RISOLTO Malware Cadavers!

[LupoVelenos]

Salve a tutti ieri provando ad utilizzare un loader sono incappato in questo malware che non riesco a rimuovere!
Il malware probabilmente cerca di aprire qualche tipo di ads che però è bloccata dagli antivirus!

Per provare a risolvere il problema ho già scansionato con Malwarebytes, avast e roguekiller senza ottenere dei risultati!
Qualcuno può consigliarmi su come procedere ! Grazie per l'attenzione !

 

[.MaxTechnology]

Salve a tutti ieri provando ad utilizzare un loader sono incappato in questo malware che non riesco a rimuovere! Visualizza allegato 286191Visualizza allegato 286192
Il malware probabilmente cerca di aprire qualche tipo di ads che però è bloccata dagli antivirus!
Visualizza allegato 286193
Per provare a risolvere il problema ho già scansionato con Malwarebytes, avast e roguekiller senza ottenere dei risultati!
Qualcuno può consigliarmi su come procedere ! Grazie per l'attenzione !

Ciao Scarica FRST, e pubblica i suoi logs ovvero Addition.txt & FRST.txt

Grazie.

Max

 

[LupoVelenos]

Ciao Scarica FRST, e pubblica i suoi logs ovvero Addition.txt & FRST.txt

Grazie.

Max

Spoiler: FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peppe (administrator) on ADMINISTRATOR (01-04-2018 17:22:36)
Running from C:\Users\Peppe\Downloads
Loaded Profiles: Peppe & Administrator (Available Profiles: Peppe & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Mouse\Amoumain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Discord Inc.) C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\Discord.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
() C:\Program Files\YoloMouse\YoloMouse.exe
(Spotify Ltd) C:\Users\Peppe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(M-Audio) C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Discord Inc.) C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\Discord.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Discord Inc.) C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\Discord.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Users\Peppe\AppData\Local\Cadavers.exe
() C:\Users\Peppe\AppData\Local\Cadavers.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-04-01] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1008832 2018-03-10] (SoundSwitch)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0ab1aa23-1432-11e5-ac98-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0c848b72-d75e-11e7-98ea-00ac31a303cd} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {3ae279b5-f628-11e4-9c0a-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {58ce6838-f2d4-11e7-8e9d-00ac31a303cd} - H:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {9c599feb-1b35-11e5-90f3-10c37b50a90d} - G:\stp-fifa18.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {beab5097-c1bc-11e7-8195-00ac31a303cd} - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {e1a26777-41b7-11e5-aca0-10c37b50a90d} - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {f8d5210f-cc95-11e7-aed9-00ac31a303cd} - G:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-500\...\MountPoints2: {ef14e612-4896-11e4-992e-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-03-31]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKU\S-1-5-21-2921988991-613299845-3104574246-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-2921988991-613299845-3104574246-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.it
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-01] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-12-14] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: s1qci7f5.default
FF ProfilePath: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default [2018-04-01]
FF user.js: detected! => C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\s1qci7f5.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF NewTab: Mozilla\Firefox\Profiles\s1qci7f5.default -> about:newtab
FF Extension: (System Table) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Extension: (Avast SafePrice) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\sp@avast.com.xpi [2017-08-15]
FF Extension: (Avast Online Security) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\wrc@avast.com.xpi [2018-02-07]
FF SearchPlugin: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\searchplugins\google-avast.xml [2016-09-17]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-12-22] (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-12-14] (Perfect World Entertainment Inc)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2921988991-613299845-3104574246-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peppe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://ibfhiehdjpogpbdcicjnphklppinghjj/index.html"
CHR Profile: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Presentazioni) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2000-01-01]
CHR Extension: (Google Drive) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-22]
CHR Extension: (Google Search) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Fogli) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2000-01-01]
CHR Extension: (Google Documenti offline) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Speed Dial 3™(APP)) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfhiehdjpogpbdcicjnphklppinghjj [2015-06-11]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speechnotes - Dettatura Notepad) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekipbefdbacebgkjjdgoiofdbhocok [2018-01-13]
CHR Extension: (Gmail) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Teddy Protection Lite) - C:\Users\Peppe\AppData\Roaming\Opera Software\Opera Stable\Extensions\nojkagbjbhgnilkopgljfkhddmdjcjfn [2017-03-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-09] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-12-14] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-04-01] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-04-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-15] ()
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68832 2015-03-30] (Grass Valley K.K.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-20] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MTrack2X2MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe [595032 2016-12-13] (M-Audio)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-25] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-03-07] (Power Admin LLC)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-07-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-07-31] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsaudio; C:\Windows\SysWOW64\wsaudio.dll [1072128 2015-07-22] () [File not signed]
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-04-01] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-01] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-01] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-01] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-04-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-01] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-01] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-01] (AVAST Software)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-05] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
S3 maxjoypad; C:\Windows\System32\DRIVERS\maxjoypad.sys [18880 2016-08-05] (Windows (R) Win 7 DDK provider)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2000-01-01] (Intel Corporation)
S3 MTRACK2X2M; C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys [569432 2016-12-13] (M-Audio)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [38432 2017-07-24] (SoftEther Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125520 2015-10-02] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-08-22] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R2 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [270608 2018-01-24] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 17:22 - 2018-04-01 17:23 - 000031787 _____ C:\Users\Peppe\Downloads\FRST.txt
2018-04-01 17:22 - 2018-04-01 17:22 - 002403328 _____ (Farbar) C:\Users\Peppe\Downloads\FRST64.exe
2018-04-01 17:22 - 2018-04-01 17:22 - 000000000 ____D C:\FRST
2018-04-01 17:06 - 2018-04-01 17:06 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\adwcleaner_7.0.8.0.exe
2018-04-01 16:57 - 2018-04-01 16:59 - 000000000 ____D C:\Program Files (x86)\Startup Optimizer
2018-04-01 16:57 - 2018-04-01 16:57 - 001147120 _____ (Cyberlion Solutions Inc. ) C:\Users\Peppe\Downloads\StartOpt.exe
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Peppe\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Administrator\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer
2018-04-01 16:48 - 2018-04-01 16:48 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashReportClient
2018-04-01 05:59 - 2018-04-01 12:19 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-01 05:57 - 2018-04-01 14:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-01 05:52 - 2018-04-01 05:56 - 036513656 _____ (Adlice Software ) C:\Users\Peppe\Downloads\RogueKiller_setup (1).exe
2018-04-01 05:50 - 2018-04-01 12:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\36659E07.sys
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\Users\Peppe\Desktop\mbar
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-01 05:49 - 2018-04-01 12:26 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-01 05:49 - 2018-04-01 05:49 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Peppe\Downloads\mbar-1.10.3.1001.exe
2018-04-01 05:48 - 2018-04-01 05:48 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\AdwCleaner.exe
2018-04-01 05:36 - 2018-04-01 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000448512 _____ (OldTimer Tools) C:\Users\Peppe\Downloads\TFC.exe
2018-04-01 05:36 - 2018-04-01 05:36 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-01 05:36 - 2018-04-01 05:36 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-01 05:36 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-01 05:35 - 2018-04-01 05:35 - 071942408 _____ (Malwarebytes ) C:\Users\Peppe\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-01 05:25 - 2018-04-01 05:25 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 04:57 - 2018-04-01 04:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-01 04:26 - 2018-04-01 04:26 - 001768136 _____ C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip
2018-04-01 03:13 - 2018-04-01 03:13 - 000000909 ____R C:\Windows\system32\Drivers\etc\hosts.20180401-031326.backup
2018-04-01 02:27 - 2018-04-01 06:25 - 000000000 ____D C:\Program Files (x86)\magna
2018-04-01 02:27 - 2018-04-01 03:22 - 000000000 ___HD C:\Program Files (x86)\Coston
2018-04-01 02:27 - 2018-04-01 02:45 - 000000000 ____D C:\ProgramData\e1604ea055
2018-04-01 02:27 - 2018-04-01 02:43 - 000000000 ____D C:\Program Files (x86)\hennigan
2018-04-01 02:27 - 2018-04-01 02:27 - 000003946 _____ C:\Windows\System32\Tasks\reinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003908 _____ C:\Windows\System32\Tasks\manhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003884 _____ C:\Windows\System32\Tasks\pettersson
2018-04-01 02:27 - 2018-04-01 02:27 - 000003794 _____ C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003756 _____ C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003732 _____ C:\Windows\System32\Tasks\Sapetterssonpettersson
2018-04-01 02:27 - 2018-04-01 02:27 - 000000012 _____ C:\Windows\b81125234
2018-04-01 02:27 - 2018-04-01 02:27 - 000000000 ___HD C:\Program Files (x86)\testimonial
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2018-04-01 02:00 - 2018-04-01 02:00 - 058809515 _____ C:\Users\Peppe\Downloads\Microsoft Toolkit 2.6.3 Official Torrent.zip
2018-04-01 01:48 - 2018-04-01 01:48 - 002860771 _____ C:\Users\Peppe\Downloads\Windows_7_Loader.zip
2018-04-01 01:46 - 2018-04-01 01:46 - 000000134 _____ C:\Windows\wininit.ini
2018-04-01 01:44 - 2018-04-01 01:45 - 001797188 _____ C:\Users\Peppe\Downloads\Removewat 2.2.7 pass 123456 (1).rar
2018-04-01 01:10 - 2018-04-01 01:10 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-04-01 00:41 - 2018-04-01 00:41 - 000137728 _____ C:\Windows\inventors.exe
