Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky Security Scan find "HEUR: Trojan-Downloader.Script.Generic"


  • This topic is locked This topic is locked
3 replies to this topic

#1 Senua89

Senua89

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 05 January 2018 - 08:30 PM

This topic is the continuation of another topic that you find here, it is useless for me to repeat the same information: https://www.bleepingcomputer.com/forums/t/666731/kaspersky-security-scan-finds-a-trojan-that-the-others-antivirus-do-not-report/#entry4411013

In the topic you find my problem, but there are some updates, that I will give you now.

By necessity I had to reconnect the "infected" PC to the internet. After doing so, I re-scanned it again with all the anvirus added to the previous topic and also with Eset Online Scanner and Malwarebytes Anti-Rookit. No one has found anything even Kaspersky Security Scan can not find any virus anymore. However, as requested by a moderator I did a scan with Farbar Recovery Scan Tool, and here are the results:

 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by fdfer (administrator) on DESKTOP-DG73G7R (05-01-2018 22:40:33)
Running from C:\Users\fdfer\Desktop
Loaded Profiles:  fdfer (Available Profiles: fdfer)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atiesrxx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Electronic Arts) D:\Programmi\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel Corporation)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [GalaxyClient] => D:\Programmi\GOG Galaxy\GalaxyClient.exe [5358664 2017-12-13] (GOG.com)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [CCleaner Monitoring] => D:\Programmi\Ccleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [Steam] => D:\Programmi\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [EADM] => D:\Programmi\Origin\Origin.exe [3098920 2017-12-19] (Electronic Arts)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [Spotify Web Helper] => C:\Users\fdfer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-20] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
 
FireFox:
========
FF DefaultProfile: 4yqgjq5o.default
FF ProfilePath: C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Profiles\4yqgjq5o.default [2018-01-05]
FF Homepage: Mozilla\Firefox\Profiles\4yqgjq5o.default -> about:home
FF Extension: (AdBlocker Ultimate) - C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Profiles\4yqgjq5o.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-27] (Google Inc.)
 
