If I were you I would back-up all my files and do either image recovery or do system recovery or re-install my Windows. Whatever option is available to you.The only way to get rid of all those unwanted and high-risk registry files is to wipe out the hard drive. Yes it is painful to fix an infected system. You can try and clean it up but you may find yourself working on it the entire week (or a month) before finally getting your system totally cleaned up. Or you can start a recovery/re-installation now and get back to your normal computing life tomorrow.


sig07.gif?psid=1

                                                           (Click sig to enlarge.)                                                    

 


#4 Gascan

Gascan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 01:01 PM

So you think I am still infected? Shouldn't a full system scan find all the threats?



#5 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 01:04 PM

Not necessarily. Boot sector viruses, for one, are very difficult to remove. And your other partitions could be infected (besides C: ) which aren't usually scanned by AV apps unless specified.



#6 badr0b0t

badr0b0t

  • Members
  • 328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:33 PM

Posted 17 June 2014 - 01:06 PM

Finding threats is not the same as removing threats. You can find all the threats. But the question is do you know if you removed them all? What activities do you notice after trying to remove them?


Edited by badr0b0t, 17 June 2014 - 01:17 PM.

sig07.gif?psid=1

                                                           (Click sig to enlarge.)                                                    

 


#7 Gascan

Gascan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 01:29 PM

Like I said, I only noticed that google asked me to use google.tr, the high upload traffic (probably not considerable), KIS asking me to run or stop programs that I have not launched (probably KIS's bug) and the google account event access list not showing all the events (why??). Actually I have another partition for Linux, how can I be sure it's not infected? However, when I do a scan with MBAM it does not find any virus.


Edited by Gascan, 17 June 2014 - 01:30 PM.


#8 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 02:02 PM

I would download FARBAR and scan with it. Post the log.



#9 Gascan

Gascan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 02:17 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Domenico (administrator) on PC-GASCAN on 17-06-2014 21:07:43
Running from C:\Users\Gascan\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(PeerBlock, LLC) C:\Users\Gascan\Desktop\Francesco\Apps\Peerblock\peerblock.exe
(BitTorrent Inc.) C:\Users\Gascan\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PortableApps.com) C:\Users\Gascan\Downloads\SpybotPortable\SpybotPortable.exe
(PortableApps.com) C:\Users\Gascan\Downloads\SpybotPortable\SpybotPortable.exe
(Safer-Networking Ltd.) C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\SDWelcome.exe
(Safer-Networking Ltd.) C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4013744 2013-07-11] (Stardock Corporation)
HKU\S-1-5-21-4104117992-557501133-1923308825-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4104117992-557501133-1923308825-1000\...\Run: [PeerBlock] => C:\Users\Gascan\Desktop\Francesco\Apps\Peerblock\peerblock.exe [2513992 2014-01-15] (PeerBlock, LLC)
HKU\S-1-5-21-4104117992-557501133-1923308825-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4104117992-557501133-1923308825-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
HKU\S-1-5-21-4104117992-557501133-1923308825-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs-x32:  => "" File Not Found
Startup: C:\Users\Gascan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Gascan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6B8E20C0FB3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{12B1B6A2-792D-4293-AC21-860F759CB3C2}: [NameServer]192.168.10.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Vertical Stripe) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfkmahepejjpgmckcdbllhcgfekmhph [2013-11-05]
CHR Extension: (Google Drive) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Turn Off the Lights) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-11-11]
CHR Extension: (YouTube) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2014-04-22]
CHR Extension: (OGame Galaxy Extension) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\clknnoodfglafkilgjcgeikipgjkkaai [2013-12-03]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-25]
CHR Extension: (OGame Debris Fields Finder Extension) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddccmiobomjhcahhjglkakjhcbeagidi [2014-02-10]
CHR Extension: (ZenMate) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-01-20]
CHR Extension: (Traduttore) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbalglmdpafdojpcjceilennblbill [2013-09-29]
CHR Extension: (OGame Auctioneer Assistant) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjpkobjhgiladaphmdgnnfahkgceemg [2013-12-03]
CHR Extension: (AdBlock) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-16]
CHR Extension: (Disattivazione permanente degli annunci personalizzati) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-05-30]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-09-16]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-05-07]
CHR Extension: (Google Keep) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-04-30]
CHR Extension: (SoundCloud Storm) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoeilcjcjpikdpkipepldlbieldbdndb [2013-11-20]
CHR Extension: (Bitly | Unleash the power of the link) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2014-06-06]
CHR Extension: (http://www.dizionario-latino.com/dizionario-l) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhocjlhdeokdhbeagmhnbcejdamdfnn [2013-09-29]
CHR Extension: (OGame: Search players) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdbfpcbhdjgifhimfojnmkboajljfpc [2013-11-29]
CHR Extension: (SoundCloud Downloader - Technowise) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcjjmakgkomlbpiifogealeboknoelei [2013-11-20]
CHR Extension: (Play) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfiflaofdccgcdcafbhmlkkdabnfdmc [2013-09-29]
CHR Extension: (AntiGameOrigin) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2013-12-03]
CHR Extension: (http://www.treccani.it/vocabolario/) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbbmpeomigieipekbpilofnhbpbbjfm [2013-09-29]
CHR Extension: (http://ogame.it/) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgognklmgimjcjnbljppfafipllpjglp [2013-09-29]
CHR Extension: (Estensione Iscrizioni RSS (di Google)) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Maps) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpfmnhhdindgkakopokcphaodhfapfo [2013-09-29]
CHR Extension: (Gmail) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR Extension: (OGame Basic Fleet Dispatcher Extension) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaalmgomellfonmhgklpbgodejcfhfa [2013-12-03]
CHR Extension: (Manipulate DOM) - C:\Users\Gascan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkoclndfekjchbajlhgakjmmjbmeaga [2014-05-15]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-11]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-25] (Kaspersky Lab ZAO)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-06] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-11-16] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [52440 2012-12-26] (Asmedia Technology)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-09] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-25] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net) [File not signed]
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 pbfilter; C:\Users\Gascan\Desktop\Francesco\Apps\Peerblock\pbfilter.sys [22600 2014-01-15] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2013-10-11] (BitDefender S.R.L.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\Gascan\Desktop\Francesco\Utilities\PC Wizard\pcwiz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 rdtsc.sys; \??\C:\Users\Gascan\AppData\Local\Temp\rdtsc.sys [X]
S1 SASDIFSV; \??\C:\Users\Gascan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Gascan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
U2 TMAgent; 