2018-03-31 23:23 - 2018-03-31 23:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-31 23:20 - 2018-03-31 23:20 - 015333512 _____ (Piriform Ltd) C:\Users\Peppe\Downloads\ccsetup541 (1).exe
2018-03-31 22:47 - 2018-03-31 22:52 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Peppe\Downloads\flashplayer29ppau_ha_install.exe
2018-03-31 22:43 - 2018-03-31 22:43 - 000017916 _____ C:\Windows\system32\results.xml
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD.rar
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD (1).rar
2018-03-30 16:05 - 2018-03-31 18:00 - 000000000 ____D C:\Users\Peppe\Desktop\VOD
2018-03-27 03:30 - 2018-03-27 03:30 - 006648319 ____R C:\Users\Peppe\Downloads\Stephen Covey - Le sette abitudini per avere successo.pdf
2018-03-27 03:27 - 2018-03-27 03:28 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\uTorrent
2018-03-27 03:27 - 2018-03-27 03:27 - 000001010 _____ C:\Users\Peppe\Downloads\Stephen R Covey - Le sette regole per avere successo.torrent
2018-03-23 12:28 - 2018-03-23 12:28 - 010269280 _____ C:\Users\Peppe\Desktop\3-Proteine_noanim.pdf
2018-03-18 16:07 - 2018-03-17 21:05 - 000000230 ___SH C:\Users\Public\Libraries.ini
2018-03-18 15:28 - 2018-03-18 15:28 - 032260096 _____ C:\Users\Peppe\Downloads\EpicInstaller-7.5.0-fortnite-c4899f16b6934760a534fe7ec70ae9b2.msi
2018-03-16 20:22 - 2018-03-16 20:22 - 044398486 _____ C:\Users\Peppe\Downloads\V3-Signed_ONE.PIECE.TREASURE.CRUISE_v.8.0.0o.apk
2018-03-16 19:38 - 2018-03-16 19:39 - 085022931 _____ C:\Users\Peppe\Downloads\Monster Legends RPG v6.2.2 FRsigned.apk
2018-03-16 19:32 - 2018-03-16 19:34 - 092931480 _____ C:\Users\Peppe\Downloads\m_l_v.5.0.2_mod_(1).apk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001031 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-15 20:29 - 2018-03-15 20:29 - 020361728 _____ (TeamViewer GmbH) C:\Users\Peppe\Downloads\TeamViewer_Setup.exe
2018-03-15 20:23 - 2018-03-15 20:24 - 020545618 _____ C:\Users\Peppe\Downloads\Summoners War v3.8.0 Mod v3 iHackedit.com.apk
2018-03-15 20:12 - 2018-03-15 20:12 - 000353023 _____ C:\Users\Peppe\Downloads\Office365RoadMap_Features_03-15-2018.xlsx
2018-03-13 03:23 - 2018-03-13 03:23 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Bad Seed SRL
2018-03-07 17:26 - 2018-03-07 17:26 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (3).pdf
2018-03-07 17:25 - 2018-03-07 17:25 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (2).pdf
2018-03-07 17:24 - 2018-03-07 17:24 - 000066208 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento (1).pdf
2018-03-07 15:55 - 2018-03-07 15:56 - 016093512 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.9 Mod iHackedit.com.apk
2018-03-06 22:04 - 2018-03-06 22:04 - 000154837 _____ C:\Users\Peppe\Downloads\ORDINAMENTO VVF.pptx
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Blizzard Entertainment
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2064-01-01 16:45 - 2017-11-16 16:39 - 000000000 ____D C:\ProgramData\eLicenser
2018-04-01 17:21 - 2015-10-01 13:31 - 000000000 ____D C:\Windows\pss
2018-04-01 17:08 - 2015-06-16 16:04 - 000000000 ____D C:\AdwCleaner
2018-04-01 17:04 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 17:04 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 16:52 - 2014-10-17 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-01 16:51 - 2015-04-09 23:40 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-01 16:50 - 2017-07-11 22:19 - 000000318 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-04-01 16:50 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 16:49 - 2016-08-05 17:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-01 16:23 - 2014-09-30 15:40 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-01 14:54 - 2016-03-22 22:21 - 000000000 ____D C:\Users\Peppe\Documents\ShareX
2018-04-01 14:40 - 2014-09-30 15:57 - 000000000 ____D C:\Users\Peppe\AppData\Local\Adobe
2018-04-01 13:59 - 2017-07-12 00:32 - 000000000 ____D C:\Users\Peppe\AppData\Local\Nox
2018-04-01 12:28 - 2015-01-03 17:22 - 000000000 ____D C:\Users\Peppe\.android
2018-04-01 12:27 - 2017-08-22 13:07 - 000000000 ____D C:\Users\Peppe\.BigNox
2018-04-01 12:27 - 2017-07-12 00:34 - 000000000 ____D C:\Users\Peppe\vmlogs
2018-04-01 06:26 - 2017-08-12 06:38 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2018-04-01 06:25 - 2016-09-16 19:12 - 000000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2018-04-01 06:25 - 2014-11-30 21:39 - 000000000 ____D C:\Program Files (x86)\2eb628ee-7327-4304-bd33-0abb95505b88
2018-04-01 06:25 - 2014-10-01 20:46 - 000000000 ____D C:\Program Files (x86)\Adobe Media Player
2018-04-01 06:06 - 2015-10-23 15:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\TeamViewer
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-01 05:26 - 2017-08-15 08:12 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-01 05:25 - 2018-02-07 21:08 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-01 05:24 - 2018-02-07 21:08 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-04-01 05:24 - 2014-09-30 16:21 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-01 04:56 - 2016-10-04 18:23 - 000472328 _____ C:\Windows\SysWOW64\win32_hlp
2018-04-01 04:52 - 2009-07-14 12:53 - 000744956 _____ C:\Windows\system32\perfh010.dat
2018-04-01 04:52 - 2009-07-14 12:53 - 000148628 _____ C:\Windows\system32\perfc010.dat
2018-04-01 04:52 - 2009-07-14 07:13 - 001671250 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-01 04:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-01 04:15 - 2015-08-09 05:50 - 000707595 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2018-04-01 03:50 - 2009-07-14 06:45 - 005075152 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-01 03:47 - 2014-10-01 13:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-01 03:29 - 2014-10-01 13:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\DAEMON Tools Lite
2018-04-01 03:29 - 2014-09-30 16:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-01 03:28 - 2015-10-16 20:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashDumps
2018-04-01 02:49 - 2015-10-13 02:02 - 000000000 ____D C:\Program Files (x86)\BDO - English Please
2018-04-01 02:42 - 2017-11-15 00:54 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-01 02:27 - 2017-07-10 12:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-01 02:27 - 2014-09-30 15:09 - 000114368 _____ C:\Users\Peppe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-01 02:26 - 2014-09-30 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-01 02:18 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-01 02:16 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-01 02:16 - 2009-07-14 04:34 - 000000408 _____ C:\Windows\win.ini
2018-04-01 02:15 - 2009-07-14 13:19 - 000000000 ____D C:\Windows\ShellNew
2018-04-01 02:15 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-01 01:21 - 2016-02-19 20:10 - 000000000 ____D C:\Program Files\Epic Games
2018-04-01 00:55 - 2014-10-01 13:59 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-01 00:53 - 2016-05-30 00:16 - 000000000 ____D C:\Users\Peppe\Desktop\SoundBoard
2018-04-01 00:53 - 2014-10-02 15:03 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\vlc
2018-04-01 00:52 - 2017-09-07 14:50 - 000001001 _____ C:\Users\Public\Desktop\SoundSwitch.lnk
2018-04-01 00:52 - 2014-10-01 13:32 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-01 00:41 - 2018-01-14 23:39 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-04-01 00:41 - 2017-12-08 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-04-01 00:41 - 2017-09-16 14:22 - 000000000 ____D C:\ProgramData\GOG.com
2018-04-01 00:21 - 2014-10-17 19:37 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TeamViewer
2018-04-01 00:21 - 2014-10-01 13:57 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TS3Client
2018-04-01 00:21 - 2014-10-01 13:32 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\uTorrent
2018-04-01 00:05 - 2015-05-03 13:48 - 000000000 ____D C:\Windows\Minidump
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\Program Files\CCleaner
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\Program Files\ShareX
2018-03-31 22:43 - 2015-12-14 13:29 - 000000000 __SHD C:\Users\Peppe\IntelGraphicsProfiles
2018-03-31 22:36 - 2014-09-30 15:12 - 000000000 ____D C:\Intel
2018-03-30 22:42 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Spotify
2018-03-30 18:27 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Local\Spotify
2018-03-30 04:46 - 2017-07-11 22:19 - 000003302 _____ C:\Windows\System32\Tasks\iToolsDaemon
2018-03-30 04:46 - 2015-12-03 17:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-30 04:46 - 2014-12-25 13:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 04:46 - 2014-10-01 13:32 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 04:46 - 2014-09-30 15:26 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 04:46 - 2014-09-30 15:26 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-30 02:02 - 2017-06-15 22:26 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\discord
2018-03-21 20:44 - 2014-11-22 23:34 - 000000000 ____D C:\Users\Peppe\AppData\Local\ElevatedDiagnostics
2018-03-21 03:13 - 2014-09-30 15:27 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 16:02 - 2017-05-20 03:54 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\EasyAntiCheat
2018-03-18 16:02 - 2016-02-18 15:35 - 000000000 ____D C:\Users\Peppe\AppData\Local\UnrealEngine
2018-03-18 01:58 - 2016-07-16 04:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\YoloMouse
2018-03-17 20:07 - 2017-05-14 15:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Mozilla
2018-03-17 16:20 - 2017-09-07 14:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\Program Files\SoundSwitch
2018-03-17 01:42 - 2014-10-09 20:13 - 000000000 ____D C:\Users\Peppe\AppData\Local\Battle.net
2018-03-17 01:40 - 2014-10-09 20:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-14 19:13 - 2009-07-14 07:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-13 01:25 - 2015-07-18 22:11 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-03-13 01:06 - 2015-01-11 22:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-02 23:30 - 2015-08-04 18:26 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2009-04-03 13:09 - 2009-04-03 13:09 - 000142152 _____ (Microsoft Corporation) C:\Users\Peppe\oarpman.exe
2014-11-30 00:20 - 2014-11-30 00:20 - 000835843 _____ () C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx
2015-07-09 00:35 - 2015-07-09 00:35 - 000000050 _____ () C:\Users\Peppe\AppData\Roaming\Camdata.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamLayout.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamShapes.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000004521 _____ () C:\Users\Peppe\AppData\Roaming\CamStudio.cfg
2015-08-07 19:28 - 2015-08-08 15:48 - 000099384 _____ () C:\Users\Peppe\AppData\Roaming\inst.exe
2015-08-07 19:28 - 2015-08-08 15:48 - 000007859 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.cat
2015-08-07 19:28 - 2015-08-08 15:48 - 000001167 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.inf
2015-08-07 19:28 - 2015-08-08 15:48 - 000000055 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.log
2015-08-07 19:28 - 2015-08-08 15:48 - 000082816 _____ (VSO Software) C:\Users\Peppe\AppData\Roaming\pcouffin.sys
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-10 15:41 - 2014-11-10 15:41 - 000001153 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-30 03:36 - 2014-12-20 16:41 - 000000682 _____ () C:\Users\Peppe\AppData\Roaming\SpeedRunnersLog.txt
2015-08-07 19:27 - 2015-08-08 15:21 - 000001059 _____ () C:\Users\Peppe\AppData\Roaming\vso_ts_preview.xml
2014-11-30 22:27 - 2016-12-27 23:58 - 000000600 _____ () C:\Users\Peppe\AppData\Roaming\winscp.rnd
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ () C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ () C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2017-01-25 17:54 - 2017-01-25 22:20 - 000000072 _____ () C:\Users\Peppe\AppData\Local\MamaToGo.txt
2017-08-20 12:43 - 2017-08-20 12:43 - 000000882 _____ () C:\Users\Peppe\AppData\Local\Nox_crash.log
2017-01-25 17:38 - 2017-01-25 22:20 - 000000020 _____ () C:\Users\Peppe\AppData\Local\PapaToGo.txt
2015-04-18 13:35 - 2015-04-18 13:35 - 000000000 _____ () C:\Users\Peppe\AppData\Local\{45FD1050-0D15-4B13-8C02-0B27F8613971}