Chrome:  
=======
CHR Profile: C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Presentazioni) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-27]
CHR Extension: (Documenti) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-27]
CHR Extension: (Google Drive) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (YouTube) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-27]
CHR Extension: (Fogli) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-27]
CHR Extension: (Google Documenti offline) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-27]
CHR Extension: (Gmail) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atiesrxx.exe [481144 2017-12-10] (AMD)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-11-25] (EasyAntiCheat Ltd)
S3 GalaxyClientService; D:\Programmi\GOG Galaxy\GalaxyClientService.exe [532552 2017-12-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-13] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-11-09] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc.)
S3 MBAMService; D:\Programmi\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; D:\Programmi\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
R2 Origin Web Helper Service; D:\Programmi\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atikmdag.sys [41701752 2017-12-10] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atikmpag.sys [545656 2017-12-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [532456 2016-10-05] (Intel Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-01-04] ()
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc.)
R1 MpKsl11fdf15b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63CAD784-6578-4C47-8BA9-225E41C9302F}\MpKsl11fdf15b.sys [58120 2018-01-05] (Microsoft Corporation)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-04] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-05 22:40 - 2018-01-05 22:40 - 000011342 _____ C:\Users\fdfer\Desktop\FRST.txt
2018-01-05 22:39 - 2018-01-05 22:40 - 000000000 ____D C:\FRST
2018-01-05 22:36 - 2018-01-05 22:36 - 002393088 _____ (Farbar) C:\Users\fdfer\Desktop\FRST64.exe
2018-01-05 18:10 - 2018-01-05 18:10 - 000000978 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\.mono
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\Blizzard Entertainment
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\ProgramData\.mono
2018-01-05 17:45 - 2018-01-05 18:10 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-01-05 17:44 - 2018-01-05 17:44 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2018-01-05 17:43 - 2018-01-05 22:11 - 000000000 ____D C:\Users\fdfer\AppData\Local\Battle.net
2018-01-05 17:43 - 2018-01-05 17:44 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Battle.net
2018-01-05 17:43 - 2018-01-05 17:43 - 000000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
2018-01-05 17:43 - 2018-01-05 17:43 - 000000000 ____D C:\Users\fdfer\AppData\Local\Blizzard Entertainment
2018-01-05 17:43 - 2018-01-05 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-01-05 17:41 - 2018-01-05 17:44 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-01-05 17:40 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\Local\Blizzard
2018-01-05 17:39 - 2018-01-05 17:39 - 003889136 _____ (Blizzard Entertainment) C:\Users\fdfer\Downloads\Battle.net-Setup.exe
2018-01-05 17:39 - 2018-01-05 17:39 - 000000000 ____D C:\ProgramData\Battle.net
2018-01-04 22:19 - 2018-01-05 20:09 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-01-04 22:18 - 2018-01-04 22:19 - 000276422 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_22.18.38_log.txt
2018-01-04 21:51 - 2018-01-04 21:51 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-01-04 21:44 - 2018-01-04 21:44 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4633D61D.sys
2018-01-04 21:42 - 2018-01-04 22:19 - 079691776 _____ C:\Windows\system32\config\SOFTWARE
2018-01-04 19:23 - 2018-01-04 21:42 - 000000000 ____D C:\Users\fdfer\AppData\Local\ESET
2018-01-04 19:17 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-01-04 19:17 - 2018-01-01 13:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-04 19:17 - 2018-01-01 13:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-04 19:17 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2018-01-04 19:17 - 2018-01-01 13:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-04 19:17 - 2018-01-01 13:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-04 19:17 - 2018-01-01 13:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-01-04 19:17 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-01-04 19:17 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bam.sys
2018-01-04 19:17 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-01-04 19:17 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2018-01-04 19:17 - 2018-01-01 13:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-01-04 19:17 - 2018-01-01 13:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-01-04 19:17 - 2018-01-01 13:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-04 19:17 - 2018-01-01 13:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-01-04 19:17 - 2018-01-01 13:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-04 19:17 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-04 19:17 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-04 19:17 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-01-04 19:17 - 2018-01-01 13:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-04 19:17 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-01-04 19:17 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-01-04 19:17 - 2018-01-01 13:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-04 19:17 - 2018-01-01 13:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-04 19:17 - 2018-01-01 13:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-04 19:17 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-04 19:17 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-04 19:17 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-04 19:17 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2018-01-04 19:17 - 2018-01-01 13:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-01-04 19:17 - 2018-01-01 13:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-01-04 19:17 - 2018-01-01 13:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-01-04 19:17 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-01-04 19:17 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2018-01-04 19:17 - 2018-01-01 13:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-01-04 19:17 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-04 19:17 - 2018-01-01 13:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-04 19:17 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2018-01-04 19:17 - 2018-01-01 13:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-01-04 19:17 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-04 19:17 - 2018-01-01 13:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-01-04 19:17 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2018-01-04 19:17 - 2018-01-01 13:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-01-04 19:17 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2018-01-04 19:17 - 2018-01-01 13:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-01-04 19:17 - 2018-01-01 13:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2018-01-04 19:17 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2018-01-04 19:17 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-04 19:17 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-04 19:17 - 2018-01-01 13:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-01-04 19:17 - 2018-01-01 13:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2018-01-04 19:17 - 2018-01-01 13:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-04 19:17 - 2018-01-01 13:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-01-04 19:17 - 2018-01-01 13:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-01-04 19:17 - 2018-01-01 13:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2018-01-04 19:17 - 2018-01-01 13:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-01-04 19:17 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-04 