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys 7207923BE77038918C21E9998496368B
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 55A45828A3E81BA82456BAD1A109E3F5
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 6A0E850DDCB136AA3D2FB7234382DF12
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\DRIVERS\iaStorF.sys CE5CD8CBE940965867D507AB8EA2795A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\INETMON.sys 3F2BB021CB280880F8C1B7A6FEF9B447
C:\Windows\System32\drivers\RTKVHD64.sys 4F7CDC44FD0111D2B9B844E73C377661
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ISCTD64.sys 4EE2423C38F43D37F8497A672FD10BDC
C:\Windows\System32\DRIVERS\iusb3hcs.sys 68CF5515B176527523ED379915350AE3
C:\Windows\System32\DRIVERS\iusb3hub.sys EE522B28633D275BFE12EF70F4936E37
C:\Windows\System32\DRIVERS\iusb3xhc.sys 69AB13996A97F8168538F98FB832A86B
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\klflt.sys D0C3AEF67932D2A80736FBCB956C017D
C:\Windows\System32\DRIVERS\klif.sys 41DF293A7F0418F5DDED9F0297DC68F3
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\klkbdflt.sys 8DA5BC75C3E8A995335642F26CAEA54B
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\klpd.sys 8C0EC95AD65A0DE3D6C040591D02BF02
C:\Windows\System32\DRIVERS\kltdi.sys 4828B3D2BC89B05E07101C6E60CE0A6A
C:\Windows\System32\DRIVERS\kneps.sys 91BC1C5B00275A4D7FD669EFF0DDEB2A
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\libusb0.sys 34D6730E198A5B0FCE0790A6B4769EF2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys 65ED1932BCFE5003389D65F6C3EF51C8
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415
C:\Windows\System32\DRIVERS\nvlddmkm.sys 0AC797F70F2F3E5B69A34FF2F63496F3
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 3ABCD8F8853FEB12B961E9A48FC12133
C:\Windows\System32\drivers\nvvad64v.sys 75034A4D7C02327D150B617571D4196A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Users\Gascan\Desktop\Francesco\Apps\Peerblock\pbfilter.sys D1F41F0CED2BDD82148D4E5269EE01B9
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PTSimBus.sys 5103FF107428093B8F2FC2AE42B15CC4
C:\Windows\System32\DRIVERS\PTSimHid.sys CFD91EAB9BF689E33996B339F44BE6EC
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 46596144363B912105F70016F0E2F908
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\Windows\System32\DRIVERS\taphss.sys B70DF208E97536CA9F29289E609F5B16
C:\Windows\System32\DRIVERS\taphss6.sys 188907721847C6EC4E36E82D5D2F12D6
C:\Windows\System32\DRIVERS\TClass2k.sys 72C5F0F62F10B5A0D2A4B0BC9107A50D
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\trufos.sys B66EE1D68197DFB9AA24F961E68ACDCC
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\UCTblHid.sys E3D71AB2D32220068CE2592A086F44C2
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX1000.sys CE6C085771812D5EE863CC7EF93CAEF2
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 9176C0822FAA649E45121875BE32F5D2