Some files in TEMP:
====================
2018-04-01 05:57 - 2015-07-23 02:03 - 001730496 _____ (Microsoft Corporation) C:\Users\Peppe\AppData\Local\Temp\dllnt_dump.dll
2018-04-01 14:50 - 2018-04-01 14:50 - 007338040 _____ () C:\Users\Peppe\AppData\Local\Temp\paint.net.4.0.21.install.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-30 17:10

==================== End of FRST.txt ============================

Spoiler: Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 17:23:28)
Running from C:\Users\Peppe\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-09-30 11:46:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2921988991-613299845-3104574246-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2921988991-613299845-3104574246-501 - Limited - Disabled)
Peppe (S-1-5-21-2921988991-613299845-3104574246-1000 - Administrator - Enabled) => C:\Users\Peppe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1025 - DsNET Corp)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioniX Wallpaper Changer v9 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\BioniX Wallpaper Changer v9) (Version: - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canopus Codec Option 6.01 (HKLM-x32\...\{28C515CC-489B-4c02-898E-FE5B790E52FF}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Championify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Championify) (Version: 2.0.4 - Dustin Blackman)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DaVinci Resolve (HKLM\...\{993A1353-910B-41B1-9846-7BD2E15641D5}) (Version: 12.0.1006 - Blackmagic Design)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.118 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.118 - Polenter - Software Solutions)
Discord (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
EDIUS (HKLM\...\{E7CCB338-2A54-4F44-947B-958BD847A5D3}) (Version: 7.50 - Grass Valley K.K.)
EDIUS 6.01 (HKLM-x32\...\{B91A1230-C199-421e-8F63-7235731D925E}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
EDIUS Codec Option 7.50 (HKLM-x32\...\{7E4E5B65-9B8B-4ECE-9C1F-9C96DA0BC620}) (Version: 7.50 - Grass Valley K.K.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.1203 - Steinberg Media Technologies GmbH)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{7A92850A-3660-487C-BE6B-0D054942570B}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX100_TX100 Manuale (HKLM-x32\...\EPSON Stylus SX100_TX100 Guida utente) (Version: - )
EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
GitHub (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.2.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Heroes of the Storm Public Test (HKLM-x32\...\Heroes of the Storm Public Test) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HOTSLogsUploader (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Keep Talking and Nobody Explodes 1.1.4 (HKLM-x32\...\Keep Talking and Nobody Explodes 1.1.4) (Version: 1.1.4 - Steel Crate Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LCDSirReal - a multipurpose plugin for the Logitech G13/G15 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\LCDSirReal) (Version: - Link Data Stockholm)
League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes versione 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
M-Audio M-Track 2X2M 1.0.6 (HKLM\...\{A1AD4677-B615-4E51-B559-E0145F0FE3A7}) (Version: 1.0.6 - M-Audio)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Mozilla Firefox 56.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 it)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1040}) (Version: 8.3.465 - Nero AG)
Nier Automata (HKLM-x32\...\{0F48043A-5115-42C3-B1B3-958AC3A319CF}_is1) (Version: - Square Enix)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.1.2 - Duodian Technology Co. Ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (HKLM-x32\...\{43509E18-076E-40FE-AF38-CA5ED400A5A9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Redout Enhanced Edition Neptune Pack (HKLM-x32\...\Redout Enhanced Edition Neptune Pack_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.1.1 - ShareX Team)
Sky Go Download Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\690096451.skygo.sky.it) (Version: - skygo.sky.it)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart-X7 7.80 (HKLM\...\WheelMouse) (Version: - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
SoundSwitch 4.3.6643.23689 (HKLM\...\SoundSwitch_is1) (Version: 4.3.6643.23689 - Antoine Aflalo)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Startup Optimizer 1.6 (HKLM-x32\...\Startup Optimizer_is1) (Version: - Cyberlion Solutions Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE AI Elements 9 (HKLM\...\{E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}) (Version: 9.0.1 - Steinberg Media Technologies GmbH)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 Host (MSI Wrapper) (HKLM-x32\...\{146C4A0D-592D-4D7E-A637-6BC18BA614F8}) (Version: 12.1.6829 - TeamViewer)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Thimbleweed Park (HKLM-x32\...\1325604411_is1) (Version: 1.0.955 - GOG.com)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
TunesKit Spotify Converter 1.2.1.100 (HKLM-x32\...\TunesKit Spotify Converter_is1) (Version: - TunesKit, Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.52 - VSO Software)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WarRock (HKLM-x32\...\Warrock EU) (Version: - )
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06770018-36BF-4E39-BC13-DDC150EBACA0} - System32\Tasks\Samanhole_volatilitymanhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {342C16A9-1225-4A48-96C0-6212CDE49072} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-13] ()
Task: {43ECB724-D5A7-43E2-B4AE-EB0B718CEDAF} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {44AD0AA2-CF7F-47D1-8AE6-87F2414026C0} - System32\Tasks\Sapetterssonpettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {50D67F8C-89B8-415C-83B7-E1159DFDC2BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-01] (AVAST Software)
Task: {54876FB3-2555-4A3D-A4D2-4C2BD6BC7AEC} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {5CF391B2-9CD8-45A6-AD15-4098F6ADB9CD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {6083B581-E2C7-497B-A55A-ED50BE8D6E8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-05] (AVAST Software)
Task: {7255F974-1275-4EB5-BDBB-CD9CE21C6267} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8225076B-9A2D-476B-83DD-81FAB6A4C075} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {885BD0A2-A46A-4762-82DA-6F7AEFC07730} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ACA6B3AF-306E-464F-A234-11E19E1F6F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B92FB331-15EC-45A3-BA12-7BB323F6BBFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F} - System32\Tasks\manhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {C161BAEC-D415-45CC-9167-024E993F966F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C57E81D1-3543-4087-B26B-40A12F8744B3} - System32\Tasks\reinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
Task: {CAFB815E-F7AA-4A1A-A32F-09CDF204E458} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {CCFFCCCB-4BCF-4837-8091-067208D9ECEA} - System32\Tasks\pettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {D6A18C6F-323B-469B-B06B-A9A9FBA57729} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {DB2DCE1D-C1FC-48F9-A4A6-1FE43D01A41F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {E8C62854-E833-47D8-9BB1-2155662F50CC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {F0922AB5-74D8-4B86-9CB6-28EC43C8CC17} - System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-07-22 01:02 - 2015-07-22 01:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-18 09:23 - 2014-09-18 09:23 - 000866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 001050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 000242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-11-13 14:10 - 2000-01-01 02:00 - 000196608 _____ () C:\Program Files\Mouse\Amoumain.exe
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-03-25 21:09 - 2016-03-25 21:09 - 000179200 _____ () C:\Program Files\YoloMouse\YoloMouse.exe
2018-03-06 23:58 - 2018-03-06 23:58 - 000089984 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 001225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-30 15:24 - 2013-07-24 10:16 - 001425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2011-06-21 11:14 - 2011-06-21 11:14 - 000207872 _____ () C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
2015-07-18 22:00 - 2016-07-31 21:53 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-01 05:36 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2016-02-18 15:35 - 2017-09-29 22:40 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-01 14:40 - 2018-04-01 14:40 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18040100\algo.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-01 05:25 - 2018-04-01 05:25 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-30 15:09 - 2018-04-01 16:50 - 000027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2018-01-09 12:18 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2014-01-03 13:03 - 2014-01-03 13:03 - 007816192 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avcodec-54.dll
2014-01-03 13:03 - 2014-01-03 13:03 - 000188416 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avutil-52.dll
2014-01-03 13:03 - 2014-01-03 13:03 - 001425920 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\avformat-54.dll
2014-01-03 13:03 - 2014-01-03 13:03 - 000336896 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swscale-2.dll
2014-01-03 13:03 - 2014-01-03 13:03 - 000096256 _____ () C:\Program Files (x86)\SplitmediaLabs\XSplit\swresample-0.dll
2018-01-09 12:19 - 2018-02-18 12:36 - 001780216 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2014-09-30 15:26 - 2013-08-13 20:55 - 000685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-30 15:26 - 2013-08-13 20:46 - 002745344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-30 15:24 - 2013-08-08 10:44 - 001139200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-30 15:25 - 2013-06-24 15:59 - 001173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-09-30 15:24 - 2013-06-04 19:41 - 000662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-09-30 15:24 - 2013-07-31 20:05 - 005773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-30 15:24 - 2010-06-21 15:21 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2018-01-09 12:18 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 12:18 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Peppe\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 12:19 - 2018-01-09 12:19 - 002662904 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 12:19 - 2018-03-21 15:40 - 009623896 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 12:19 - 2018-02-01 11:46 - 001508344 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 12:19 - 2018-01-09 12:19 - 000513016 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 12:19 - 2009-01-01 14:07 - 001517560 _____ () \\?\C:\Users\Peppe\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2017-10-11 16:38 - 2000-01-01 02:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{66007900-6900-6800-6200-470032003600} [192]
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} [748]
AlternateDataStreams: C:\Users\Peppe:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-23 19:48 - 2018-04-01 06:25 - 000000511 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 mpa.one.microsoft.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2921988991-613299845-3104574246-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spoti15Autostart => "C:\Users\Peppe\Downloads\Spoti15_fix_by_nima158\Release\Spoti15.exe" -autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peppe\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A3A59915-427B-494E-A622-82A59F4DA8BD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{64E16E3D-C230-4491-8D5C-C2A5F9E5056B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F26BE04-A505-4ABF-919D-AD642F27D51B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D81436F-15FB-4143-99C8-DB261813F64B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F1C2A98-ABB7-4575-914B-606C0AA9587C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3087EB8-F16E-45EE-9302-CEC891FC9C29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF88EC1-A8F0-499C-960F-2FFBF618EFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2B4B39B-08A1-4A5B-BCF9-AE941F330A97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{225B4C9A-F34D-4B7B-A6B0-9325D1776C18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63950430-0921-4779-9FA9-053A0E421B51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D72CD56-2E16-4316-AD2F-A85CEBD0E05E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7A7B648F-36AC-4213-A91B-88872A590AB0}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8D46AAEE-D439-48BC-9247-C24EA9E9905B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2F6FDF15-D135-4909-BF3C-5AF866BB97AF}] => (Allow) LPort=4481
FirewallRules: [{FA0DB5FA-25C0-45A7-A522-1D414818A12B}] => (Allow) LPort=4481
FirewallRules: [{A892D951-F776-4DE4-B8B8-61CFF450DAA3}] => (Allow) LPort=4482
FirewallRules: [{BF3E8268-5D92-4949-903D-446E3D373AA1}] => (Allow) LPort=4482
FirewallRules: [{E7E639A6-305A-473B-8384-584BAAFD8912}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D61D3BAC-5ECC-48BA-9F2D-16B24C159237}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B4627E5-3559-4A53-A14F-4808F7263E77}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [UDP Query User{5E6A5FA4-2169-48C2-88B6-749E8DB2395B}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [TCP Query User{55ACBA91-B223-4FD7-8862-793CC72A47FD}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F3A79791-5DA0-49FD-A6A2-1009648B510E}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{51FDE9D4-A93B-4123-8303-1D960759709C}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA910F7A-8C41-4688-B933-4B0F65299C98}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0454318D-3FE4-4FA8-8931-A99D8A27EF22}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8C18AFBE-A306-4DFA-A461-CB98423960B5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{53E59F4A-37F9-47A6-B8AB-F27DDDD4D3C1}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C8F88B47-E566-41EF-B047-5B91C0A2E337}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8C753392-D2C2-461C-8659-2AF2B09319A7}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B47133E7-0EB5-464D-9B7F-BEACFDCBDF4C}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92A2FF91-B16A-415F-B2EF-A654457F5E44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1142F39E-2025-4078-9DAE-5632983F608D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4D8EA730-DC2A-489D-A5F3-5586926F4DEA}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [UDP Query User{7B346264-1CD7-4EEC-9567-6B7F8E228619}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [{FFCAFFFF-EDDF-4F07-A09B-4348A4E258E8}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DE892CE3-1897-4C67-AC36-54BA20D93958}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F93DB709-E6FA-4AAF-8F24-3B47AFEAE821}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1AC1AD2D-B6D5-4137-B489-7E76DA727340}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC1D5F44-B451-4684-8110-D8EF51CD8891}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{FAE21213-D420-44F2-AAFC-24EF77AE3859}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B93C6F4C-8CC5-4E85-84E5-F132F16D1B8F}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{23384FD3-E699-47B1-ACF7-0B0654EBC160}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{34B4986E-8092-4FCB-8DE8-FD0779B4BFFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6907BB7-AD03-4227-86D6-2A45F2BCA1FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F64BB74C-AE97-4D7E-A7D1-A4E501E1803F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7D29240D-05B6-4F27-A5E7-B4896EBFC6C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60F791D7-298A-46BF-8028-D07C47630670}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

31-03-2018 22:45:49 SlimDrivers Installing Drivers
01-04-2018 02:12:39 Removed Microsoft Office Professional Plus 2013
01-04-2018 02:13:16 PROPLUS
01-04-2018 16:21:08 NVIDIA PhysX rimosso
01-04-2018 16:23:05 univcredist

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 02:01:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Cadavers.exe versione 9.5.8.166 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1c50

Ora di avvio: 01d3c9af2e792f65

Ora di chiusura: 3

Percorso applicazione: C:\Users\Peppe\AppData\Local\Cadavers.exe

ID segnalazione: 5437df03-35a4-11e8-97b5-00ac31a303cd

Error: (04/01/2018 12:15:59 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (1964) Tentativo di apertura del file "C:\Users\Peppe\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" per accesso in sola lettura non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (01/01/2000 12:05:59 AM) (Source: TracerX - SoundSwitch) (EventID: 10004) (User: )
Description: 23:05:58.862 <null> SoundSwitch+ Exception while getting release Exception type: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System
StackTrace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Inner Exception type: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
StackTrace:
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Error: (04/01/2018 04:19:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Explorer.EXE versione 6.1.7601.17567 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1390

Ora di avvio: 01d3c95ef8043115

Ora di chiusura: 60000

Percorso applicazione: C:\Windows\Explorer.EXE

ID segnalazione: d4f02294-3552-11e8-af03-00ac31a303cd

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossibile inizializzare il plug-in <Search.TripoliIndexer>.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Impossibile trovare elemento. (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (04/01/2018 04:57:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Windows Update bloccato in partenza.

Error: (04/01/2018 04:53:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni predefinite del computer non concedono l'autorizzazione di Attivazione Locale per l'applicazione server COM con CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
e APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (04/01/2018 04:53:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0 non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 04:53:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0.

Error: (04/01/2018 04:52:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
VBoxNetAdp

Error: (04/01/2018 04:51:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Origin Web Helper Service non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 04:51:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Origin Web Helper Service.

Error: (04/01/2018 04:51:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Mobizen plugin non è stato avviato per il seguente errore:
Impossibile trovare il file specificato.