19:17 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-04 19:17 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2018-01-04 19:17 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-01-04 19:17 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-01-04 19:17 - 2018-01-01 13:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-04 19:17 - 2018-01-01 13:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-04 19:17 - 2018-01-01 13:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-04 19:17 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-04 19:17 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-04 19:17 - 2018-01-01 12:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-04 19:17 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-04 19:17 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-04 19:17 - 2018-01-01 12:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-04 19:17 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-04 19:17 - 2018-01-01 12:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-04 19:17 - 2018-01-01 12:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-01-04 19:17 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-04 19:17 - 2018-01-01 12:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2018-01-04 19:17 - 2018-01-01 12:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-01-04 19:17 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\AboutSettingsHandlers.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2018-01-04 19:17 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\convertvhd.exe
2018-01-04 19:17 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2018-01-04 19:17 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2018-01-04 19:17 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-01-04 19:17 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-01-04 19:17 - 2018-01-01 12:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\system32\NaturalAuth.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-04 19:17 - 2018-01-01 12:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-04 19:17 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2018-01-04 19:17 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2018-01-04 19:17 - 2018-01-01 12:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\AppLockerCSP.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-04 19:17 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-04 19:17 - 2018-01-01 12:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-04 19:17 - 2018-01-01 12:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-04 19:17 - 2018-01-01 12:11 - 001955328 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-04 19:17 - 2018-01-01 12:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2018-01-04 19:17 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-04 19:17 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-04 19:17 - 2018-01-01 12:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-04 19:17 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-01-04 19:14 - 2018-01-04 19:14 - 000005166 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_19.14.13_log.txt
2018-01-04 18:52 - 2018-01-04 22:18 - 000333472 _____ C:\Windows\ntbtlog.txt
2018-01-04 18:52 - 2018-01-04 18:52 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7773219E.sys
2018-01-04 18:49 - 2018-01-04 18:49 - 000005286 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.49.13_log.txt
2018-01-04 18:41 - 2018-01-04 18:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\56772343.sys
2018-01-04 18:34 - 2018-01-04 21:50 - 000000000 ____D C:\Users\fdfer\Desktop\mbar
2018-01-04 18:34 - 2018-01-04 21:50 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-04 18:34 - 2018-01-04 21:43 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-01-04 18:34 - 2018-01-04 18:34 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\631174B8.sys
2018-01-04 18:27 - 2018-01-04 18:28 - 000276704 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.27.14_log.txt
2018-01-04 18:26 - 2018-01-04 18:26 - 000005332 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.26.31_log.txt
2018-01-04 18:23 - 2018-01-04 18:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-01-04 18:22 - 2018-01-04 16:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\fdfer\Desktop\mbar-1.10.3.1001.exe
2018-01-04 18:00 - 2018-01-04 18:16 - 000548428 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.00.39_log.txt
2018-01-04 17:59 - 2018-01-04 18:00 - 000005328 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_17.59.53_log.txt
2017-12-30 20:32 - 2017-12-30 20:33 - 000005910 _____ C:\TDSSKiller.3.1.0.15_30.12.2017_20.32.54_log.txt
2017-12-30 20:27 - 2017-12-30 20:31 - 000277892 _____ C:\TDSSKiller.3.1.0.15_30.12.2017_20.27.24_log.txt
2017-12-29 21:14 - 2017-12-29 21:15 - 000279012 _____ C:\TDSSKiller.3.1.0.15_29.12.2017_21.14.15_log.txt
2017-12-29 19:41 - 2017-12-29 19:42 - 000276528 _____ C:\TDSSKiller.3.1.0.15_29.12.2017_19.41.44_log.txt
2017-12-29 14:58 - 2017-12-29 14:59 - 000000000 ____D C:\Users\fdfer\Desktop\Musica
2017-12-29 13:17 - 2017-12-29 15:53 - 000000000 ____D C:\Users\fdfer\Desktop\HitFilm Express 2017 Exports
2017-12-29 11:49 - 2017-12-29 14:11 - 000033844 _____ C:\Users\fdfer\Desktop\Cose.hfp
2017-12-28 21:21 - 2017-12-29 15:59 - 000081735 _____ C:\Users\fdfer\Desktop\Anteprima Slaps and Beans.hfp
2017-12-27 20:48 - 2018-01-05 12:26 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-27 20:48 - 2018-01-05 12:26 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-27 20:47 - 2017-12-28 15:07 - 000000000 ____D C:\Users\fdfer\AppData\Local\Google
2017-12-27 20:47 - 2017-12-27 20:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-27 20:47 - 2017-12-27 20:47 - 000003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-27 20:47 - 2017-12-27 20:47 - 000003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-27 19:57 - 2017-12-28 20:59 - 000000000 ____D C:\Users\fdfer\Desktop\Slaps and Beans
2017-12-27 13:10 - 2017-12-28 20:58 - 000000000 ____D C:\Users\fdfer\Desktop\Registrazioni
2017-12-26 15:34 - 2017-12-26 15:34 - 000469952 _____ C:\TDSSKiller.3.1.0.15_26.12.2017_15.34.23_log.txt
2017-12-26 12:34 - 2017-12-26 12:35 - 000820960 _____ C:\TDSSKiller.3.1.0.15_26.12.2017_12.34.19_log.txt
2017-12-26 11:48 - 2017-12-26 11:49 - 000000000 ____D C:\Program Files (x86)\Xvid
2017-12-26 11:48 - 2017-12-26 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2017-12-26 11:48 - 2011-05-30 14:42 - 000255488 _____ C:\Windows\system32\xvidvfw.dll
2017-12-26 11:48 - 2011-05-30 14:42 - 000240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-12-26 11:48 - 2011-05-23 10:52 - 000153088 _____ C:\Windows\SysWOW64\xvid.ax
2017-12-26 11:48 - 2011-05-23 08:49 - 000173568 _____ C:\Windows\system32\xvid.ax
2017-12-26 11:48 - 2011-05-23 08:46 - 000645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-12-26 11:48 - 2011-05-23 08:45 - 000696832 _____ C:\Windows\system32\xvidcore.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000122968 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-12-26 10:34 - 2017-12-26 10:34 - 000001359 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Lost Alpha DC.lnk
2017-12-26 10:34 - 2017-12-26 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STALKER Lost Alpha DC
2017-12-26 10:26 - 2017-12-26 10:34 - 000000000 ____D C:\Program Files (x86)\S.T.A.L.K.E.R. - Lost Alpha DC
2017-12-25 23:18 - 2017-12-25 23:18 - 000011570 _____ C:\Users\fdfer\Desktop\Nomi utenti e pass account.odt
2017-12-24 14:06 - 2017-12-28 19:44 - 000020420 _____ C:\Users\fdfer\Desktop\Video Slaps and Beans.odt
2017-12-22 19:32 - 2017-12-22 19:52 - 000015532 _____ C:\Users\fdfer\Desktop\Rece. Fade to Silence.odt
2017-12-21 17:08 - 2017-12-21 17:08 - 000000000 ____D C:\Users\fdfer\Desktop\Ds4 controller
2017-12-21 13:45 - 2017-12-21 13:45 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\TrinityTeam
2017-12-21 13:27 - 2017-12-21 13:27 - 000000212 _____ C:\Users\fdfer\Desktop\Bud Spencer & Terence Hill - Slaps And Beans.url
2017-12-19 20:40 - 2017-12-19 20:40 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\MSLiveStickerWhiteList