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 21:07 - 2014-06-17 21:08 - 00044539 _____ () C:\Users\Gascan\Downloads\FRST.txt
2014-06-17 21:07 - 2014-06-17 21:07 - 00000000 ____D () C:\FRST
2014-06-17 21:04 - 2014-06-17 21:05 - 02081280 _____ (Farbar) C:\Users\Gascan\Downloads\FRST64.exe
2014-06-17 20:49 - 2014-06-17 20:50 - 02347384 _____ (ESET) C:\Users\Gascan\Downloads\esetsmartinstaller_enu.exe
2014-06-17 20:38 - 2014-06-17 20:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-17 20:36 - 2014-06-17 21:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-17 20:36 - 2014-06-17 20:36 - 00000000 ____D () C:\Users\Gascan\Documents\ProcAlyzer Dumps
2014-06-17 20:31 - 2014-06-17 20:32 - 00000000 ____D () C:\Users\Gascan\Downloads\SpybotPortable
2014-06-17 20:08 - 2014-06-17 20:11 - 62096976 _____ (PortableApps.com) C:\Users\Gascan\Downloads\SpybotPortable_2.3.paf.exe
2014-06-17 19:05 - 2014-06-17 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-17 19:03 - 2014-06-17 19:37 - 00000000 ____D () C:\Users\Gascan\Downloads\mbar
2014-06-17 19:02 - 2014-06-17 19:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Gascan\Downloads\mbar-1.07.0.1012.exe
2014-06-16 14:24 - 2014-06-17 10:43 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-06-15 15:04 - 2014-06-15 15:06 - 00000000 ____D () C:\Users\Gascan\Downloads\Il Grande Gatsby - Francis Scott Fitzgerald
2014-06-14 19:35 - 2014-06-15 10:55 - 00000760 _____ () C:\Windows\PFRO.log
2014-06-12 11:53 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 11:53 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 11:53 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 11:53 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 11:53 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 11:53 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 11:53 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 11:53 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 11:53 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 11:53 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 11:53 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 11:53 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 11:53 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 11:53 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 11:53 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 11:53 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 11:53 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 11:53 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 11:53 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 11:53 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 11:53 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 11:53 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 11:53 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 11:53 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 11:53 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 11:53 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 11:53 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 11:53 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 11:53 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 11:53 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 11:53 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 11:53 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 11:53 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 11:53 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 11:53 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 11:53 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 11:53 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 11:53 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 11:53 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 11:53 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 11:53 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 11:53 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 11:53 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 11:53 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 11:53 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 11:53 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 11:53 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 11:53 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 11:53 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 11:53 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 11:53 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 11:53 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 11:39 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 11:39 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 11:38 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 11:38 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 11:38 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 11:38 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 11:38 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 11:38 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 11:38 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 11:38 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 11:38 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 11:38 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 11:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 11:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 11:38 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-10 12:53 - 2014-06-17 11:32 - 00002912 _____ () C:\Windows\setupact.log
2014-06-10 12:53 - 2014-06-10 12:53 - 00589920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-10 12:53 - 2014-06-10 12:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-09 18:03 - 2014-06-09 18:03 - 00121056 _____ () C:\Users\Gascan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 12:50 - 2014-06-08 12:50 - 00001340 _____ () C:\Users\Gascan\Desktop\Skyrim - Legendary Edition.lnk
2014-06-08 12:50 - 2014-06-08 12:50 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\Skyrim - Legendary Edition
2014-06-08 12:50 - 2014-06-08 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-06-08 12:47 - 2014-06-08 12:47 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Skyrim
2014-06-08 12:34 - 2014-06-08 12:34 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-06-07 12:23 - 2014-06-09 17:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-06 16:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 16:14 - 2014-06-06 16:30 - 00000000 ____D () C:\AdwCleaner
2014-06-06 13:47 - 2014-06-06 13:47 - 00000000 ____D () C:\Users\Gascan\Documents\Battlefield 3
2014-06-06 13:46 - 2014-06-06 13:46 - 00000000 ____D () C:\Users\Gascan\AppData\Local\ESN
2014-06-06 13:46 - 2014-06-06 13:46 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-06 13:45 - 2014-06-06 13:45 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-05 16:59 - 2014-06-05 16:59 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-05 16:59 - 2014-06-05 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-04 17:35 - 2014-06-04 17:35 - 00000000 ____D () C:\Users\Gascan\minecraft
2014-06-03 14:51 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-03 14:51 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-03 14:50 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-03 14:50 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-02 20:09 - 2014-06-02 20:10 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 19:40 - 2014-06-02 20:09 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Origin
2014-06-02 19:36 - 2014-06-09 22:20 - 00000000 ____D () C:\ProgramData\Origin
2014-06-02 19:36 - 2014-06-09 19:06 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-02 19:36 - 2014-06-06 13:45 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-02 19:36 - 2014-06-02 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-06-02 13:58 - 2014-06-09 16:29 - 00000000 ____D () C:\Users\Gascan\Downloads\Epics
2014-06-02 12:29 - 2014-06-02 12:29 - 00001076 _____ () C:\Users\Gascan\Desktop\SuperAntiSpyware.lnk
2014-06-01 14:19 - 2014-06-01 14:19 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Adobe
2014-05-31 19:04 - 2014-05-31 19:04 - 00000000 ___SD () C:\ComboFix
2014-05-31 19:00 - 2014-05-31 19:00 - 00001313 _____ () C:\Users\Gascan\Desktop\X-uGet.lnk
2014-05-30 15:41 - 2014-05-30 15:41 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\SUPERAntiSpyware.com
2014-05-30 15:40 - 2014-05-30 15:40 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-30 14:55 - 2014-05-30 14:55 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\TestApp
2014-05-30 14:55 - 2014-05-30 14:55 - 00000000 ____D () C:\ProgramData\PC Tools
2014-05-28 17:26 - 2014-05-28 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-28 17:26 - 2014-05-28 17:27 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\NCH Software
2014-05-28 17:26 - 2014-05-28 17:26 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2014-05-28 17:26 - 2014-05-28 17:26 - 00001122 _____ () C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-28 17:01 - 2014-05-28 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burrrn
2014-05-27 18:21 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-27 18:04 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-27 18:04 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-27 18:04 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-25 11:30 - 2014-05-25 11:44 - 278654954 _____ () C:\Users\Gascan\Downloads\com.sega.twbshogun v1.0.2.zip
2014-05-25 11:28 - 2014-05-25 11:28 - 00774710 _____ () C:\Users\Gascan\Downloads\Total War Battles v1.0.2.apk
2014-05-24 16:36 - 2014-05-24 16:36 - 00003495 _____ () C:\Users\Gascan\Documents\Top 100 Rock Songs Ever.txt
2014-05-21 17:49 - 2014-06-06 14:48 - 00005122 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-GASCAN-Domenico PC-Gascan