Windows Defender:
===================================
Date: 2015-04-16 02:37:00.595
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4212;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:39:00.772
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:37:00.653
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 11:17:40.482
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 02:39:01.254
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4424;process:pid:7588;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 55%
Total physical RAM: 8130.15 MB
Available physical RAM: 3620.03 MB
Total Virtual: 16258.5 MB
Available Virtual: 11678.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:197.9 GB) NTFS

\\?\Volume{ef14e60e-4896-11e4-992e-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BB9EC00)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[.MaxTechnology]

Ciao, guarda questo loader che casino che ha combinato... vabbien ti preparo un fix al volo e fammi sapere al più presto come và....

questo e" salvalo come fixlist.txt e mettilo sul desktop , metti FRST.exe sul desktop dove si trova contemporaneamente anche il fixlist.txt. Dopo aver aperto FRST.exe clicca su "FIX", poi posta il fixlog.txt

Spoiler: fixlist.txt

createrestorepoint:
closeprocesses:
cmd: ipconfig /flushdns
() C:\Users\Peppe\AppData\Local\Cadavers.exe
() C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 04:26 - 2018-04-01 04:26 - 001768136 _____ C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip
2018-04-01 02:27 - 2018-04-01 06:25 - 000000000 ____D C:\Program Files (x86)\magna
2018-04-01 02:27 - 2018-04-01 03:22 - 000000000 ___HD C:\Program Files (x86)\Coston
2018-04-01 01:48 - 2018-04-01 01:48 - 002860771 _____ C:\Users\Peppe\Downloads\Windows_7_Loader.zip
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:27 - 2018-04-01 02:27 - 000003946 _____ C:\Windows\System32\Tasks\reinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003908 _____ C:\Windows\System32\Tasks\manhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003884 _____ C:\Windows\System32\Tasks\pettersson
2018-04-01 02:27 - 2018-04-01 02:27 - 000003794 _____ C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003756 _____ C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003732 _____ C:\Windows\System32\Tasks\Sapetterssonpettersson
Task: {06770018-36BF-4E39-BC13-DDC150EBACA0} - System32\Tasks\Samanhole_volatilitymanhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {44AD0AA2-CF7F-47D1-8AE6-87F2414026C0} - System32\Tasks\Sapetterssonpettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F} - System32\Tasks\manhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {CCFFCCCB-4BCF-4837-8091-067208D9ECEA} - System32\Tasks\pettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {F0922AB5-74D8-4B86-9CB6-28EC43C8CC17} - System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
Task: {C57E81D1-3543-4087-B26B-40A12F8744B3} - System32\Tasks\reinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe

EmptyTemp:

buona pasqua

 

[LupoVelenos]

Spoiler: Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:16:11) Run:1
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe (Available Profiles: Peppe & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
cmd: ipconfig /flushdns
() C:\Users\Peppe\AppData\Local\Cadavers.exe
() C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 04:26 - 2018-04-01 04:26 - 001768136 _____ C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip
2018-04-01 02:27 - 2018-04-01 06:25 - 000000000 ____D C:\Program Files (x86)\magna
2018-04-01 02:27 - 2018-04-01 03:22 - 000000000 ___HD C:\Program Files (x86)\Coston
2018-04-01 01:48 - 2018-04-01 01:48 - 002860771 _____ C:\Users\Peppe\Downloads\Windows_7_Loader.zip
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:27 - 2018-04-01 02:27 - 000003946 _____ C:\Windows\System32\Tasks\reinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003908 _____ C:\Windows\System32\Tasks\manhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003884 _____ C:\Windows\System32\Tasks\pettersson
2018-04-01 02:27 - 2018-04-01 02:27 - 000003794 _____ C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003756 _____ C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003732 _____ C:\Windows\System32\Tasks\Sapetterssonpettersson
Task: {06770018-36BF-4E39-BC13-DDC150EBACA0} - System32\Tasks\Samanhole_volatilitymanhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {44AD0AA2-CF7F-47D1-8AE6-87F2414026C0} - System32\Tasks\Sapetterssonpettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F} - System32\Tasks\manhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {CCFFCCCB-4BCF-4837-8091-067208D9ECEA} - System32\Tasks\pettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {F0922AB5-74D8-4B86-9CB6-28EC43C8CC17} - System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
Task: {C57E81D1-3543-4087-B26B-40A12F8744B3} - System32\Tasks\reinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe

EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

C:\Users\Peppe\AppData\Local\Cadavers.exe => No running process found
C:\Users\Peppe\AppData\Local\Cadavers.exe => No running process found
C:\Users\Peppe\AppData\Local\Cadavers.exe => moved successfully
C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip => moved successfully
C:\Program Files (x86)\magna => moved successfully
C:\Program Files (x86)\Coston => moved successfully
C:\Users\Peppe\Downloads\Windows_7_Loader.zip => moved successfully
"C:\Users\Peppe\AppData\Local\Cadavers.exe" => not found
C:\Windows\System32\Tasks\reinvigorating lebowitz oooo => moved successfully
C:\Windows\System32\Tasks\manhole_volatility => moved successfully
C:\Windows\System32\Tasks\pettersson => moved successfully
C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => moved successfully
C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility => moved successfully
C:\Windows\System32\Tasks\Sapetterssonpettersson => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06770018-36BF-4E39-BC13-DDC150EBACA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06770018-36BF-4E39-BC13-DDC150EBACA0}" => removed successfully
"C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Samanhole_volatilitymanhole_volatility" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44AD0AA2-CF7F-47D1-8AE6-87F2414026C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44AD0AA2-CF7F-47D1-8AE6-87F2414026C0}" => removed successfully
"C:\Windows\System32\Tasks\Sapetterssonpettersson" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sapetterssonpettersson" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F}" => removed successfully
"C:\Windows\System32\Tasks\manhole_volatility" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\manhole_volatility" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCFFCCCB-4BCF-4837-8091-067208D9ECEA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCFFCCCB-4BCF-4837-8091-067208D9ECEA}" => removed successfully
"C:\Windows\System32\Tasks\pettersson" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pettersson" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0922AB5-74D8-4B86-9CB6-28EC43C8CC17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0922AB5-74D8-4B86-9CB6-28EC43C8CC17}" => removed successfully
"C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C57E81D1-3543-4087-B26B-40A12F8744B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57E81D1-3543-4087-B26B-40A12F8744B3}" => removed successfully
"C:\Windows\System32\Tasks\reinvigorating lebowitz oooo" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\reinvigorating lebowitz oooo" => removed successfully
"C:\Users\Peppe\AppData\Local\Cadavers.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26756995 B
Java, Flash, Steam htmlcache => 234327749 B
Windows/system/drivers => 45628091 B
Edge => 0 B
Chrome => 478266638 B
Firefox => 232341 B
Opera => 12288 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 66228 B
Peppe => 44347835 B
Administrator => 181154 B

RecycleBin => 407731097 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:19:27 ====

Il problema persiste :(
Buona pasqua anche a te e grazie per l'aiuto !

 

[.MaxTechnology]

Spoiler: Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:16:11) Run:1
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe (Available Profiles: Peppe & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
cmd: ipconfig /flushdns
() C:\Users\Peppe\AppData\Local\Cadavers.exe
() C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 04:26 - 2018-04-01 04:26 - 001768136 _____ C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip
2018-04-01 02:27 - 2018-04-01 06:25 - 000000000 ____D C:\Program Files (x86)\magna
2018-04-01 02:27 - 2018-04-01 03:22 - 000000000 ___HD C:\Program Files (x86)\Coston
2018-04-01 01:48 - 2018-04-01 01:48 - 002860771 _____ C:\Users\Peppe\Downloads\Windows_7_Loader.zip
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:27 - 2018-04-01 02:27 - 000003946 _____ C:\Windows\System32\Tasks\reinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003908 _____ C:\Windows\System32\Tasks\manhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003884 _____ C:\Windows\System32\Tasks\pettersson
2018-04-01 02:27 - 2018-04-01 02:27 - 000003794 _____ C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo
2018-04-01 02:27 - 2018-04-01 02:27 - 000003756 _____ C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility
2018-04-01 02:27 - 2018-04-01 02:27 - 000003732 _____ C:\Windows\System32\Tasks\Sapetterssonpettersson
Task: {06770018-36BF-4E39-BC13-DDC150EBACA0} - System32\Tasks\Samanhole_volatilitymanhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {44AD0AA2-CF7F-47D1-8AE6-87F2414026C0} - System32\Tasks\Sapetterssonpettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F} - System32\Tasks\manhole_volatility => C:\Program Files (x86)\Coston\Cadavers.exe
Task: {CCFFCCCB-4BCF-4837-8091-067208D9ECEA} - System32\Tasks\pettersson => C:\Program Files (x86)\Dismantled\Cadavers.exe
Task: {F0922AB5-74D8-4B86-9CB6-28EC43C8CC17} - System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
Task: {C57E81D1-3543-4087-B26B-40A12F8744B3} - System32\Tasks\reinvigorating lebowitz oooo => C:\Users\Peppe\AppData\Local\Cadavers.exe [2018-04-01] ()
2018-04-01 05:03 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe

EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

C:\Users\Peppe\AppData\Local\Cadavers.exe => No running process found
C:\Users\Peppe\AppData\Local\Cadavers.exe => No running process found
C:\Users\Peppe\AppData\Local\Cadavers.exe => moved successfully
C:\Users\Peppe\Downloads\Windows Loader v2.2.2-Daz.zip => moved successfully
C:\Program Files (x86)\magna => moved successfully
C:\Program Files (x86)\Coston => moved successfully
C:\Users\Peppe\Downloads\Windows_7_Loader.zip => moved successfully
"C:\Users\Peppe\AppData\Local\Cadavers.exe" => not found
C:\Windows\System32\Tasks\reinvigorating lebowitz oooo => moved successfully
C:\Windows\System32\Tasks\manhole_volatility => moved successfully
C:\Windows\System32\Tasks\pettersson => moved successfully
C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo => moved successfully
C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility => moved successfully
C:\Windows\System32\Tasks\Sapetterssonpettersson => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06770018-36BF-4E39-BC13-DDC150EBACA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06770018-36BF-4E39-BC13-DDC150EBACA0}" => removed successfully
"C:\Windows\System32\Tasks\Samanhole_volatilitymanhole_volatility" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Samanhole_volatilitymanhole_volatility" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44AD0AA2-CF7F-47D1-8AE6-87F2414026C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44AD0AA2-CF7F-47D1-8AE6-87F2414026C0}" => removed successfully
"C:\Windows\System32\Tasks\Sapetterssonpettersson" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sapetterssonpettersson" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF4B1797-B6CA-4FE7-94DA-2C24272FBD0F}" => removed successfully
"C:\Windows\System32\Tasks\manhole_volatility" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\manhole_volatility" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCFFCCCB-4BCF-4837-8091-067208D9ECEA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCFFCCCB-4BCF-4837-8091-067208D9ECEA}" => removed successfully
"C:\Windows\System32\Tasks\pettersson" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pettersson" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0922AB5-74D8-4B86-9CB6-28EC43C8CC17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0922AB5-74D8-4B86-9CB6-28EC43C8CC17}" => removed successfully
"C:\Windows\System32\Tasks\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sareinvigorating lebowitz ooooreinvigorating lebowitz oooo" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C57E81D1-3543-4087-B26B-40A12F8744B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57E81D1-3543-4087-B26B-40A12F8744B3}" => removed successfully
"C:\Windows\System32\Tasks\reinvigorating lebowitz oooo" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\reinvigorating lebowitz oooo" => removed successfully
"C:\Users\Peppe\AppData\Local\Cadavers.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26756995 B
Java, Flash, Steam htmlcache => 234327749 B
Windows/system/drivers => 45628091 B
Edge => 0 B
Chrome => 478266638 B
Firefox => 232341 B
Opera => 12288 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 66228 B
Peppe => 44347835 B
Administrator => 181154 B

RecycleBin => 407731097 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:19:27 ====

Il problema persiste :(
Buona pasqua anche a te e grazie per l'aiuto !