2017-12-19 20:40 - 2017-12-19 20:40 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\MSLiveSticker
2017-12-19 16:41 - 2017-12-19 16:41 - 000000768 _____ C:\Users\fdfer\Desktop\MSI Afterburner.lnk
2017-12-19 16:41 - 2017-12-19 16:41 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-12-19 16:41 - 2017-12-19 16:41 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-18 22:20 - 2017-12-18 22:20 - 000000000 ____D C:\Users\fdfer\AppData\Local\WhiteSilence
2017-12-18 21:52 - 2017-12-22 13:05 - 000008870 _____ C:\Users\fdfer\Desktop\Giochi da richiedere.odt
2017-12-18 19:22 - 2017-12-18 19:22 - 000000212 _____ C:\Users\fdfer\Desktop\Fade to Silence.url
2017-12-17 18:20 - 2017-12-17 18:20 - 000274608 _____ C:\TDSSKiller.3.1.0.15_17.12.2017_18.20.41_log.txt
2017-12-17 16:36 - 2017-12-17 16:36 - 004833792 _____ (Geza Kovacs) C:\Users\fdfer\Desktop\unetbootin-windows-657.exe
2017-12-17 00:20 - 2017-12-17 00:20 - 000002849 _____ C:\Users\fdfer\AppData\Local\recently-used.xbel
2017-12-17 00:16 - 2017-12-17 00:17 - 000000000 ____D C:\Users\fdfer\AppData\Local\gtk-2.0
2017-12-17 00:14 - 2017-12-17 00:14 - 000000000 ____D C:\Users\fdfer\.thumbnails
2017-12-16 22:33 - 2017-12-16 22:33 - 000277396 _____ C:\TDSSKiller.3.1.0.15_16.12.2017_22.33.36_log.txt
2017-12-14 16:40 - 2017-12-14 16:40 - 000275480 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_16.40.08_log.txt
2017-12-14 16:30 - 2017-12-14 16:31 - 000275480 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_16.30.43_log.txt
2017-12-14 00:53 - 2018-01-04 21:01 - 000000000 ____D C:\Users\fdfer\Desktop\Ant-virus vari
2017-12-14 00:53 - 2017-12-14 00:54 - 000274266 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_00.53.08_log.txt
2017-12-14 00:05 - 2017-12-29 18:10 - 000000000 ____D C:\Users\fdfer\Desktop\Video finiti
2017-12-14 00:03 - 2017-12-14 00:03 - 000002012 _____ C:\Users\fdfer\Desktop\DaVinci Resolve Project Server.lnk
2017-12-14 00:03 - 2017-12-14 00:03 - 000001992 _____ C:\Users\fdfer\Desktop\Resolve.lnk
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\ProgramData\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Program Files\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2017-12-13 15:21 - 2017-12-13 15:21 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\AMD
2017-12-13 12:28 - 2017-12-13 12:28 - 000274870 _____ C:\TDSSKiller.3.1.0.15_13.12.2017_12.28.24_log.txt
2017-12-13 11:02 - 2017-12-13 11:02 - 000000000 ____D C:\Users\fdfer\AppData\Local\RadeonSettings
2017-12-13 10:58 - 2017-12-13 10:58 - 000003074 _____ C:\Windows\System32\Tasks\StartDVR
2017-12-13 10:58 - 2017-12-13 10:58 - 000000000 ____D C:\Users\fdfer\AppData\Local\AMD
2017-12-13 10:58 - 2017-12-13 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-12-13 10:58 - 2017-12-13 10:58 - 000000000 ____D C:\Program Files (x86)\AMD
2017-12-13 10:57 - 2017-12-13 10:57 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-12-13 10:57 - 2017-12-13 10:57 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-13 10:57 - 2017-11-02 21:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2017-12-13 10:57 - 2017-11-02 21:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-13 10:57 - 2017-11-02 21:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-13 10:57 - 2017-11-02 21:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-13 10:56 - 2017-12-13 10:58 - 000000000 ____D C:\Program Files\AMD
2017-12-13 10:43 - 2017-12-08 07:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2017-12-13 10:43 - 2017-12-08 00:34 - 001925296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-12-13 10:43 - 2017-12-08 00:34 - 001634288 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-12-13 10:43 - 2017-12-08 00:28 - 000710912 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-12-13 10:43 - 2017-12-08 00:28 - 000630752 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2017-12-13 10:43 - 2017-12-08 00:27 - 004504456 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-12-13 10:43 - 2017-12-08 00:26 - 000525208 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2017-12-13 10:43 - 2017-12-08 00:24 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2017-12-13 10:43 - 2017-12-08 00:24 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-12-13 10:43 - 2017-12-08 00:24 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-12-13 10:43 - 2017-12-08 00:22 - 001003104 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-12-13 10:43 - 2017-12-08 00:22 - 000979352 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-12-13 10:43 - 2017-12-08 00:22 - 000137544 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-12-13 10:43 - 2017-12-08 00:16 - 001776272 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-12-13 10:43 - 2017-12-08 00:15 - 000721592 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-12-13 10:43 - 2017-12-08 00:12 - 000401304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2017-12-13 10:43 - 2017-12-07 23:56 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-12-13 10:43 - 2017-12-07 23:55 - 001490328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 10:43 - 2017-12-07 23:55 - 000097144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-12-13 10:43 - 2017-12-07 23:37 - 001145104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-13 10:43 - 2017-12-07 23:36 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-13 10:43 - 2017-12-07 23:33 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-12-13 10:43 - 2017-12-07 23:33 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-13 10:43 - 2017-12-07 23:31 - 001522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-12-13 10:43 - 2017-12-07 23:29 - 000047000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KeyboardFilterShim.dll
2017-12-13 10:43 - 2017-12-07 23:12 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-13 10:43 - 2017-12-07 23:10 - 006466048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-13 10:43 - 2017-12-07 23:10 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 10:43 - 2017-12-07 23:10 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 10:43 - 2017-12-07 23:09 - 001663488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2017-12-13 10:43 - 2017-12-07 23:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2017-12-13 10:43 - 2017-12-07 23:09 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-13 10:43 - 2017-12-07 23:09 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-13 10:43 - 2017-12-07 23:09 - 000136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gamingtcui.dll
2017-12-13 10:43 - 2017-12-07 23:08 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 10:43 - 2017-12-07 23:08 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-13 10:43 - 2017-12-07 23:08 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 10:43 - 2017-12-07 23:07 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\PushToInstall.dll
2017-12-13 10:43 - 2017-12-07 23:07 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 10:43 - 2017-12-07 23:07 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 10:43 - 2017-12-07 23:07 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2017-12-13 10:43 - 2017-12-07 23:06 - 000676352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-12-13 10:43 - 2017-12-07 23:06 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcui.dll
2017-12-13 10:43 - 2017-12-07 23:06 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-12-13 10:43 - 2017-12-07 23:05 - 001670656 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2017-12-13 10:43 - 2017-12-07 23:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-12-13 10:43 - 2017-12-07 23:05 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2017-12-13 10:43 - 2017-12-07 23:04 - 001498112 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2017-12-13 10:43 - 2017-12-07 23:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 10:43 - 2017-12-07 23:03 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-13 10:43 - 2017-12-07 23:03 - 000841728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-12-13 10:43 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2017-12-13 10:43 - 2017-12-07 23:03 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 10:43 - 2017-12-07 23:03 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\hascsp.dll