==================== One Month Modified Files and Folders =======

2014-06-17 21:08 - 2014-06-17 21:07 - 00044539 _____ () C:\Users\Gascan\Downloads\FRST.txt
2014-06-17 21:08 - 2013-09-11 22:28 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Temp
2014-06-17 21:07 - 2014-06-17 21:07 - 00000000 ____D () C:\FRST
2014-06-17 21:07 - 2014-01-11 15:28 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\NetSpeedMonitor
2014-06-17 21:07 - 2013-09-16 20:11 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\uTorrent
2014-06-17 21:06 - 2014-06-17 20:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-17 21:05 - 2014-06-17 21:04 - 02081280 _____ (Farbar) C:\Users\Gascan\Downloads\FRST64.exe
2014-06-17 21:02 - 2013-09-17 22:10 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\Skype
2014-06-17 20:50 - 2014-06-17 20:49 - 02347384 _____ (ESET) C:\Users\Gascan\Downloads\esetsmartinstaller_enu.exe
2014-06-17 20:43 - 2009-07-14 06:45 - 00031488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 20:43 - 2009-07-14 06:45 - 00031488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 20:39 - 2013-10-09 20:58 - 00001154 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 20:39 - 2013-09-18 15:23 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\AIMP3
2014-06-17 20:38 - 2014-06-17 20:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-17 20:36 - 2014-06-17 20:36 - 00000000 ____D () C:\Users\Gascan\Documents\ProcAlyzer Dumps
2014-06-17 20:32 - 2014-06-17 20:31 - 00000000 ____D () C:\Users\Gascan\Downloads\SpybotPortable
2014-06-17 20:21 - 2013-11-25 15:45 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-17 20:11 - 2014-06-17 20:08 - 62096976 _____ (PortableApps.com) C:\Users\Gascan\Downloads\SpybotPortable_2.3.paf.exe
2014-06-17 19:38 - 2014-06-17 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-17 19:37 - 2014-06-17 19:03 - 00000000 ____D () C:\Users\Gascan\Downloads\mbar
2014-06-17 19:05 - 2014-04-30 22:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 19:05 - 2013-09-22 20:46 - 00007629 _____ () C:\Users\Gascan\AppData\Local\Resmon.ResmonCfg
2014-06-17 19:02 - 2014-06-17 19:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Gascan\Downloads\mbar-1.07.0.1012.exe
2014-06-17 15:10 - 2014-04-29 22:53 - 00000000 ___HD () C:\Users\Gascan\Documents\File di Outlook
2014-06-17 14:45 - 2013-09-18 15:31 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\vlc
2014-06-17 14:39 - 2013-10-09 20:58 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 14:39 - 2013-09-26 14:17 - 01457389 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 11:32 - 2014-06-10 12:53 - 00002912 _____ () C:\Windows\setupact.log
2014-06-17 10:43 - 2014-06-16 14:24 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-06-17 10:42 - 2013-09-11 22:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-17 10:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 15:06 - 2014-06-15 15:04 - 00000000 ____D () C:\Users\Gascan\Downloads\Il Grande Gatsby - Francis Scott Fitzgerald
2014-06-15 15:06 - 2013-11-16 13:18 - 00000000 ____D () C:\Users\Gascan\Documents\Libri
2014-06-15 10:55 - 2014-06-14 19:35 - 00000760 _____ () C:\Windows\PFRO.log
2014-06-13 18:58 - 2014-05-05 22:55 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-12 21:40 - 2014-04-06 21:51 - 03555328 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-06-12 19:51 - 2013-09-16 18:51 - 00000000 ____D () C:\Windows\pss
2014-06-12 19:51 - 2013-09-11 22:28 - 00000000 ___RD () C:\Users\Gascan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-12 19:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 18:16 - 2014-03-25 00:40 - 00000000 ___HD () C:\Users\Gascan\Documents\Gothic3
2014-06-12 12:34 - 2014-04-30 16:00 - 00002330 _____ () C:\Users\Gascan\Desktop\Safe Money.lnk
2014-06-12 12:14 - 2013-09-16 17:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 12:12 - 2013-12-11 00:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 12:12 - 2013-09-29 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-12 12:12 - 2013-09-16 17:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 11:41 - 2014-03-08 16:40 - 00000000 ____D () C:\Users\Gascan\Desktop\Android
2014-06-12 11:38 - 2013-09-17 21:57 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 11:37 - 2013-09-17 22:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-10 12:53 - 2014-06-10 12:53 - 00589920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-10 12:53 - 2014-06-10 12:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-09 22:20 - 2014-06-02 19:36 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 19:12 - 2014-01-16 15:43 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-09 19:12 - 2013-09-24 23:30 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-09 19:12 - 2013-09-24 23:30 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-09 19:06 - 2014-06-02 19:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-09 18:14 - 2013-09-11 22:28 - 00000000 ____D () C:\Users\Gascan
2014-06-09 18:03 - 2014-06-09 18:03 - 00121056 _____ () C:\Users\Gascan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 17:13 - 2014-06-07 12:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 16:29 - 2014-06-02 13:58 - 00000000 ____D () C:\Users\Gascan\Downloads\Epics
2014-06-08 12:50 - 2014-06-08 12:50 - 00001340 _____ () C:\Users\Gascan\Desktop\Skyrim - Legendary Edition.lnk
2014-06-08 12:50 - 2014-06-08 12:50 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\Skyrim - Legendary Edition
2014-06-08 12:50 - 2014-06-08 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-06-08 12:47 - 2014-06-08 12:47 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Skyrim
2014-06-08 12:47 - 2013-11-20 23:33 - 00000000 ____D () C:\Users\Gascan\Documents\My Games
2014-06-08 12:34 - 2014-06-08 12:34 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-06-07 19:11 - 2010-11-21 17:30 - 00747976 _____ () C:\Windows\system32\perfh010.dat
2014-06-07 19:11 - 2010-11-21 17:30 - 00150144 _____ () C:\Windows\system32\perfc010.dat
2014-06-07 19:11 - 2009-07-14 07:13 - 01680566 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 16:38 - 2014-01-29 16:06 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
2014-06-06 16:31 - 2014-04-30 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 16:30 - 2014-06-06 16:14 - 00000000 ____D () C:\AdwCleaner
2014-06-06 16:00 - 2014-04-30 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 16:00 - 2013-10-11 21:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-06 14:48 - 2014-05-21 17:49 - 00005122 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-GASCAN-Domenico PC-Gascan
2014-06-06 13:58 - 2013-09-24 23:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-06 13:47 - 2014-06-06 13:47 - 00000000 ____D () C:\Users\Gascan\Documents\Battlefield 3
2014-06-06 13:47 - 2014-01-16 15:43 - 00000000 ____D () C:\Users\Gascan\AppData\Local\PunkBuster
2014-06-06 13:46 - 2014-06-06 13:46 - 00000000 ____D () C:\Users\Gascan\AppData\Local\ESN
2014-06-06 13:46 - 2014-06-06 13:46 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-06 13:45 - 2014-06-06 13:45 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-06 13:45 - 2014-06-02 19:36 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-05 16:59 - 2014-06-05 16:59 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-05 16:59 - 2014-06-05 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-05 16:59 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-04 17:35 - 2014-06-04 17:35 - 00000000 ____D () C:\Users\Gascan\minecraft
2014-06-03 14:51 - 2013-11-13 15:33 - 00000000 ____D () C:\Users\Gascan\AppData\Local\NVIDIA Corporation
2014-06-03 14:51 - 2013-09-11 22:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-03 14:51 - 2013-09-11 22:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-03 14:50 - 2013-09-11 22:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-02 22:58 - 2013-11-09 14:06 - 00000000 ____D () C:\Users\Gascan\Documents\Scuola
2014-06-02 20:10 - 2014-06-02 20:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 20:09 - 2014-06-02 19:40 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Origin
2014-06-02 20:09 - 2014-02-19 00:10 - 00000000 ___HD () C:\Users\Gascan\AppData\Roaming\Origin
2014-06-02 19:36 - 2014-06-02 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-06-02 12:29 - 2014-06-02 12:29 - 00001076 _____ () C:\Users\Gascan\Desktop\SuperAntiSpyware.lnk
2014-06-01 14:19 - 2014-06-01 14:19 - 00000000 ____D () C:\Users\Gascan\AppData\Local\Adobe
2014-05-31 19:04 - 2014-05-31 19:04 - 00000000 ___SD () C:\ComboFix
2014-05-31 19:04 - 2014-05-05 22:29 - 00000000 ____D () C:\Qoobox
2014-05-31 19:00 - 2014-05-31 19:00 - 00001313 _____ () C:\Users\Gascan\Desktop\X-uGet.lnk
2014-05-30 15:41 - 2014-05-30 15:41 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\SUPERAntiSpyware.com
2014-05-30 15:40 - 2014-05-30 15:40 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-30 14:55 - 2014-05-30 14:55 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\TestApp
2014-05-30 14:55 - 2014-05-30 14:55 - 00000000 ____D () C:\ProgramData\PC Tools
2014-05-30 12:21 - 2014-06-12 11:53 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 11:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 11:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 11:53 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 11:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 11:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 11:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 11:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 11:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 11:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 11:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 11:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 11:53 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 11:53 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 11:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 11:53 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 11:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 11:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 11:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 11:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 11:53 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 11:53 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 11:53 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 11:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 11:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 11:53 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 11:53 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 11:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 11:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 11:53 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 11:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 11:53 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 11:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 11:53 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 11:53 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 11:53 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 11:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 11:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 11:53 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 11:53 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 11:53 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 11:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 11:53 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 11:53 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 11:53 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 11:53 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 11:53 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 11:53 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 11:53 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 11:53 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 11:53 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 01:07 - 2014-06-03 14:51 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-03 14:51 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-10-28 20:17 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-10-28 20:17 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-28 21:50 - 2014-05-28 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burrrn
2014-05-28 17:57 - 2014-05-28 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-28 17:27 - 2014-05-28 17:26 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\NCH Software
2014-05-28 17:26 - 2014-05-28 17:26 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2014-05-28 17:26 - 2014-05-28 17:26 - 00001122 _____ () C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-28 17:26 - 2014-05-28 17:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-28 16:42 - 2013-09-16 19:47 - 00000000 ____D () C:\Users\Gascan\AppData\Roaming\Notepad++
2014-05-28 16:42 - 2013-09-16 19:47 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-27 18:22 - 2013-09-11 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-25 11:44 - 2014-05-25 11:30 - 278654954 _____ () C:\Users\Gascan\Downloads\com.sega.twbshogun v1.0.2.zip
2014-05-25 11:28 - 2014-05-25 11:28 - 00774710 _____ () C:\Users\Gascan\Downloads\Total War Battles v1.0.2.apk
2014-05-24 16:36 - 2014-05-24 16:36 - 00003495 _____ () C:\Users\Gascan\Documents\Top 100 Rock Songs Ever.txt
2014-05-24 01:25 - 2013-10-30 21:08 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-24 01:24 - 2013-09-16 18:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-21 15:10 - 2013-11-09 14:06 - 00000000 ____D () C:\Users\Gascan\Documents\Guide, rapelle
2014-05-20 04:44 - 2014-05-27 18:04 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-27 18:04 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-27 18:04 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-09-11 22:50 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 04:44 - 2013-09-11 22:49 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2013-09-11 22:49 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 03:25 - 2013-09-11 22:51 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2013-09-11 22:51 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2013-09-11 22:51 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2013-09-11 22:51 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2013-09-11 22:51 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2013-09-11 22:51 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-27 18:21 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