Credo di essermi dimenticato qualcosa, rifai nuovamente la scansione con FRST, e pubblica Addition & Frst.txt grazie, vediamo di rimediare subito subito ^^

 

[LupoVelenos]

Credo di essermi dimenticato qualcosa, rifai nuovamente la scansione con FRST, e pubblica Addition & Frst.txt grazie, vediamo di rimediare subito subito ^^

Spoiler: Shortcut

Users shortcut scan result (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:39:28)
Running from C:\Users\Peppe\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\Administrator\Desktop ()
Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\Administrator\Downloads ()
Shortcut: C:\Users\Administrator\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Administrator\Desktop\EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.exe ()
Shortcut: C:\Users\Administrator\Desktop\Hammerwatch v1.3.lnk -> C:\Games\Hammerwatch v1.3\Hammerwatch.exe ()
Shortcut: C:\Users\Administrator\Desktop\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\Users\Administrator\Desktop\Strife.lnk -> C:\Program Files (x86)\Strife\bin\strife.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files (x86)\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\{31881BD7-13BB-42B0-9D44-B28D35F29C52}\DesktopReminderSetup.lnk -> [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2\Desktop-Reminder 2.lnk
7
C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 7.0.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe (Adobe Systems Incorporated )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk -> C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Device Central CS4\DeviceCentral.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit CS4\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk -> C:\Program Files (x86)\Adobe\Adobe Help Center\ahc.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\Adobe Media Encoder.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\Pixel Bender Toolkit\pixel_bender_toolkit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Mocha\bin\Mocha For After Effects.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk -> C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoloMouse\YoloMouse.lnk -> C:\Program Files\YoloMouse\YoloMouse.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Gamecaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo32.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo32.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Disinstalla ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\LGPL license.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\lgpl-2.1.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Localizza ConvertXToDVD 5.lnk -> C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Installa.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Rimuovi driver (modalità compatibile).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Verifica.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Disinstalla Tunngle.lnk -> C:\Program Files (x86)\Tunngle\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Spotify Converter\TunesKit Spotify Converter.lnk -> C:\Program Files (x86)\TunesKit Spotify Converter\SpotifyConverter.exe (TunesKit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Spotify Converter\Uninstall TunesKit Spotify Converter.lnk -> C:\Program Files (x86)\TunesKit Spotify Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Disinstalla Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Media Burner.lnk -> C:\Program Files (x86)\Total Video Converter\MediaBurner.exe (iTinySoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter sul Web.lnk -> C:\Program Files (x86)\Total Video Converter\tvc.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\tvcshell.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Player.lnk -> C:\Program Files (x86)\Total Video Converter\tvp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team Meat\SuperMeatBoy\Super Meat Boy.lnk -> C:\Program Files (x86)\Team Meat\SuperMeatBoy\SuperMeatBoy.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team Meat\SuperMeatBoy\Uninstall Super Meat Boy.lnk -> C:\Program Files (x86)\Team Meat\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife\Strife.lnk -> C:\Program Files (x86)\Strife\bin\strife.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife\Uninstall.lnk -> C:\Program Files (x86)\Strife\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg\ASIO Generic Lower Latency Driver Setup.lnk -> C:\Program Files\Steinberg\Asio\asioglldsetup.exe (Steinberg Media Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer help.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer on the Web.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Uninstall Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\File Shredder.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SDShred.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Tutorial.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\Help\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch\SoundSwitch.lnk -> C:\Program Files\SoundSwitch\SoundSwitch.exe (SoundSwitch)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch\Uninstall SoundSwitch.lnk -> C:\Program Files\SoundSwitch\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Vegas_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Video Capture 6.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Videocapture_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX\Uninstall ShareX.lnk -> C:\Program Files\ShareX\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redout Enhanced Edition Neptune Pack\Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\redout.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redout Enhanced Edition Neptune Pack\Uninstall Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Informazioni su QuickTime.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Arc.lnk -> C:\Program Files (x86)\Arc\ArcLauncher.exe (Perfect World Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Ripara Arc.lnk -> C:\Program Files (x86)\Arc\ArcRepair.exe (Perfect World Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Disinstalla Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Segnalazione errori Origin.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Uninstall Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\WarRock.lnk -> C:\Nexon\Warrock EU\WRLauncher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Light Blends for Windows\Uninstall.lnk -> C:\Program Files (x86)\NewBlue\Light Blends for Windows\Uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero BackItUp [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NeroBackItUp_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Burning ROM [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\NeroBurningRom_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero BurnRights [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroBurnRights_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero ControlCenter [Manuale Italiano].lnk -> C:\Program Files (x86)\Common Files\Nero\Nero Web\NeroControlCenter_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero CoverDesigner [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\NeroCoverDesigner_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero DiscSpeed [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroDiscSpeed_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroDriveSpeed_Ita.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Express [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\NeroExpress_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Home [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero InfoTool [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroInfoTool_Ita.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero MediaHome [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaHome\NeroMediaHome_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero MediaStreaming Plug-in (for MCE) [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaStreaming\NeroMediaStreamingForMCE_ITA.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero PhotoSnap [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\NeroPhotoSnap_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Recode [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Recode\NeroRecode_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero RescueAgent [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero ShowTime [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\NeroShowTime_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero SoundTrax [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero SoundTrax\NeroSoundTrax_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero StartSmart [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Vision [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero WaveEditor [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero WaveEditor\NeroWaveEditor_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\libmp3splt_doc.lnk -> C:\Program Files (x86)\mp3splt-gtk\libmp3splt_doc (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\mp3splt-gtk.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\mp3splt-gtk_doc.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk_doc (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\uninstall.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk_uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Certificato digitale per progetti VBA.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Preferenze di lingua di Microsoft Office 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Raccolta multimediale Microsoft.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\M-Audio M-Track 2X2M Control Panel.lnk -> C:\Program Files (x86)\M-Audio\M-Track 2X2M\Panel.exe (M-Audio)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\ReadMe.txt.lnk -> C:\Program Files\M-Audio\M-Track 2X2M\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Gaming Software 8.57.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> C:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition Documentation.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition on the Web.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\Uninstall EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_65\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configura Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Informazioni su iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\it.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight\Ironsight.lnk -> C:\AeriaGames\Ironsight\launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm Public Test\Heroes of the Storm Public Test.lnk -> C:\Program Files (x86)\Heroes of the Storm Public Test\Heroes of the Storm Public Test.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware\Mouse\Disinstallazione di Smart-X7.Lnk -> C:\Program Files\Mouse\Uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware\Mouse\Smart-X7 7.80.Lnk -> C:\Program Files\Mouse\Amoumain.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS 7 Manuals.lnk -> C:\Program Files\Grass Valley\EDIUS 7\Manual ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS 7.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EDIUS.exe (Grass Valley K.K.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS System Reporter.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EdiusSystemReporter.exe (Grass Valley K.K.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\Serial number registration.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Thimbleweed Park\Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\ThimbleweedPark.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Thimbleweed Park\Uninstall Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\EtG.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Uninstall Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dragon Age II.lnk -> [LF6"pH,R GFSI"xsH'{KBDragon Age II 2011 EA International (Studio and Publishing) Ltd.(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\EA SPORTS™ FIFA 15.lnk -> [LF6"pH,R GFSIě3[{Eo=WEA SPORTS"! FIFA 15(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Enter the Gungeon.lnk -> [LF6"pH,R GFSIŨ`@YEnter the Gungeon(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows - LIVE.lnk -> [LF6"pH,R GFSIC^BC[#BGames for Windows - LIVE(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Disinstalla Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Uninstall Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk -> C:\Fraps\uninstall.exe (Beepa Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18\FIFA18.lnk -> C:\Program Files\FIFA18\FIFA18.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18\Uninstall FIFA18.lnk -> C:\Program Files\FIFA18\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Easy Photo Print.lnk -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Read Me\Easy Photo Print.lnk -> C:\Program Files (x86)\Epson Software\Easy Photo Print\DspReadMe.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus SX100_TX100 Manuale.lnk -> C:\Program Files (x86)\epson\TPMANUAL\ESSX100_TX100\ITA\USE_G\INDEX.HTM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\eLicenser Control Center.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\Documentation\eLicenser Control Release Notes.lnk -> C:\Program Files (x86)\eLicenser\Release Notes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDIUS\EDIUS 6\EDIUS 6.lnk -> C:\Program Files (x86)\Grass Valley\EDIUS 6\EDIUS.exe (Thomson Canopus Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\DeskPins.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\Help.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\Uninstall.lnk -> C:\Program Files (x86)\DeskPins\uninstall.exe (Elias Fotinis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\BlackBerry Desktop Software.lnk -> C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\Leggimi.lnk -> C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\BlackBerry Desktop Software readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk -> C:\Program Files (x86)\AutoIt3\Examples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk -> C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe (Neil Hodgson neilh@scintilla.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk -> C:\Program Files (x86)\AutoIt3\Extras ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\VBScript Examples.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\ActiveX\VBScript (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe (DsNET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\AI Suite 3.lnk -> C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings\AMD Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Media Player.lnk -> C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\ExtendScript Toolkit.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##\##ID_STRING17##.lnk -> C:\Program Files\AMD\CIM\BIN64\amdprw.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\Documenti - collegamento.lnk -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
Shortcut: C:\Users\Peppe\Pictures\Desktop.lnk -> C:\Users\Peppe\Desktop ()
Shortcut: C:\Users\Peppe\Music\MacheteMixtvol3\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Peppe\Links\Creative Cloud Files.lnk -> C:\Users\Peppe\Creative Cloud Files ()
Shortcut: C:\Users\Peppe\Links\Desktop.lnk -> C:\Users\Peppe\Desktop ()
Shortcut: C:\Users\Peppe\Links\Downloads.lnk -> C:\Users\Peppe\Downloads ()
Shortcut: C:\Users\Peppe\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Peppe\Documents\Peppe - collegamento (2).lnk -> C:\Users\Peppe ()
Shortcut: C:\Users\Peppe\Documents\Peppe - collegamento.lnk -> C:\Users\Peppe ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_31052832_234@98.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\103805906\98-Hero-1-33840 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_41070007_334@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\101416759\2-Hero-1-673527 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_53286321_196@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\103805906\2-Hero-1-5367862 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_75935551_165@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\431730612\2-Hero-1-8744466 ()
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects 7.0.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe (Adobe Systems Incorporated )
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Peppe\Desktop\Championify.lnk -> C:\Users\Peppe\AppData\Local\Championify\championify.exe (Dustin Blackman)
Shortcut: C:\Users\Peppe\Desktop\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\Peppe\Desktop\Cubase LE AI Elements 9.lnk -> C:\Program Files\Steinberg\Cubase LE AI Elements 9\Cubase LE AI Elements 9.exe (Steinberg Media Technologies)
Shortcut: C:\Users\Peppe\Desktop\Ironsight.lnk -> C:\AeriaGames\Ironsight\launcher.exe ()
Shortcut: C:\Users\Peppe\Desktop\Keep Talking and Nobody Explodes.lnk -> C:\Program Files (x86)\Steel Crate Games\Keep Talking and Nobody Explodes\ktane.exe ()
Shortcut: C:\Users\Peppe\Desktop\League of Legends.lnk -> C:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\Users\Peppe\Desktop\Multi-Drive.lnk -> C:\Program Files (x86)\Nox\bin\MultiPlayerManager.exe ()
Shortcut: C:\Users\Peppe\Desktop\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Peppe\Desktop\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\Desktop\Open Broadcaster Software.lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\Desktop\Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\redout.exe ()
Shortcut: C:\Users\Peppe\Desktop\Resolve.lnk -> C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.)
Shortcut: C:\Users\Peppe\Desktop\Riders of Icarus.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe (No File)
Shortcut: C:\Users\Peppe\Desktop\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\Users\Peppe\Desktop\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Peppe\Desktop\Spotify.lnk -> C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Peppe\Desktop\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Peppe\Desktop\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\Users\Peppe\Desktop\Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\tvcshell.exe ()
Shortcut: C:\Users\Peppe\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Peppe\Desktop\Vegas Pro 12.0 (64-bit).lnk -> C:\Program Files\Sony\Vegas Pro 12.0\vegas120.exe (Sony Creative Software Inc.)
Shortcut: C:\Users\Peppe\Desktop\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\Desktop\Data\Adobe Photoshop CC 2014\local\modified\@DESKTOP@\Adobe Photoshop CC 2014.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\BioniX Wallpaper Changer.lnk -> C:\BioniX Wallpaper\Bionix Wallpaper.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> C:\Users\Peppe\Desktop\Tor Browser\Browser\firefox.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files (x86)\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Cartella dei dati dell'applicazione.lnk -> C:\Users\Peppe\AppData\Roaming\Steinberg\Cubase LE AI Elements 9_64 ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Cubase LE AI Elements 9.lnk -> C:\Program Files\Steinberg\Cubase LE AI Elements 9\Cubase LE AI Elements 9.exe (Steinberg Media Technologies)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Uninstall Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OWUninstaller.exe (Overwolf Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk -> C:\Program Files\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk -> C:\Program Files (x86)\OBS\uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Riders of Icarus.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCDSirReal\Start LCDSirReal.lnk -> C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCDSirReal\Uninstall LCDSirReal.lnk -> C:\Users\Peppe\Documents\LCDSirReal\Uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Medal of Honor Pacific Assault™.lnk -> [LF6"pH,R GFSI*qG4=h0}. Medal of Honor: Pacific Assault"!(1SPSXFL8C&m]
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dustin Blackman\Championify.lnk -> C:\Users\Peppe\AppData\Local\Championify\championify.exe (Dustin Blackman)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design\DaVinci Resolve\Resolve.lnk -> C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox_unload.lnk -> C:\Program Files (x86)\Nox\bin\Nox_unload.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk -> C:\Program Files (x86)\Total Video Converter\tvp.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paladins.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\Paladins.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\deb74e6ef302b553\Speed Dial [FVD] - New Tab Page, 3D, Sync.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -> shell32.dll
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (No File)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\aTube Catcher.lnk -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe (DsNET)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\Users\Public\Desktop\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\Users\Public\Desktop\EDIUS 6.lnk -> C:\Program Files (x86)\Grass Valley\EDIUS 6\EDIUS.exe (Thomson Canopus Co., Ltd.)
Shortcut: C:\Users\Public\Desktop\EDIUS 7.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EDIUS.exe (Grass Valley K.K.)
Shortcut: C:\Users\Public\Desktop\eLicenser Control Center.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH)
Shortcut: C:\Users\Public\Desktop\Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\EtG.exe ()
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Users\Public\Desktop\FIFA18.lnk -> C:\Program Files\FIFA18\FIFA18.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Public\Desktop\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SoundSwitch.lnk -> C:\Program Files\SoundSwitch\SoundSwitch.exe (SoundSwitch)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\SuperMeatBoy.lnk -> C:\Program Files (x86)\Team Meat\SuperMeatBoy\SuperMeatBoy.exe ()
Shortcut: C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Public\Desktop\TeamViewer 13.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\ThimbleweedPark.exe ()
Shortcut: C:\Users\Public\Desktop\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\Users\Public\Desktop\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Public\Desktop\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Public\Desktop\XSplit Gamecaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)


ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall XSplit Broadcaster.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {19F00CA3-338D-497C-BA31-0507101F2BBB} /L*V "C:\Users\Peppe\AppData\Roaming\SplitmediaLabs\XSplit\xsplit_installer.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall XSplit Gamecaster.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955} /L*V "C:\Users\Peppe\AppData\Roaming\SplitmediaLabs\XSplit Gamecaster\xsplit_patch_uninstall.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset\Trust GXT Gaming Headset.lnk -> C:\Windows\SysWOW64\control.exe (Microsoft Corporation) -> C:\Windows\syswow64\CM108.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset\Uninstall Trust GXT Gaming Headset.lnk -> C:\Windows\System32\Cmeau108.exe () -> /rm /pusb108
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Server.lnk -> C:\Program Files\RealVNC\VNC Server\vncguihelper.exe (RealVNC Ltd) -> vncserver.exe -_fromGui -start -showstatus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Disinstalla QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Disinstalla Arc.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe (Perfect World Entertainment) -> -runfromtemp -l0x0410 -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Light Blends for Windows\Manage Activation 64bit.lnk -> C:\Program Files\NewBlue\Light Blends for Windows\ManageActivation64.exe () -> LightBlends64.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero BackItUp.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\BackItUp.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverDes.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65 /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Home.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero MediaHome.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero PhotoSnap Viewer.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero PhotoSnap.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Recode.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Recode\Recode.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero ShowTime.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero SoundTrax.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero SoundTrax\SoundTrax.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero StartSmart.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Vision.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero WaveEditor.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero WaveEditor\waveedit.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroBurnRights.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk -> C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=65 MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero RescueAgent.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk -> C:\Program Files (x86)\Common Files\Nero\Lib\NeroScoutOptions.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\Uninstall M-Audio M-Track 2X2M.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {A1AD4677-B615-4E51-B559-E0145F0FE3A7}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Informazioni su Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rileva aggiornamenti.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company) -> uninstall=all
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Aggiornamento driver.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_GUPA30.EXE (SEIKO EPSON CORPORATION) -> /P "EPSON SX100 Series" /D C:\Windows\system32\spool\DRIVERS\x64\3\E_IVIFEDE.VIF
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Assistenza tecnica.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\Windows\system32\spool\DRIVERS\x64\3\E_IGEPEDE.DLL,GE_OpenELINK "Stylus SX100"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Disinstallazione software stampante EPSON.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_IINSEDE.EXE (SEIKO EPSON CORPORATION) -> /R /APD /P:"EPSON SX100 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\License Activation.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH) -> -GuidedActivation
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team) -> "C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\Uninstall AI Suite 3.lnk -> C:\ProgramData\ASUS\AI Suite III\Setup.exe () -> -u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Remote Server Administration Tools.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> rsat_client.chm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##\##ID_STRING18##.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {A97D6752-EC02-4974-2B72-4AFBFBF90B0E}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Peppe\Desktop\Discord.lnk -> C:\Users\Peppe\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Peppe\Desktop\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65 /w
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Download Player.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 690096451.skygo.sky.it
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Disinstalla.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) -> -silent
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\Peppe\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Git Shell.lnk -> C:\Users\Peppe\AppData\Local\GitHub\GitHub.appref-ms () -> --open-shell
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (pre invio).lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list


InternetURL: C:\Users\Administrator\Favorites\Benvenuti su MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Administrator\Favorites\Home Page di Microsoft Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Administrator\Favorites\Microsoft Italia.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Administrator\Favorites\Siti Web Microsoft\Internet Explorer - Home.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Administrator\Favorites\Siti Web Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Intrattenimento.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Motori.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Notizie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Administrator\Favorites\Microsoft Websites\Gallery Add-on per IE.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Administrator\Favorites\Links\Raccolta Web Slice.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Administrator\Favorites\Links\Siti suggeriti.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster Release Notes.url -> URL: hxxp://www.xspl.it/bc/relnotes/1.3.1403.1202
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Gamecaster Release Notes.url -> URL: hxxp://www.xspl.it/gc/relnotes/1.9.1409.2308
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle sul Web.url -> URL: hxxp://www.Tunngle.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Nier Automata on the Web.url -> URL: hxxp://store.steampowered.com/app/524220
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\넥슨.url -> URL: hxxp://www.nexon.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Documentazione di riferimento.url -> URL: hxxp://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visita Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visualizza la Guida.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Documents\Support.url -> URL: hxxp://www.gog.com/support/enter_the_gungeon
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live Website.url -> URL: hxxp://gfl.gameforge.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Pagina web di Gameforge Live.url -> URL: hxxp://gfl.gameforge.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher sul Web.url -> URL: hxxp://www.atube.me/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Follow us on marapcana.com.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Follow Us on Twitter.url -> URL: hxxps://twitter.com/marapcana
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Like us On Facebook.url -> URL: hxxps://www.facebook.com/maRAPcana/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\tutta la musica rap che puoi desiderare la trovi qui.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Follow us on marapcana.com.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Follow Us on Twitter.url -> URL: hxxps://twitter.com/marapcana
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Like us On Facebook.url -> URL: hxxps://www.facebook.com/maRAPcana/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\tutta la musica rap che puoi desiderare la trovi qui.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Fabri_Fibra_-_Squallor\Fabri Fibra - Squallor\ci trovi qui su italianblogbuster.net.url -> URL: hxxp://italianblogbuster.net/
InternetURL: C:\Users\Peppe\Favorites\Benvenuti su MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Peppe\Favorites\Difesa.url -> BASEURL: hxxps://concorsi.difesa.it/Pagine/storico.aspx?rID=1 URL: hxxps://concorsi.difesa.it/Pagine/storico.aspx?rID=1
InternetURL: C:\Users\Peppe\Favorites\Home Page di Microsoft Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Peppe\Favorites\Microsoft Italia.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Peppe\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Peppe\Favorites\Siti Web Microsoft\Internet Explorer - Home.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Peppe\Favorites\Siti Web Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Intrattenimento.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Motori.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Notizie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Peppe\Favorites\Microsoft Websites\Gallery Add-on per IE.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Peppe\Favorites\Links\Raccolta Web Slice.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Peppe\Favorites\Links\Siti suggeriti.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Peppe\Desktop\Battlerite.url -> URL: steam://rungameid/504370
InternetURL: C:\Users\Peppe\Desktop\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\Users\Peppe\Desktop\Rocket League.url -> URL: steam://rungameid/252950
InternetURL: C:\Users\Peppe\Desktop\Tom Clancy's Ghost Recon Wildlands.url -> URL: steam://rungameid/460930
InternetURL: C:\Users\Peppe\Desktop\Trine 2.url -> URL: steam://rungameid/35720
InternetURL: C:\Users\Peppe\Desktop\x tutti\ProgettoSPDJD.url -> URL: hxxp://progettospdjd1.blogspot.it/
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Battlerite.url -> URL: steam://rungameid/504370
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Chivalry BETA.url -> URL: steam://rungameid/232210
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Rocket League.url -> URL: steam://rungameid/252950
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Tom Clancy's Ghost Recon Wildlands.url -> URL: steam://rungameid/460930
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Trine 2.url -> URL: steam://rungameid/35720
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knudsen Apps\Supporto tecnico Moobot Assistant.url -> BASEURL: hxxp://twitch.moobot.tv/ URL: hxxp://twitch.moobot.tv/
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Supporto tecnico GitHub.url -> BASEURL: hxxps://help.github.com/desktop URL: hxxps://help.github.com/desktop