2017-12-13 10:43 - 2017-12-07 23:02 - 007545344 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-12-13 10:43 - 2017-12-07 23:02 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-12-13 10:43 - 2017-12-07 23:02 - 002117632 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-12-13 10:43 - 2017-12-07 23:02 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2017-12-13 10:43 - 2017-12-07 23:01 - 004592640 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 10:43 - 2017-12-07 23:01 - 001980928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-12-13 10:43 - 2017-12-07 23:01 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2017-12-13 10:43 - 2017-12-07 23:01 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2017-12-13 10:43 - 2017-12-07 23:00 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 10:43 - 2017-12-07 22:59 - 002105856 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-12-13 10:43 - 2017-12-07 22:59 - 001666048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-12-13 10:43 - 2017-12-07 22:59 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2017-12-13 10:43 - 2017-12-07 22:58 - 003478016 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-12-13 10:43 - 2017-12-07 22:58 - 003211776 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-12-13 10:43 - 2017-12-07 22:58 - 001353728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-12-13 10:43 - 2017-12-07 22:56 - 002666496 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-12-13 10:43 - 2017-12-07 22:56 - 001739264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-12-13 10:43 - 2017-12-07 22:54 - 001570816 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-12-11 15:47 - 2017-12-11 15:47 - 000000000 ____D C:\Users\fdfer\Desktop\aaa_data
2017-12-11 15:46 - 2017-12-11 15:46 - 000000000 ____D C:\Users\fdfer\Documents\Audacity
2017-12-10 21:08 - 2017-12-10 21:08 - 000458096 _____ C:\Windows\system32\GameManager64.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000276344 _____ C:\Windows\system32\hsa-thunk64.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000242040 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000179576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000158584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000150392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000135032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000044920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-12-10 21:08 - 2017-12-10 21:08 - 000041848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 001240952 _____ (AMD) C:\Windows\system32\coinst_17.50.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000479608 _____ C:\Windows\system32\dgtrayicon.exe
2017-12-10 21:07 - 2017-12-10 21:07 - 000365944 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000351608 _____ C:\Windows\system32\clinfo.exe
2017-12-10 21:07 - 2017-12-10 21:07 - 000232824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000205688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000157040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000132984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000124280 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000018648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-12-10 21:07 - 2017-12-10 21:07 - 000018648 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 002941304 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 002550128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 001471344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 001064312 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 001064312 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000708976 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-12-10 21:06 - 2017-12-10 21:06 - 000467320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000414064 _____ C:\Windows\system32\atieah64.exe
2017-12-10 21:06 - 2017-12-10 21:06 - 000334200 _____ C:\Windows\SysWOW64\atieah32.exe
2017-12-10 21:06 - 2017-12-10 21:06 - 000153592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000145328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000116592 _____ C:\Windows\system32\atidxx64.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000101240 _____ C:\Windows\SysWOW64\atidxx32.dll
2017-12-10 21:06 - 2017-12-10 21:06 - 000068976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 016043384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 013615992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 000552312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 000172408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 000148344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 000113528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2017-12-10 21:05 - 2017-12-10 21:05 - 000098680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2017-12-10 21:04 - 2017-12-10 21:04 - 000874872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-12-10 21:04 - 2017-12-10 21:04 - 000702840 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-12-10 21:04 - 2017-12-10 21:04 - 000445304 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-12-10 21:04 - 2017-12-10 21:04 - 000382328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-12-10 21:04 - 2017-12-10 21:04 - 000360824 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-12-10 21:02 - 2017-12-10 21:02 - 000121352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-12-10 21:02 - 2017-12-10 21:02 - 000101992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000547768 _____ C:\Windows\system32\amdmiracast.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000185744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000163880 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000130632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000121352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000115544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-12-10 21:01 - 2017-12-10 21:01 - 000101992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-12-10 16:52 - 2017-12-10 16:52 - 000000000 ____D C:\Users\fdfer\AppData\Local\Meltytech
2017-12-10 16:51 - 2017-12-10 16:51 - 000001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2017-12-10 16:50 - 2017-12-10 16:51 - 000000000 ____D C:\Program Files\Shotcut
2017-12-10 16:06 - 2017-12-10 16:06 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2017-12-10 16:06 - 2017-12-10 16:06 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2017-12-10 16:06 - 2017-12-10 16:06 - 000846176 _____ C:\Windows\SysWOW64\atiapfxx.blb
2017-12-10 16:06 - 2017-12-10 16:06 - 000846176 _____ C:\Windows\system32\atiapfxx.blb
2017-12-10 16:06 - 2017-12-10 16:06 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2017-12-10 16:06 - 2017-12-10 16:06 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2017-12-10 16:06 - 2017-12-10 16:06 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2017-12-10 16:06 - 2017-12-10 16:06 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2017-12-10 16:06 - 2017-12-10 16:06 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2017-12-10 16:06 - 2017-12-10 16:06 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2017-12-10 16:06 - 2017-12-10 16:06 - 000121392 _____ C:\Windows\system32\kapp_ci.sbin
2017-12-10 16:06 - 2017-12-10 16:06 - 000117072 _____ C:\Windows\system32\kapp_si.sbin
2017-12-10 16:06 - 2017-12-10 16:06 - 000034501 _____ C:\Windows\system32\AMDKernelEvents.man
2017-12-10 16:06 - 2017-12-10 16:06 - 000000700 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2017-12-10 16:06 - 2017-12-10 16:06 - 000000700 _____ C:\Windows\system32\amd-vulkan64.json
2017-12-09 12:30 - 2017-12-09 12:31 - 000275732 _____ C:\TDSSKiller.3.1.0.15_09.12.2017_12.30.47_log.txt
2017-12-09 12:27 - 2017-12-23 21:24 - 000000000 ____D C:\Users\fdfer\.gimp-2.8
2017-12-09 12:27 - 2017-12-09 12:27 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-12-09 12:27 - 2017-12-09 12:27 - 000000927 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2017-12-09 12:27 - 2017-12-09 12:27 - 000000000 ____D C:\Users\fdfer\AppData\Local\gegl-0.2