Some content of TEMP:
====================
C:\Users\Gascan\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identificatore          {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  it-IT
inherit                 {globalsettings}
default                 {current}
resumeobject            {2686ddba-1b26-11e3-b31a-c552c665a63d}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Caricatore di avvio di Windows
-------------------
identificatore          {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  it-IT
inherit                 {bootloadersettings}
recoverysequence        {2686ddbc-1b26-11e3-b31a-c552c665a63d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {2686ddba-1b26-11e3-b31a-c552c665a63d}
nx                      OptIn

Caricatore di avvio di Windows
-------------------
identificatore          {2686ddbc-1b26-11e3-b31a-c552c665a63d}
device                  ramdisk=[C:]\Recovery\2686ddbc-1b26-11e3-b31a-c552c665a63d\Winre.wim,{2686ddbd-1b26-11e3-b31a-c552c665a63d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\2686ddbc-1b26-11e3-b31a-c552c665a63d\Winre.wim,{2686ddbd-1b26-11e3-b31a-c552c665a63d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Ripresa da modalità di ibernazione
---------------------
identificatore          {2686ddba-1b26-11e3-b31a-c552c665a63d}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  it-IT
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Tester memoria di Windows
---------------------
identificatore          {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Diagnostica memoria Windows
locale                  it-IT
inherit                 {globalsettings}
badmemoryaccess         Yes

Impostazioni Servizi di gestione emergenze
------------
identificatore          {emssettings}
bootems                 Yes

Impostazioni debugger
-----------------
identificatore          {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Problemi RAM
-----------
identificatore          {badmemory}

Impostazioni globali
---------------
identificatore          {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Impostazioni caricatore di avvio
-------------------
identificatore          {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Impostazioni hypervisor
-------------------
identificatore          {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Impostazioni Resume Loader
----------------------
identificatore          {resumeloadersettings}
inherit                 {globalsettings}

Opzioni dispositivo
--------------
identificatore          {2686ddbd-1b26-11e3-b31a-c552c665a63d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\2686ddbc-1b26-11e3-b31a-c552c665a63d\boot.sdi



LastRegBack: 2014-06-08 12:08

==================== End Of Log ============================

Edited by Gascan, 17 June 2014 - 02:19 PM.