==================== End of Shortcut.txt =============================

Spoiler: Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:38:03)
Running from C:\Users\Peppe\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-09-30 11:46:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2921988991-613299845-3104574246-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2921988991-613299845-3104574246-501 - Limited - Disabled)
Peppe (S-1-5-21-2921988991-613299845-3104574246-1000 - Administrator - Enabled) => C:\Users\Peppe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1025 - DsNET Corp)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioniX Wallpaper Changer v9 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\BioniX Wallpaper Changer v9) (Version: - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canopus Codec Option 6.01 (HKLM-x32\...\{28C515CC-489B-4c02-898E-FE5B790E52FF}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Championify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Championify) (Version: 2.0.4 - Dustin Blackman)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DaVinci Resolve (HKLM\...\{993A1353-910B-41B1-9846-7BD2E15641D5}) (Version: 12.0.1006 - Blackmagic Design)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.118 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.118 - Polenter - Software Solutions)
Discord (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
EDIUS (HKLM\...\{E7CCB338-2A54-4F44-947B-958BD847A5D3}) (Version: 7.50 - Grass Valley K.K.)
EDIUS 6.01 (HKLM-x32\...\{B91A1230-C199-421e-8F63-7235731D925E}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
EDIUS Codec Option 7.50 (HKLM-x32\...\{7E4E5B65-9B8B-4ECE-9C1F-9C96DA0BC620}) (Version: 7.50 - Grass Valley K.K.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.1203 - Steinberg Media Technologies GmbH)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{7A92850A-3660-487C-BE6B-0D054942570B}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX100_TX100 Manuale (HKLM-x32\...\EPSON Stylus SX100_TX100 Guida utente) (Version: - )
EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
GitHub (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.2.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Heroes of the Storm Public Test (HKLM-x32\...\Heroes of the Storm Public Test) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HOTSLogsUploader (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Keep Talking and Nobody Explodes 1.1.4 (HKLM-x32\...\Keep Talking and Nobody Explodes 1.1.4) (Version: 1.1.4 - Steel Crate Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LCDSirReal - a multipurpose plugin for the Logitech G13/G15 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\LCDSirReal) (Version: - Link Data Stockholm)
League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes versione 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
M-Audio M-Track 2X2M 1.0.6 (HKLM\...\{A1AD4677-B615-4E51-B559-E0145F0FE3A7}) (Version: 1.0.6 - M-Audio)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Mozilla Firefox 56.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 it)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1040}) (Version: 8.3.465 - Nero AG)
Nier Automata (HKLM-x32\...\{0F48043A-5115-42C3-B1B3-958AC3A319CF}_is1) (Version: - Square Enix)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.1.2 - Duodian Technology Co. Ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (HKLM-x32\...\{43509E18-076E-40FE-AF38-CA5ED400A5A9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Redout Enhanced Edition Neptune Pack (HKLM-x32\...\Redout Enhanced Edition Neptune Pack_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.1.1 - ShareX Team)
Sky Go Download Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\690096451.skygo.sky.it) (Version: - skygo.sky.it)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart-X7 7.80 (HKLM\...\WheelMouse) (Version: - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
SoundSwitch 4.3.6643.23689 (HKLM\...\SoundSwitch_is1) (Version: 4.3.6643.23689 - Antoine Aflalo)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Startup Optimizer 1.6 (HKLM-x32\...\Startup Optimizer_is1) (Version: - Cyberlion Solutions Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE AI Elements 9 (HKLM\...\{E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}) (Version: 9.0.1 - Steinberg Media Technologies GmbH)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 Host (MSI Wrapper) (HKLM-x32\...\{146C4A0D-592D-4D7E-A637-6BC18BA614F8}) (Version: 12.1.6829 - TeamViewer)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Thimbleweed Park (HKLM-x32\...\1325604411_is1) (Version: 1.0.955 - GOG.com)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
TunesKit Spotify Converter 1.2.1.100 (HKLM-x32\...\TunesKit Spotify Converter_is1) (Version: - TunesKit, Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.52 - VSO Software)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WarRock (HKLM-x32\...\Warrock EU) (Version: - )
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {342C16A9-1225-4A48-96C0-6212CDE49072} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-13] ()
Task: {43ECB724-D5A7-43E2-B4AE-EB0B718CEDAF} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {50D67F8C-89B8-415C-83B7-E1159DFDC2BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-01] (AVAST Software)
Task: {52C11248-CFEA-40C6-AE02-C23BB533A609} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {54876FB3-2555-4A3D-A4D2-4C2BD6BC7AEC} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {5A5F73DE-5F06-41B8-985A-8CFB1D002B18} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {5CF391B2-9CD8-45A6-AD15-4098F6ADB9CD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {6083B581-E2C7-497B-A55A-ED50BE8D6E8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-05] (AVAST Software)
Task: {7255F974-1275-4EB5-BDBB-CD9CE21C6267} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8225076B-9A2D-476B-83DD-81FAB6A4C075} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {885BD0A2-A46A-4762-82DA-6F7AEFC07730} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ACA6B3AF-306E-464F-A234-11E19E1F6F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B92FB331-15EC-45A3-BA12-7BB323F6BBFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {C161BAEC-D415-45CC-9167-024E993F966F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {CAFB815E-F7AA-4A1A-A32F-09CDF204E458} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {D6A18C6F-323B-469B-B06B-A9A9FBA57729} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {DB2DCE1D-C1FC-48F9-A4A6-1FE43D01A41F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {E8C62854-E833-47D8-9BB1-2155662F50CC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-07-22 01:02 - 2015-07-22 01:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-30 15:26 - 2013-08-13 20:55 - 001225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-30 15:24 - 2013-07-24 10:16 - 001425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2017-07-12 13:22 - 2017-07-12 13:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 13:22 - 2017-07-12 13:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 001050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 000242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-11-13 14:10 - 2000-01-01 02:00 - 000196608 _____ () C:\Program Files\Mouse\Amoumain.exe
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-06 23:58 - 2018-03-06 23:58 - 000089984 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2011-06-21 11:14 - 2011-06-21 11:14 - 000207872 _____ () C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
2015-07-18 22:00 - 2016-07-31 21:53 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-01 05:36 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-01 14:40 - 2018-04-01 14:40 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18040100\algo.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-30 15:26 - 2013-08-13 20:46 - 002745344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-30 15:24 - 2013-08-08 10:44 - 001139200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-30 15:25 - 2013-06-24 15:59 - 001173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-09-30 15:24 - 2013-06-04 19:41 - 000662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-09-30 15:24 - 2013-07-31 20:05 - 005773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-30 15:24 - 2010-06-21 15:21 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2018-04-01 05:25 - 2018-04-01 05:25 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-09-30 15:09 - 2018-04-01 19:25 - 000027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-10-11 16:38 - 2000-01-01 02:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{66007900-6900-6800-6200-470032003600} [192]
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} [748]
AlternateDataStreams: C:\Users\Peppe:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-23 19:48 - 2018-04-01 06:25 - 000000511 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 mpa.one.microsoft.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spoti15Autostart => "C:\Users\Peppe\Downloads\Spoti15_fix_by_nima158\Release\Spoti15.exe" -autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peppe\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A3A59915-427B-494E-A622-82A59F4DA8BD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{64E16E3D-C230-4491-8D5C-C2A5F9E5056B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F26BE04-A505-4ABF-919D-AD642F27D51B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D81436F-15FB-4143-99C8-DB261813F64B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F1C2A98-ABB7-4575-914B-606C0AA9587C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3087EB8-F16E-45EE-9302-CEC891FC9C29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF88EC1-A8F0-499C-960F-2FFBF618EFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2B4B39B-08A1-4A5B-BCF9-AE941F330A97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{225B4C9A-F34D-4B7B-A6B0-9325D1776C18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63950430-0921-4779-9FA9-053A0E421B51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D72CD56-2E16-4316-AD2F-A85CEBD0E05E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7A7B648F-36AC-4213-A91B-88872A590AB0}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8D46AAEE-D439-48BC-9247-C24EA9E9905B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2F6FDF15-D135-4909-BF3C-5AF866BB97AF}] => (Allow) LPort=4481
FirewallRules: [{FA0DB5FA-25C0-45A7-A522-1D414818A12B}] => (Allow) LPort=4481
FirewallRules: [{A892D951-F776-4DE4-B8B8-61CFF450DAA3}] => (Allow) LPort=4482
FirewallRules: [{BF3E8268-5D92-4949-903D-446E3D373AA1}] => (Allow) LPort=4482
FirewallRules: [{E7E639A6-305A-473B-8384-584BAAFD8912}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D61D3BAC-5ECC-48BA-9F2D-16B24C159237}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B4627E5-3559-4A53-A14F-4808F7263E77}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [UDP Query User{5E6A5FA4-2169-48C2-88B6-749E8DB2395B}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [TCP Query User{55ACBA91-B223-4FD7-8862-793CC72A47FD}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F3A79791-5DA0-49FD-A6A2-1009648B510E}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{51FDE9D4-A93B-4123-8303-1D960759709C}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA910F7A-8C41-4688-B933-4B0F65299C98}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0454318D-3FE4-4FA8-8931-A99D8A27EF22}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8C18AFBE-A306-4DFA-A461-CB98423960B5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{53E59F4A-37F9-47A6-B8AB-F27DDDD4D3C1}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C8F88B47-E566-41EF-B047-5B91C0A2E337}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8C753392-D2C2-461C-8659-2AF2B09319A7}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B47133E7-0EB5-464D-9B7F-BEACFDCBDF4C}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92A2FF91-B16A-415F-B2EF-A654457F5E44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1142F39E-2025-4078-9DAE-5632983F608D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4D8EA730-DC2A-489D-A5F3-5586926F4DEA}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [UDP Query User{7B346264-1CD7-4EEC-9567-6B7F8E228619}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [{FFCAFFFF-EDDF-4F07-A09B-4348A4E258E8}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DE892CE3-1897-4C67-AC36-54BA20D93958}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F93DB709-E6FA-4AAF-8F24-3B47AFEAE821}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1AC1AD2D-B6D5-4137-B489-7E76DA727340}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC1D5F44-B451-4684-8110-D8EF51CD8891}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{FAE21213-D420-44F2-AAFC-24EF77AE3859}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B93C6F4C-8CC5-4E85-84E5-F132F16D1B8F}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{23384FD3-E699-47B1-ACF7-0B0654EBC160}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{34B4986E-8092-4FCB-8DE8-FD0779B4BFFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6907BB7-AD03-4227-86D6-2A45F2BCA1FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F64BB74C-AE97-4D7E-A7D1-A4E501E1803F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7D29240D-05B6-4F27-A5E7-B4896EBFC6C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60F791D7-298A-46BF-8028-D07C47630670}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 07:16:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato.
.
L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente.


Operazione:
Raccolta dei dati del processo di scrittura

Contesto:
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {9746529f-53b9-4f10-aa3b-f0efdd5d2146}

Error: (04/01/2018 02:01:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Cadavers.exe versione 9.5.8.166 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1c50

Ora di avvio: 01d3c9af2e792f65

Ora di chiusura: 3

Percorso applicazione: C:\Users\Peppe\AppData\Local\Cadavers.exe

ID segnalazione: 5437df03-35a4-11e8-97b5-00ac31a303cd

Error: (04/01/2018 12:15:59 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (1964) Tentativo di apertura del file "C:\Users\Peppe\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" per accesso in sola lettura non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (01/01/2000 12:05:59 AM) (Source: TracerX - SoundSwitch) (EventID: 10004) (User: )
Description: 23:05:58.862 <null> SoundSwitch+ Exception while getting release Exception type: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System
StackTrace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Inner Exception type: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
StackTrace:
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Error: (04/01/2018 04:19:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Explorer.EXE versione 6.1.7601.17567 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1390

Ora di avvio: 01d3c95ef8043115

Ora di chiusura: 60000

Percorso applicazione: C:\Windows\Explorer.EXE

ID segnalazione: d4f02294-3552-11e8-af03-00ac31a303cd

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/01/2018 07:31:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Windows Update bloccato in partenza.

Error: (04/01/2018 07:28:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni predefinite del computer non concedono l'autorizzazione di Attivazione Locale per l'applicazione server COM con CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
e APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (04/01/2018 07:28:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0 non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 07:28:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0.

Error: (04/01/2018 07:27:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 07:27:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio aswbIDSAgent.

Error: (04/01/2018 07:27:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
VBoxNetAdp

Error: (04/01/2018 07:26:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Origin Web Helper Service non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.


Windows Defender:
===================================
Date: 2015-04-16 02:37:00.595
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4212;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:39:00.772
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:37:00.653
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 11:17:40.482
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 02:39:01.254
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4424;process:pid:7588;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

CodeIntegrity:
===================================

Date: 2018-04-01 18:37:09.290
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.249
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.094
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.056
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 44%
Total physical RAM: 8130.15 MB
Available physical RAM: 4511.72 MB
Total Virtual: 16258.5 MB
Available Virtual: 11538.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:203.73 GB) NTFS