2017-12-09 12:27 - 2017-12-09 12:27 - 000000000 ____D C:\Users\fdfer\AppData\Local\fontconfig
2017-12-09 12:27 - 2017-12-09 12:27 - 000000000 ____D C:\Program Files\GIMP 2
2017-12-09 12:20 - 2017-12-09 12:20 - 000001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad - Editor Audio.lnk
2017-12-09 12:20 - 2017-12-09 12:20 - 000001195 _____ C:\Users\Public\Desktop\WavePad - Editor Audio.lnk
2017-12-09 12:20 - 2017-12-09 12:20 - 000000000 ____D C:\ProgramData\NCH Software
2017-12-09 12:20 - 2017-12-09 12:20 - 000000000 ____D C:\Program Files (x86)\NCH Software
2017-12-09 12:13 - 2017-12-09 12:22 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-12-09 12:13 - 2017-12-09 12:16 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\NCH Software
2017-12-08 19:08 - 2017-12-28 20:58 - 000000000 ____D C:\Users\fdfer\Desktop\Registrazioni Radeon Relive
2017-12-08 15:12 - 2017-12-08 15:13 - 000000000 ____D C:\Users\fdfer\Desktop\ddu uninstaller
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Users\fdfer\Documents\FXHOME
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Users\fdfer\AppData\Local\HitFilm Express 2017 Activation
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Users\fdfer\AppData\Local\FXHOME Helper
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Users\fdfer\AppData\Local\FXHOME
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm Express 2017
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\ProgramData\FXHOME
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Program Files\FXHOME
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Program Files\Common Files\OFX
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-12-07 22:50 - 2017-12-07 22:50 - 000000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-12-06 18:26 - 2017-12-06 18:26 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2017-12-06 18:26 - 2017-12-06 18:26 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2017-12-06 18:21 - 2017-12-06 18:21 - 000274534 _____ C:\TDSSKiller.3.1.0.15_06.12.2017_18.21.11_log.txt
2017-12-06 18:19 - 2018-01-05 17:43 - 000000000 ____D C:\Users\fdfer\AppData\Local\CrashDumps
2017-12-06 17:38 - 2018-01-04 22:05 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-06 17:37 - 2017-12-06 17:59 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-06 17:34 - 2017-12-06 17:38 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-06 17:34 - 2017-12-06 17:34 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-06 16:28 - 2017-12-06 16:28 - 000000000 ____D C:\KVRT_Data
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-05 22:40 - 2017-11-16 01:08 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\Mozilla
2018-01-05 22:27 - 2017-11-15 17:37 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Telegram Desktop
2018-01-05 22:21 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-05 21:23 - 2017-11-15 16:52 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-05 19:18 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-05 16:41 - 2017-11-16 09:55 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Origin
2018-01-05 16:41 - 2017-11-16 09:51 - 000000000 ____D C:\ProgramData\Origin
2018-01-05 16:01 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-05 16:01 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-05 15:25 - 2017-11-27 13:45 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\DS4Windows
2018-01-05 13:16 - 2017-11-18 00:20 - 000000787 _____ C:\Users\Public\Desktop\FIFA 18.lnk
2018-01-05 13:06 - 2017-11-16 01:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-05 13:06 - 2017-11-16 01:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-05 13:06 - 2017-11-16 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-05 12:26 - 2017-11-15 16:57 - 003351264 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-05 12:26 - 2017-09-30 15:41 - 001600098 _____ C:\Windows\system32\perfh010.dat
2018-01-05 12:26 - 2017-09-30 15:41 - 000399842 _____ C:\Windows\system32\perfc010.dat
2018-01-04 22:19 - 2017-11-15 16:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-04 22:19 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-01-04 22:05 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF
2018-01-04 21:51 - 2017-12-01 23:49 - 000000000 ____D C:\AdwCleaner
2018-01-04 21:43 - 2017-12-01 13:02 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-04 21:43 - 2017-11-15 17:21 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-04 21:42 - 2017-12-01 01:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2018-01-04 19:22 - 2017-11-15 17:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 19:22 - 2017-11-15 17:00 - 000000000 ___RD C:\Users\fdfer\3D Objects
2018-01-04 19:22 - 2017-11-15 16:52 - 000353408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\system32\F12
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\TextInput
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\oobe
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\migwiz
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-01-04 19:22 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Dism
2018-01-04 19:18 - 2017-09-29 14:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2018-01-04 19:18 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-01-04 19:18 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-04 18:36 - 2017-11-16 00:45 - 000004204 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-01-04 18:34 - 2017-11-16 00:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-04 18:23 - 2017-11-15 17:12 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-04 18:23 - 2017-11-15 17:08 - 000000000 ____D C:\Program Files\Intel
2018-01-04 18:21 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-01 13:07 - 2017-11-15 16:51 - 000397994 __RSH C:\bootmgr
2017-12-31 22:17 - 2017-11-15 16:58 - 000000000 ____D C:\Users\fdfer
2017-12-29 18:59 - 2017-11-16 00:45 - 000000711 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-28 20:45 - 2017-11-16 01:06 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\audacity
2017-12-28 20:06 - 2017-11-16 00:23 - 000000000 ____D C:\Users\fdfer\AppData\Local\Spotify
2017-12-28 19:26 - 2017-11-16 00:21 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Spotify
2017-12-25 18:06 - 2017-11-15 17:00 - 000000000 ____D C:\Users\fdfer\AppData\Local\Packages
2017-12-22 20:08 - 2017-11-25 22:59 - 000799512 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-12-22 12:23 - 2017-11-24 20:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-21 18:36 - 2017-11-18 12:01 - 000000000 ____D C:\Users\fdfer\AppData\Local\ElevatedDiagnostics
2017-12-19 16:42 - 2017-11-16 00:58 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-18 22:20 - 2017-11-16 17:00 - 000000000 ____D C:\Users\fdfer\AppData\Local\UnrealEngine
2017-12-18 22:20 - 2017-11-15 17:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-16 23:25 - 2017-11-15 17:19 - 000000000 ____D C:\Users\fdfer\Desktop\Cose da salvare
2017-12-14 16:56 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\rescache
2017-12-13 11:53 - 2017-11-16 07:22 - 000000000 ____D C:\Users\fdfer\Documents\The Witcher 3
2017-12-13 10:58 - 2017-11-15 17:22 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2017-12-13 10:58 - 2017-11-15 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2017-12-13 10:56 - 2017-11-15 17:19 - 000000000 ____D C:\AMD
2017-12-13 10:45 - 2017-11-15 17:32 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 10:44 - 2017-11-15 17:32 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 10:44 - 2017-11-15 17:31 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-12 10:57 - 2017-11-16 00:26 - 000002233 _____ C:\Users\fdfer\Desktop\Discord.lnk
2017-12-12 10:57 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-12 10:57 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\discord
2017-12-12 10:57 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Local\Discord
2017-12-10 21:08 - 2017-11-02 20:12 - 000555896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-12-10 21:08 - 2017-11-02 20:12 - 000469872 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-12-06 17:50 - 2017-09-29 14:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy
 