#10 badr0b0t

badr0b0t

  • Members
  • 328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:33 PM

Posted 17 June 2014 - 02:28 PM

Your browsers have too many junky extensions. You might wanna uninstall both Chrome and Firefox with Revo uninstaller and start anew.

 

Your Youtube alone have audio lag issues (but this doesn't have anything to do with your original problem). You have that "Pepperflash" thing.


Edited by badr0b0t, 17 June 2014 - 02:35 PM.

sig07.gif?psid=1

                                                           (Click sig to enlarge.)                                                    

 


#11 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 02:30 PM

You have a lot of instances of Chrome open...multiple windows with tabs?

 

You need to clean up your browsers.

 

You have the following Peer-to-Peer program(s) installed:
 
uTorrent
BitTorrent
 
Bleeping Computer does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.
 
Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

 

 

C:\Users\Gascan\AppData\Local\Temp\SkypeSetup.exe <---- Delete this.

 

ooVoo is something I would uninstall.

 

Don't use CCleaner unless you are adept at backing up registry entries. CCleaner can do a lot of damage in the wrong hangs.

 

You have a lot of gaming apps and hacks/crackers/etc. These are prone to viruses and other really nasty things.


Edited by Netghost56, 17 June 2014 - 02:32 PM.


#12 Gascan

Gascan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 05:54 PM

Your browsers have too many junky extensions. You might wanna uninstall both Chrome and Firefox with Revo uninstaller and start anew.

 

Your Youtube alone have audio lag issues (but this doesn't have anything to do with your original problem). You have that "Pepperflash" thing.

I know my chrome extensions and I am sure they are not malicious. If they are all listed here: chrome://extensions/ I know them all as I have installed them consciously. I don't have firefox installed (maybe it's part of the Tor Bundle?), in its program files folder there is only the plugin folder containing "npMeetingJoinPluginOC.dll". Do I really need to reset chrome? For the pepperflash thing I downloaded the Adobe Flash plugin and disabled Pepperflash.

 

You have a lot of instances of Chrome open...multiple windows with tabs?

 

You need to clean up your browsers.

 

You have the following Peer-to-Peer program(s) installed:
 
uTorrent
BitTorrent
 
Bleeping Computer does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.
 
Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

 

 

C:\Users\Gascan\AppData\Local\Temp\SkypeSetup.exe <---- Delete this.

 

ooVoo is something I would uninstall.

 

Don't use CCleaner unless you are adept at backing up registry entries. CCleaner can do a lot of damage in the wrong hangs.

 

You have a lot of gaming apps and hacks/crackers/etc. These are prone to viruses and other really nasty things.

I deleted the skype setup. I don't have oovoo. I know that I have some cracked games and hacks but when I downloaded them I scanned them and downloaded from "secure" sources...

Do you think I am still infected by the above-mentioned virus? What do you think about the issue with my google account?