==================== Files in the root of some directories =======
 
2017-12-17 00:20 - 2017-12-17 00:20 - 000002849 _____ () C:\Users\fdfer\AppData\Local\recently-used.xbel
2017-12-05 20:38 - 2017-12-05 20:38 - 000007605 _____ () C:\Users\fdfer\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-01-04 19:16 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\Users\fdfer\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-27 20:25
 
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by fdfer (05-01-2018 22:41:00)
Running from C:\Users\fdfer\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-15 15:53:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2320907850-788148171-3382939013-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2320907850-788148171-3382939013-503 - Limited - Disabled)
fdfer (S-1-5-21-2320907850-788148171-3382939013-1001 - Administrator - Enabled) => C:\Users\fdfer
Guest (S-1-5-21-2320907850-788148171-3382939013-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2320907850-788148171-3382939013-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
DaVinci Resolve (HKLM\...\{AF2770A8-6DD9-49B7-A559-B18891759387}) (Version: 14.1.1005 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{107663E0-647E-451E-AFA3-7F71BC42A647}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.50.12617 - Electronic Arts)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitFilm Express 2017 (HKLM\...\{752C4EC4-8031-476E-A3A5-A7023C06AC2C}) (Version: 5.0.7012.39363 - FXHOME)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 it) (HKLM\...\Mozilla Firefox 57.0.4 (x64 it)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
S.T.A.L.K.E.R.: Lost Alpha DC version 1.4005 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha DC_is1) (Version: 1.4005 - dezowave)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Spotify (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
Total War Arena EU (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\TWA.EU.PRODUCTION) (Version:  - Wargaming.net)
Uplay (HKLM-x32\...\Uplay) (Version: 44.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Wargaming.net Game Center) (Version: 17.9.0.6629 - Wargaming.net)
WavePad - Editor Audio (HKLM-x32\...\WavePad) (Version: 7.08 - NCH Software)
Wild West Online version 1.0 (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\{267FF0EF-16E3-4221-AC84-3612233DCCA4}}_is1) (Version: 1.0 - WWO Partners)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext32.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programmi\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programmi\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext32.dll [2017-08-26] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {024DCD8B-5E64-461C-983E-3AEEEF56B539} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-27] (Google Inc.)
Task: {0B2BC3AF-C634-4769-9E4F-6858D62FFD2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {25AE3B4C-91AB-421B-A90D-E191B8813496} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {3C433144-4868-4609-8B7E-1B6858A920D5} - System32\Tasks\CCleanerSkipUAC => D:\Programmi\Ccleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {5D3311D1-0F0F-459E-9217-BA12DAE232C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-27] (Google Inc.)
Task: {5E3097A7-F7C6-43D4-A35F-B9D8FB3CFFE5} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {5F9CE77A-4522-4D30-BCFE-24C9EA97E8C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {E45F1651-A54B-4087-B0F8-D5A2692F0702} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {F383D226-392C-4ACD-9C5E-1B94121FCE50} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {F9E08051-0766-42AE-AD3B-5A4CD401B208} - System32\Tasks\CCleaner Update => D:\Programmi\Ccleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\fdfer\Favorites\Sito download di NCH Software.lnk -> hxxp://www.nch.com.au/it/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-12-01 01:31 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 01:31 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-22 00:55 - 2017-07-22 00:55 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-22 00:55 - 2017-07-22 00:55 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-12-06 16:22 - 2017-12-06 16:23 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-23 10:21 - 2017-12-23 10:22 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-23 10:21 - 2017-12-23 10:22 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-11-16 00:55 - 2017-11-16 00:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 000326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 000404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60644329.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77010168.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60644329.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77010168.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp
DNS Servers: 192.168.1.254 - 62.101.93.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Xvid"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{49C3C909-EFF2-4A6C-8626-BE44F09860F5}] => (Allow) LPort=3935
FirewallRules: [TCP Query User{CAE4AD28-A02E-4109-B6D3-79B3FAA5BA71}C:\users\fdfer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fdfer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6BD15B11-CF42-48E6-B927-040DB668A251}C:\users\fdfer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fdfer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0143C425-EA66-43A8-8AE4-574B76219636}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6AC518CD-3AE7-40D4-96B4-91A659E2DAE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2DF47572-4580-4493-B272-DC61C7A87BA1}] => (Allow) D:\Programmi\Steam\Steam.exe
FirewallRules: [{42E935DC-D782-477A-8B97-40EB6502F2A4}] => (Allow) D:\Programmi\Steam\Steam.exe
FirewallRules: [{C351C8B4-0CBA-4578-BC23-6A1566A23A8B}] => (Allow) D:\Programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA9E77ED-EBBA-4D77-A0AE-B47756C2DB14}] => (Allow) D:\Programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{0A6FA220-15DC-4252-B4C0-0010CBA58818}D:\programmi\wild west online\launcher.exe] => (Block) D:\programmi\wild west online\launcher.exe
FirewallRules: [UDP Query User{A6B2EEA4-9CC3-4AE6-AA10-678BDC462FAB}D:\programmi\wild west online\launcher.exe] => (Block) D:\programmi\wild west online\launcher.exe
FirewallRules: [TCP Query User{6CEF22DC-5C72-434C-A7FC-9D098641AD00}D:\programmi\wild west online\launcher.exe.new.exe] => (Block) D:\programmi\wild west online\launcher.exe.new.exe
FirewallRules: [UDP Query User{825D3C5D-3A3D-4DF0-8D5B-B49F4D85AFDD}D:\programmi\wild west online\launcher.exe.new.exe] => (Block) D:\programmi\wild west online\launcher.exe.new.exe
FirewallRules: [TCP Query User{6A57211F-80E6-4504-8025-21BE554E7268}D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{A529D879-7495-4F47-B777-FC4B39D1B8F0}D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4BBD7639-7C2F-413B-94FA-87EA1EBD8314}D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{78C0B6B6-DE88-4F9D-95F1-5A72BBA8D1C5}D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{AB36FF58-6E35-4053-A20C-90E6E76B3BB2}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{303A2039-557B-4A3E-A7E7-6F2A7A8D9243}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{E1ACC2B8-B4B5-4A49-BD43-83AC0576441F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{79B7BC3E-F2DC-46F7-9E75-B83F8872C3F1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{419F9216-1799-4E95-ACC6-28DD641F811B}C:\origin games\fifa 18\fifa18.exe] => (Allow) C:\origin games\fifa 18\fifa18.exe
FirewallRules: [UDP Query User{47D485F1-CB03-4BD2-AFDE-3131B28118F4}C:\origin games\fifa 18\fifa18.exe] => (Allow) C:\origin games\fifa 18\fifa18.exe
FirewallRules: [{74B1E99D-6167-4F0C-B40A-0D9F2B7DACED}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
FirewallRules: [{41A94721-7B2B-4AE9-A8D5-0C32B0DAFF80}] => (Allow) C:\Steam Games\steamapps\common\SpellForce 3\SF3ClientFinal.exe
FirewallRules: [{23D98364-482E-44AD-B91D-8DA503AB0EAD}] => (Allow) C:\Steam Games\steamapps\common\SpellForce 3\SF3ClientFinal.exe
FirewallRules: [{6D624559-C72C-4365-B515-1B074BE25F07}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{E6305CE4-ABDD-43DA-A3CA-95C9D1D8EB4E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{0A535A2B-4074-4013-95C5-5CC2A04FA255}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe
FirewallRules: [{9EBF2427-4B3A-459D-A75E-1D512CFB15A4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{F817DCDA-A3AA-4B32-9D13-E16B046E7369}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{0DFF897D-D368-49D1-A22B-1B9355F418A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{AD59A068-529D-4BE5-9A84-15781AC17511}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{F15E70D4-0650-449E-8A5D-2929A8E3EABD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe
FirewallRules: [{14CB836E-06C6-42A1-91EB-761F857C9F44}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [TCP Query User{30C0C85C-863A-42D5-B54A-B457BCEBBA1A}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{F2E4A45F-A6E2-4881-8830-7754D648A398}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [TCP Query User{9D63802B-C464-4B96-BBD8-25EF8B2F6047}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [UDP Query User{10A19AAE-3B6E-42B8-917A-72A858A9C84C}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [{E94EC919-A077-43A1-9B87-A37A7615AD6C}] => (Allow) D:\Programmi\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{52632FB1-B929-41C9-963A-B4D6C530B8E5}] => (Allow) D:\Programmi\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{74D2AF81-6742-4A9B-8D14-D93D7B43B191}] => (Allow) C:\Steam Games\steamapps\common\White Silence\WhiteSilence.exe
FirewallRules: [{AE0F2A63-57A1-458C-8C01-112D3FA6FAF2}] => (Allow) C:\Steam Games\steamapps\common\White Silence\WhiteSilence.exe
FirewallRules: [TCP Query User{3D0BB984-0EFB-4603-A087-2A3D066EAA5C}C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe] => (Allow) C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe
FirewallRules: [UDP Query User{014C0F4B-9D3D-4900-8E96-63DA1541E6E8}C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe] => (Allow) C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe
FirewallRules: [{F20C7D3D-AA36-4110-805A-8EE5221E84D3}] => (Allow) C:\Steam Games\steamapps\common\Bud Spencer & Terence Hill - Slaps And Beans\snb.exe
FirewallRules: [{DBF1EDC8-67A2-4D1B-BB40-3143A898D245}] => (Allow) C:\Steam Games\steamapps\common\Bud Spencer & Terence Hill - Slaps And Beans\snb.exe
FirewallRules: [TCP Query User{7A7E4675-85A4-4947-A86D-C34EEA38E2C4}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe
FirewallRules: [UDP Query User{EEF66E70-26D7-4C03-942B-42B86056FEA4}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe
FirewallRules: [{E5EF7752-188B-4B91-8742-D0F37C6CB271}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3CF9ADA5-FF28-4853-A89D-364CD6E05431}] => (Allow) C:\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe
FirewallRules: [{7E172271-B5CE-4608-8EE9-91AD6F7977F1}] => (Allow) C:\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe
FirewallRules: [TCP Query User{FA66006A-52B3-47C0-979A-337569271DD4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D94A163A-624A-4EFA-AE53-00805919146D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
 