Here is the content of addiction.txt of the Farbar scan, if needed:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Domenico at 2014-06-17 21:08:14
Running from C:\Users\Gascan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
AirMech (HKLM-x32\...\Steam App 206500) (Version:  - Carbon Games)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version:  - Algoryx)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
C9 (HKLM-x32\...\Steam App 212390) (Version:  - Cloud 9 Studio)
Call of Duty: Ghosts Update 3 (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CINEMA 4D 15.057 (HKLM\...\MAXON12664043) (Version: 15.057 - MAXON Computer GmbH)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD09282B-E878-4C2C-914D-E67475E4729C}) (Version:  - Microsoft)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{29371F0B-FC57-4DF9-A07E-A693E48801E6}) (Version: 1.00.0 - Dreamcatcher)
Groove Machine (HKLM-x32\...\Groove Machine) (Version:  - Image-Line)
Hotfix per Microsoft Visual Basic 2010 Express - ITA (KB2635973) (HKLM-x32\...\{186CCF6D-5BEF-3591-80E3-5300CEBA876E}.KB2635973) (Version: 1 - Microsoft Corporation)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Imperivm Anthology (HKLM-x32\...\Imperivm Anthology) (Version:  - FX Interactive)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Language Pack del Visualizzatore della Guida Microsoft 1.0 - ITA (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - ITA) (Version: 1.0.30319 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Loquendo TTS: Roberto (Italian) (HKLM-x32\...\LoqTTS-Roberto_is1) (Version:  - )
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - ITA (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - ITA (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - ITA) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - ITA (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2013  - Italian/Italiano (HKLM\...\Office15.OMUI.it-it) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office O MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{6B797019-50DA-4109-B1B2-84F6DAC4FB04}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ITA (HKLM-x32\...\{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ITA (HKLM\...\{800AA5F5-DEC2-4E47-8596-E95CFAA69EDC}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{486C1178-0E48-4537-BF2E-B2A35191CAB9}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ITA (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ITA) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ITA (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{ACB6D28B-2D17-314C-9C6C-B597C0A3C15A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ITA (HKLM\...\{128128EA-7894-3A77-ADDF-6369CAB005A9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Word MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft X MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Burning ROM_Nero Express (HKLM-x32\...\Nero Burning ROM_Nero Express) (Version:  - )
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA Driver 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Driver grafico 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pannello di controllo NVIDIA 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.1.29560 - Grinding Gear Games)
Postal 2 Share The Pain (HKLM-x32\...\Postal 2 Share The Pain_is1) (Version:  - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quake  III Team Arena (HKLM-x32\...\Quake III Team Arena) (Version:  - )
Quake III Arena (HKLM-x32\...\Quake III Arena) (Version:  - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.6 - Razer USA Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
reFX Slayer Demo 2.6.0 (HKLM-x32\...\reFX Slayer Demo 2.6.0_is1) (Version:  - )
RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)
Risen 2 Dark Waters (HKLM-x32\...\Risen 2 Dark Waters_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{C9887A84-45ED-4D69-8858-625EB9875F89}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.11 - Stardock Software, Inc.)
State of War (HKLM-x32\...\{26636A45-55C7-11D5-8ED5-0050BF5CB907}) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Hypersonic VSTi DXi v2.0 (HKLM-x32\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version:  - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Telerik JustDecompile Q3 2013 (HKLM-x32\...\{B5DA99F5-3191-458D-B743-6DE10F8061AE}) (Version: 13.3.1029.0 - Telerik AD)
Tomb Raider: (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
TP-LINK TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0016-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0018-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-001B-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-00C1-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9F71CF8-8310-4EFC-869F-47BC0FEE269D}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{91B6AC92-F379-4C78-90FA-CB217C930A4D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{98821750-2C79-4A07-9AE9-D2536FD9491D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.OMUI.it-it_{B386BAA9-7D92-450E-B43E-BD96B01ADEC0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.OMUI.it-it_{F6CE638B-5A06-4EDD-A1FA-BFA827D14071}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F6CE638B-5A06-4EDD-A1FA-BFA827D14071}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.OMUI.it-it_{927B47DF-91B2-4EBF-9B66-43B2C95E41BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{927B47DF-91B2-4EBF-9B66-43B2C95E41BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{7BD6AF81-49D4-482A-8CDD-90B4031627F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E3852353-AB54-4642-B25F-6E9EB106388B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00BA-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00C1-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-00A1-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3F7B995-360E-406A-B74B-5EA682159985}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D3F7B995-360E-406A-B74B-5EA682159985}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition (HKLM\...\{90150000-0018-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{D3F7B995-360E-406A-B74B-5EA682159985}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001A-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001B-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.OMUI.it-it_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{59BEEE71-1A39-11E3-8E5C-F04DA23A5C58}) (Version: 12.0.714 - Sony)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA (HKLM-x32\...\{22F90F2E-1DA2-4801-A58C-FC3D13297749}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 7.0.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.0.0.3 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0869D256-042A-41B1-B448-202E1FC1D0DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-30] ()
Task: {095224A9-C250-493F-B0C0-01C86EE875D2} - System32\Tasks\{E73C8E6C-FACC-4D62-A2AB-B8626A1D7497} => Chrome.exe http://ui.skype.com/ui/0/6.7.0.102/it/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {15346DF4-4720-4A1C-91E1-4DAE3DA1C7C6} - System32\Tasks\{EB5E4C3D-EF48-433A-A235-15F375020CC8} => C:\Program Files (x86)\Star wars Battlefront II\LaunchBFII.exe [2011-04-09] ()
Task: {16E47508-9710-4269-B518-F3068B344E0D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-GASCAN-Domenico PC-Gascan => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {22117822-4986-4167-9844-559645022E0D} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Smart Desktop\Smart.exe
Task: {35BB0CAA-0BF8-4841-8FBB-2198D8677712} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {510E42F4-B99B-4A66-A350-54C874416466} - System32\Tasks\{8234A061-99A1-4276-85BB-481A6142F835} => Chrome.exe 
Task: {57A78FE9-274C-4BB5-B000-B0EC4AC8CB74} - System32\Tasks\{2C2AB5FE-A18D-4D30-86AE-34CA8CE2B66C} => C:\Program Files (x86)\TABLET\PLaunch.exe [2012-02-27] ()
Task: {60A6E840-1A23-4AE8-A4DD-FC552CB97ACC} - System32\Tasks\{FF6C46E3-7B8C-445D-AD5D-7CC22776044C} => Chrome.exe 
Task: {6917603F-0964-4928-BEA3-C29E066CD529} - System32\Tasks\{F0B38FF1-BED6-4EEC-82D2-067E77988C74} => Chrome.exe 
Task: {7CFC4C3A-D1A7-40DB-8255-D5448F97FEE5} - \Origin No Task File <==== ATTENTION
Task: {8AEB8701-A163-472D-BFE2-E08C099050EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9498E86E-54B3-428E-A402-0E093A72DE58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {975B1E21-BA11-4B56-83FB-7D53E223369D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {AD85F80E-5064-469D-AA34-DB2CEE6F54C8} - System32\Tasks\AdobeAAMUpdater-1.0-PC-GASCAN-Domenico => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {B52088CA-E8C6-43FE-A955-51AA4890355C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {BAF0A222-833A-4353-AA24-8A474F7525A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C551D755-F496-47DF-A3AF-6BE4CB67F90A} - System32\Tasks\{631046DB-1A0F-4A55-8C44-6C2B0F3BA193} => C:\Program Files (x86)\Star wars Battlefront II\LaunchBFII.exe [2011-04-09] ()
Task: {C6CFDA60-7F9C-4271-8DEF-42A639746ECF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C93D179B-0E4B-4615-A128-70B53EA6B9E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {D56AB534-54F9-40FE-8649-B112CA8562BE} - \IR5 No Task File <==== ATTENTION
Task: {D9533AD8-D277-4570-9E1B-B302718F587E} - System32\Tasks\{DABD0057-CA18-4E05-90CB-41D0183F8078} => Chrome.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 22:51 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-22 11:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-09-24 23:30 - 2014-06-06 13:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-20 19:33 - 2014-05-20 19:33 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-27 08:58 - 2012-02-27 08:58 - 00301912 _____ () C:\Windows\system32\WinTab32.DLL
2014-06-12 16:43 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 16:43 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 16:43 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 16:43 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 16:43 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-17 20:36 - 2014-06-17 20:36 - 00011264 _____ () C:\Users\Gascan\AppData\Local\Temp\nsu778C.tmp\System.dll
2014-06-17 20:36 - 2014-06-17 20:36 - 00013312 _____ () C:\Users\Gascan\AppData\Local\Temp\nsu778C.tmp\UAC.dll
2014-06-17 20:36 - 2014-06-17 20:36 - 00011264 _____ () C:\Users\Gascan\AppData\Local\Temp\nsu7DF2.tmp\System.dll
2014-06-17 20:36 - 2014-06-17 20:36 - 00013312 _____ () C:\Users\Gascan\AppData\Local\Temp\nsu7DF2.tmp\UAC.dll
2014-06-17 20:36 - 2014-06-17 20:36 - 00029696 _____ () C:\Users\Gascan\AppData\Local\Temp\nsu7DF2.tmp\registry.dll
2014-04-25 20:11 - 2014-04-25 20:11 - 00109400 _____ () C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\snlThirdParty150.bpl
2014-04-25 20:11 - 2014-04-25 20:11 - 00416600 _____ () C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\DEC150.bpl
2014-04-25 20:11 - 2014-04-25 20:11 - 00167768 _____ () C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\snlFileFormats150.bpl
2012-08-23 16:38 - 2012-08-23 16:38 - 00574840 _____ () C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\sqlite3.dll
2014-04-25 20:11 - 2014-04-25 20:11 - 02972112 _____ () C:\Users\Gascan\Downloads\SpybotPortable\App\Spybot\NotificationSpreader.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gascan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Invia a OneNote.lnk => C:\Windows\pss\Invia a OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EPSON S22 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\Windows\TEMP\E_S9D31.tmp" /EF "HKCU"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6C29094761E25996485B66559D64A074 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Keyboard Inf. => C:\Users\Gascan\AppData\Roaming\TP-LINK\msdn.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Sidebar => C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Users\Gascan\Downloads\SuperAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Gascan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WheelMouse => C:\ADVANC~1\wh_exec.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WTClient => WTClient.exe

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/17/2014 08:50:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/17/2014 08:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 07:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 06:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 05:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 04:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 03:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 02:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005

Error: (06/17/2014 01:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Errore di License Activation Scheduler (sppuinotify.dll). Codice di errore:
0x80070005


System errors:
=============
Error: (06/17/2014 11:28:15 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/17/2014 10:45:36 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/17/2014 10:42:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
SASDIFSV
SASKUTIL

Error: (06/16/2014 03:07:32 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/16/2014 02:25:34 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/16/2014 02:22:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
SASDIFSV
SASKUTIL

Error: (06/15/2014 02:31:47 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/15/2014 10:59:49 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (06/15/2014 10:56:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
SASDIFSV
SASKUTIL

Error: (06/14/2014 08:21:34 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}


Microsoft Office Sessions:
=========================
Error: (06/17/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gascan\Downloads\esetsmartinstaller_enu.exe

Error: (06/17/2014 08:50:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gascan\Downloads\esetsmartinstaller_enu.exe

Error: (06/17/2014 08:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 07:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 06:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 05:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 04:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 03:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 02:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (06/17/2014 01:28:15 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


CodeIntegrity Errors:
===================================
  Date: 2014-06-14 16:45:24.317
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-06-14 16:45:24.315
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-06-14 16:45:24.314
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-06-14 16:00:38.287
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-06-14 16:00:38.285
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-06-14 16:00:38.284
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-05-17 14:09:28.877
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-05-17 14:09:28.875
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-05-17 14:09:28.873
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-05-17 13:15:30.710
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 8132.18 MB
Available physical RAM: 4322.89 MB
Total Pagefile: 16262.54 MB
Available Pagefile: 11823.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.65 GB) (Free:131.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 40711F9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=05)

==================== End Of Log ============================ 

Thanks a lot for your help.



#13 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 06:27 PM

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chn qung cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF
Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF
Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

 

 

^^^ Firefox web browser plugins.

 

(Pando Networks) - Pando has a dubious reputation.

 

 

 

I know that I have some cracked games and hacks but when I downloaded them I scanned them and downloaded from "secure" sources...

How certain are you they were secure? In my experience (as an IT tech) hacked/cracked apps are at very high risk of having embedded viruses. And since you are deliberately installing them, this is a way of viruses and spyware to circumvent the UAC security.



#14 Gascan

Gascan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 June 2014 - 06:47 PM

(Pando Networks) - Pando has a dubious reputation.

 

 

 

I know that I have some cracked games and hacks but when I downloaded them I scanned them and downloaded from "secure" sources...

How certain are you they were secure? In my experience (as an IT tech) hacked/cracked apps are at very high risk of having embedded viruses. And since you are deliberately installing them, this is a way of viruses and spyware to circumvent the UAC security.

 

Is it normal that I don't have firefox installed but I have firefox plugins installed?

Pando is part of League of Legends game, I'm quite sure it's not malicious.

For the cracked games I always download from the same site which is rated working and famous, moreover I always read other's reviews on the cracks I download. However I take all these risks only to play the game once or twice, as I get bored after some time playing on almost every game I try, but I won't uninstall them for I think I'll maybe play them again when I'll have more time. And my HDD slowly fills up.

Do you think I am still infected by the above-mentioned virus? What do you think about the issue with my google account?

Thank you for your help.



#15 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:33 PM

Posted 17 June 2014 - 06:56 PM

From: http://en.wikipedia.org/wiki/Pando_Media_Booster

 Pando shut down its servers and ceased business on August 31, 2013. As of February 24, 2014 the Pando Media Booster has been hijacked and unsuspecting persons who install a prompted update have their internet browsers hijacked and a virus called the "Sweet Page" browser virus is installed on their machine.

From: http://www.webutations.info/go/review/pandomediabooster.com#social

TooN_ViP | 2013-12-01 07:00:47

@RevanJB Uninstall 'Pando Media Booster' it auto downloads with LoL and uses like all your bandwidth

 

Not trying to be a jerk- my point is that you can never trust anything on the internet.

 

It's highly suspicious that you have all those FF plugins but no FF installed...you mentioned Tor, I have it but I also have FF so I'm not sure if it's installed FF for you or not. But you do show a C:\Program Files (x86)\Mozilla Firefox\ on your drive.

 

I think you're still infected. With what I don't think is visible at this point. I would recommend posting your log above in a new thread in the Malware Removal Logs forum. I could give you more info but it would hinder the Malware Removal tech's work.

 

Good Luck!


Edited by Netghost56, 17 June 2014 - 06:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users