==================== Restore Points =========================
 
28-12-2017 21:41:48 Punto di controllo pianificato
04-01-2018 18:19:38 IIF_MSI
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2018 05:43:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Battle.net Helper.exe, versione: 0.0.0.0, timestamp: 0x5a398a62
Nome del modulo che ha generato l'errore: libcef.dll, versione: 3.2623.1435.0, timestamp: 0x591a1a2e
Codice eccezione: 0x80000003
Offset errore 0x0019b129
ID processo che ha generato l'errore: 0x13a4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3864449cb9a4b
Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Battle.net\Battle.net.9679\Battle.net Helper.exe
Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\Battle.net\Battle.net.9679\libcef.dll
ID segnalazione: 62bdadd2-420f-425d-9c6f-00cebe012985
Nome completo pacchetto che ha generato l'errore:  
ID applicazione relativo al pacchetto che ha generato l'errore:
 
Error: (01/05/2018 01:06:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (01/04/2018 10:19:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (01/04/2018 10:19:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (01/04/2018 10:17:02 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
 
Error: (01/04/2018 10:17:01 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Applicazione: wmiprvse.exe
Versione framework: v4.0.30319
Descrizione: l'applicazione ha richiesto la terminazione del processo tramite System.Environment.FailFast(messaggio stringa).
Messaggio: Eccezione imprevista generata dal provider:
 System.Exception: Questo servizio non può essere avviato in modalità provvisoria
 
Questo servizio non può essere avviato in modalità provvisoria
 
   in Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName)
   in Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName)
   in Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList)
   in Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages()
Stack:
   in System.Environment.FailFast(System.String)
   in WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
 
Error: (01/04/2018 09:53:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: hitmanpro_x64.exe, versione: 3.7.20.286, timestamp: 0x58e5ec3b
Nome del modulo che ha generato l'errore: hitmanpro_x64.exe, versione: 3.7.20.286, timestamp: 0x58e5ec3b
Codice eccezione: 0xc0000005
Offset errore 0x00000000002bfb49
ID processo che ha generato l'errore: 0x720
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3859dd30c6168
Percorso dell'applicazione che ha generato l'errore: C:\Users\fdfer\Desktop\Ant-virus vari\hitmanpro_x64.exe
Percorso del modulo che ha generato l'errore: C:\Users\fdfer\Desktop\Ant-virus vari\hitmanpro_x64.exe
ID segnalazione: f705b72d-ab21-4bbc-ac4b-be191f0d8086
Nome completo pacchetto che ha generato l'errore:  
ID applicazione relativo al pacchetto che ha generato l'errore:
 
Error: (01/04/2018 09:43:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (01/04/2018 09:43:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (01/04/2018 07:18:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_15cbcf8893620c09.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_5d79065fa7de350f.manifest.
 
 
System errors:
=============
Error: (01/04/2018 10:19:37 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
 
Error: (01/04/2018 10:19:37 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI1
 
Error: (01/04/2018 10:19:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio dps con gli argomenti "Non disponibile" per eseguire il server  
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/04/2018 10:19:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio dps con gli argomenti "Non disponibile" per eseguire il server  
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/04/2018 10:18:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio WSearch con gli argomenti "Non disponibile" per eseguire il server  
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/04/2018 10:18:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio WSearch con gli argomenti "Non disponibile" per eseguire il server  
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/04/2018 10:18:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio ShellHWDetection con gli argomenti "Non disponibile" per eseguire il server  
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/04/2018 10:16:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio netprofm con gli argomenti "Non disponibile" per eseguire il server  
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (01/04/2018 10:16:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio netprofm con gli argomenti "Non disponibile" per eseguire il server  
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (01/04/2018 10:16:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-DG73G7R)
Description: DCOM: errore "%%1084 = Questo servizio non può essere avviato in modalità provvisoria" durante il tentativo di avvio del servizio netprofm con gli argomenti "Non disponibile" per eseguire il server  
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
CodeIntegrity:
===================================
  Date: 2017-11-16 00:16:15.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume1\Programmi\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info ===========================  
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8124 MB
Available physical RAM: 6180.63 MB
Total Virtual: 14780 MB
Available Virtual: 11457.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:224.92 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:930.63 GB) (Free:883.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00070789)
Partition 1: (Active) - (Size=930.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3E74AE8F)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 


Edited by Senua89, 05 January 2018 - 08:58 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 06 January 2018 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I can confirm that both of your logs are clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#3 Senua89

Senua89
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 08 January 2018 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I can confirm that both of your logs are clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

Thank you so much for answering me. I have not noticed any problems in the PC, so I think it was a false positive. Thanks again.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 08 January 2018 - 01:29 PM

Hi,

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users