\\?\Volume{ef14e60e-4896-11e4-992e-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BB9EC00)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Spoiler: Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peppe (administrator) on ADMINISTRATOR (01-04-2018 19:36:23)
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe (Available Profiles: Peppe & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Mouse\Amoumain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
() C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(M-Audio) C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-04-01] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1008832 2018-03-10] (SoundSwitch)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0ab1aa23-1432-11e5-ac98-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0c848b72-d75e-11e7-98ea-00ac31a303cd} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {3ae279b5-f628-11e4-9c0a-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {58ce6838-f2d4-11e7-8e9d-00ac31a303cd} - H:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {9c599feb-1b35-11e5-90f3-10c37b50a90d} - G:\stp-fifa18.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {beab5097-c1bc-11e7-8195-00ac31a303cd} - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {e1a26777-41b7-11e5-aca0-10c37b50a90d} - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {f8d5210f-cc95-11e7-aed9-00ac31a303cd} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-03-31]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-01] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-12-14] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: s1qci7f5.default
FF ProfilePath: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default [2018-04-01]
FF user.js: detected! => C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\s1qci7f5.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF NewTab: Mozilla\Firefox\Profiles\s1qci7f5.default -> about:newtab
FF Extension: (System Table) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Extension: (Avast SafePrice) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\sp@avast.com.xpi [2017-08-15]
FF Extension: (Avast Online Security) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\wrc@avast.com.xpi [2018-02-07]
FF SearchPlugin: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\searchplugins\google-avast.xml [2016-09-17]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-12-22] (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-12-14] (Perfect World Entertainment Inc)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2921988991-613299845-3104574246-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peppe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://ibfhiehdjpogpbdcicjnphklppinghjj/index.html"
CHR Profile: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Presentazioni) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2000-01-01]
CHR Extension: (Google Drive) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-22]
CHR Extension: (Google Search) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Fogli) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2000-01-01]
CHR Extension: (Google Documenti offline) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Speed Dial 3™(APP)) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfhiehdjpogpbdcicjnphklppinghjj [2015-06-11]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speechnotes - Dettatura Notepad) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekipbefdbacebgkjjdgoiofdbhocok [2018-01-13]
CHR Extension: (Gmail) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Teddy Protection Lite) - C:\Users\Peppe\AppData\Roaming\Opera Software\Opera Stable\Extensions\nojkagbjbhgnilkopgljfkhddmdjcjfn [2017-03-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-09] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-12-14] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-04-01] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-04-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-15] ()
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68832 2015-03-30] (Grass Valley K.K.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-20] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MTrack2X2MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe [595032 2016-12-13] (M-Audio)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-25] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-07-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-07-31] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsaudio; C:\Windows\SysWOW64\wsaudio.dll [1072128 2015-07-22] () [File not signed]
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-04-01] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-01] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-01] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-01] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-04-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-01] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-01] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-01] (AVAST Software)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-05] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
S3 maxjoypad; C:\Windows\System32\DRIVERS\maxjoypad.sys [18880 2016-08-05] (Windows (R) Win 7 DDK provider)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2000-01-01] (Intel Corporation)
S3 MTRACK2X2M; C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys [569432 2016-12-13] (M-Audio)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [38432 2017-07-24] (SoftEther Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125520 2015-10-02] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-08-22] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R2 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [270608 2018-01-24] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys AF0AA655323BB0E6288F47C56DBA9FD4
C:\Windows\System32\DRIVERS\atikmpag.sys DE729FB8DD5ED960430E5AC751215FAE
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys A0711D119BA4B48A1470C768D301013E
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\drivers\aswArPot.sys DCD966874B4C8C952662D2D16DDB4D7C
C:\Windows\System32\drivers\aswbidsdrivera.sys A2F689B3E2BEAF05DD6DBE6ED862F781
C:\Windows\System32\drivers\aswbidsha.sys 9CAF76B70650DBF39AD85E6CE885F5B7
C:\Windows\System32\drivers\aswbloga.sys A846D0306A72F8AF5515009D811F344B
C:\Windows\System32\drivers\aswbuniva.sys 6A4C9AEBDBB30D9DF0A6F03BC3B4007B
C:\Windows\System32\drivers\aswHdsKe.sys 385F63137F179F0ED040E3D7899AF149
C:\Windows\System32\drivers\aswHwid.sys 92F25DFDF0C1051B311A7BD980A0E9AE
C:\Windows\System32\drivers\aswMonFlt.sys 6B24EFD741C02480A7AFDD68A334EA4F
C:\Windows\System32\drivers\aswRdr2.sys B9C7752B3D482D8CAEE9848F414164A9
C:\Windows\System32\drivers\aswRvrt.sys 841177ED7A3F4A899E50736FBA7E9AB2
C:\Windows\System32\drivers\aswSnx.sys CC12B6E35CCC5282DEFE3E74A9C7D33D
C:\Windows\System32\drivers\aswSP.sys CD8387672DA9F706481EF9D3F7C32BB2
C:\Windows\System32\drivers\aswStm.sys 95B840B4BEDA5DBCC60D7A5FEF0DAE54
C:\Windows\System32\drivers\aswVmm.sys CA1FC21F1A2D55AE0BB5F6E8FBEA8ECF
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 22710CB9781EF2370610400E689D74B4
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrblock.sys 5A6632F51F643E2EB47F647D82CB242D
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 679FF716052109392D870F6A6C4A3535
C:\Windows\System32\DRIVERS\dtliteusbbus.sys E23FDD696839A4790682CA66C48D3F2F
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 25555186E4FBDF0E30A5DBFC9B9A73F9
C:\Windows\System32\DRIVERS\iaStorF.sys 10E79E366FA255318F5D1D0ED07F947D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys DB612DDA2E9643F8C759E68DAE07F2D4
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 734E92848983F17822B4F71C5F912C6C
C:\Windows\System32\DRIVERS\IntcDAud.sys 9D01DDF5EA8494BBCBB73FF385E35D35
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys A01C412699B6F21645B2885C2BAE4454
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys A1EA5DFDE6C4C3A55C54B50B68BA1EF5
C:\Windows\System32\DRIVERS\iusb3hub.sys 61DB13A14A7F384D21DEADAEE3763BBC
C:\Windows\System32\DRIVERS\iusb3xhc.sys F3A9A90A8B6C5B9DF60D0EA957976E66
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A405647429DE231CD954D93F792CFBA2
C:\Windows\System32\Drivers\ksecpkg.sys E4DC0909B5EACB5BF50F6252095BCFF2
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\maxjoypad.sys 8D57626FC4E8E6F7A3B5E9C8CF5F4099
C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 43E1F4B0EFDC244D2A83995CCD7846F7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 62CEA59FF56B66154E08BD51D87392C2
C:\Windows\System32\DRIVERS\mrxsmb20.sys 7D65B5E9573A26C204AA547457DBF544
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys 4ED04901579644D270C3CE58ACC3B5CA
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisrd.sys 2E7C9CC1DF7F878358C7292D036AFE63
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Neo_0116.sys 3351A92971670764F014A566D1106E2B
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 065F79543D7999EC28B687F87E96B803
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 6D850FAD4CC9498D1F382B77BA4035CC
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 344604E6913BD6E4EAEC34AF2E0943D7
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 61A04C0C084D560BBEF1D09604608262
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWOW64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901t.sys C2535200B274DEC508881F587B7B5F16
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\drivers\CM10864.sys A3FD7E087957D765DF5575EF10AE0E96
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys E1915B4B40F5F36E2FC9E8EBD2696B14
C:\Windows\System32\Drivers\VBoxUSB.sys 62ACAECC82F16F604960BB627860F715
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys FB10E94F07D3F3892779129FDAA8FBAD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vncmirror.sys 93F279A2C172562050700A18FA84BE2E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\drivers\xspltspk.sys 377F3E3467A8BFA3CDC921AD6425D513
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys 27578F40FD3C5EFD43563A266476F466

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 19:36 - 2018-04-01 19:37 - 000049354 _____ C:\Users\Peppe\Desktop\FRST.txt
2018-04-01 19:28 - 2018-04-01 19:28 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-01 19:27 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 19:16 - 2018-04-01 19:19 - 000007660 _____ C:\Users\Peppe\Desktop\Fixlog.txt
2018-04-01 19:13 - 2018-04-01 19:13 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\AMD
2018-04-01 19:10 - 2018-04-01 19:16 - 000000000 ____D C:\Users\Peppe\AppData\Local\AMD
2018-04-01 19:03 - 2018-04-01 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2018-04-01 19:03 - 2018-04-01 19:03 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-04-01 19:03 - 2018-04-01 19:03 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-01 19:01 - 2018-04-01 19:01 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-04-01 19:00 - 2018-04-01 19:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-01 19:00 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-04-01 19:00 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-04-01 18:59 - 2018-04-01 18:59 - 000000000 ____D C:\Users\Peppe\AppData\Local\RadeonInstaller
2018-04-01 18:58 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files\AMD
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\settings
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\DDU Logs
2018-04-01 18:51 - 2018-04-01 18:51 - 000000000 ____D C:\Users\Peppe\Desktop\x64
2018-04-01 18:51 - 2018-02-27 20:36 - 000615936 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.pdb
2018-04-01 18:51 - 2018-01-30 16:23 - 000000893 _____ C:\Users\Peppe\Desktop\Readme.txt
2018-04-01 18:51 - 2017-06-18 14:43 - 000000937 _____ C:\Users\Peppe\Desktop\Issues and solutions.txt
2018-04-01 18:51 - 2015-09-06 13:26 - 000000224 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.exe.config
2018-04-01 18:49 - 2018-04-01 18:52 - 000309986 _____ C:\Windows\ntbtlog.txt
2018-04-01 18:46 - 2018-04-01 18:46 - 051965752 _____ (AMD Inc.) C:\Users\Peppe\Downloads\radeon-crimson-relive-17.7.2-minimalsetup-170727_web.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 004179293 _____ (Lavalys, Inc. ) C:\Users\Peppe\Downloads\everesthome220.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 000001102 _____ C:\Users\Administrator\Desktop\EVEREST Home Edition.lnk
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\Program Files (x86)\Lavalys
2018-04-01 18:34 - 2018-04-01 18:34 - 001100518 _____ C:\Users\Peppe\Downloads\[Guru3D.com]-DDU (1).zip
2018-04-01 17:23 - 2018-04-01 17:23 - 000069011 _____ C:\Users\Peppe\Downloads\Addition.txt
2018-04-01 17:22 - 2018-04-01 19:36 - 000000000 ____D C:\FRST
2018-04-01 17:22 - 2018-04-01 17:23 - 000055091 _____ C:\Users\Peppe\Downloads\FRST.txt
2018-04-01 17:22 - 2018-04-01 17:22 - 002403328 _____ (Farbar) C:\Users\Peppe\Desktop\FRST64.exe
2018-04-01 17:06 - 2018-04-01 17:06 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\adwcleaner_7.0.8.0.exe
2018-04-01 16:57 - 2018-04-01 16:59 - 000000000 ____D C:\Program Files (x86)\Startup Optimizer
2018-04-01 16:57 - 2018-04-01 16:57 - 001147120 _____ (Cyberlion Solutions Inc. ) C:\Users\Peppe\Downloads\StartOpt.exe
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Peppe\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Administrator\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer
2018-04-01 16:48 - 2018-04-01 16:48 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashReportClient
2018-04-01 05:59 - 2018-04-01 12:19 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-01 05:57 - 2018-04-01 14:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-01 05:52 - 2018-04-01 05:56 - 036513656 _____ (Adlice Software ) C:\Users\Peppe\Downloads\RogueKiller_setup (1).exe
2018-04-01 05:50 - 2018-04-01 12:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\36659E07.sys
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\Users\Peppe\Desktop\mbar
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-01 05:49 - 2018-04-01 12:26 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-01 05:49 - 2018-04-01 05:49 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Peppe\Downloads\mbar-1.10.3.1001.exe
2018-04-01 05:48 - 2018-04-01 05:48 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\AdwCleaner.exe
2018-04-01 05:36 - 2018-04-01 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000448512 _____ (OldTimer Tools) C:\Users\Peppe\Downloads\TFC.exe
2018-04-01 05:36 - 2018-04-01 05:36 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-01 05:36 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-01 05:35 - 2018-04-01 05:35 - 071942408 _____ (Malwarebytes ) C:\Users\Peppe\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-01 05:25 - 2018-04-01 05:25 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 04:57 - 2018-04-01 04:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-01 03:13 - 2018-04-01 03:13 - 000000909 ____R C:\Windows\system32\Drivers\etc\hosts.20180401-031326.backup
2018-04-01 02:27 - 2018-04-01 02:45 - 000000000 ____D C:\ProgramData\e1604ea055
2018-04-01 02:27 - 2018-04-01 02:43 - 000000000 ____D C:\Program Files (x86)\hennigan
2018-04-01 02:27 - 2018-04-01 02:27 - 000000012 _____ C:\Windows\b81125234
2018-04-01 02:27 - 2018-04-01 02:27 - 000000000 ___HD C:\Program Files (x86)\testimonial
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2018-04-01 02:00 - 2018-04-01 02:00 - 058809515 _____ C:\Users\Peppe\Downloads\Microsoft Toolkit 2.6.3 Official Torrent.zip
2018-04-01 01:46 - 2018-04-01 01:46 - 000000134 _____ C:\Windows\wininit.ini
2018-04-01 01:44 - 2018-04-01 01:45 - 001797188 _____ C:\Users\Peppe\Downloads\Removewat 2.2.7 pass 123456 (1).rar
2018-04-01 01:10 - 2018-04-01 01:10 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-04-01 00:41 - 2018-04-01 00:41 - 000137728 _____ C:\Windows\inventors.exe
2018-03-31 23:23 - 2018-03-31 23:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-31 23:20 - 2018-03-31 23:20 - 015333512 _____ (Piriform Ltd) C:\Users\Peppe\Downloads\ccsetup541 (1).exe
2018-03-31 22:47 - 2018-03-31 22:52 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Peppe\Downloads\flashplayer29ppau_ha_install.exe
2018-03-31 22:43 - 2018-03-31 22:43 - 000017916 _____ C:\Windows\system32\results.xml
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD.rar
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD (1).rar
2018-03-30 16:05 - 2018-03-31 18:00 - 000000000 ____D C:\Users\Peppe\Desktop\VOD
2018-03-27 03:30 - 2018-03-27 03:30 - 006648319 ____R C:\Users\Peppe\Downloads\Stephen Covey - Le sette abitudini per avere successo.pdf
2018-03-27 03:27 - 2018-03-27 03:28 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\uTorrent
2018-03-27 03:27 - 2018-03-27 03:27 - 000001010 _____ C:\Users\Peppe\Downloads\Stephen R Covey - Le sette regole per avere successo.torrent
2018-03-23 12:28 - 2018-03-23 12:28 - 010269280 _____ C:\Users\Peppe\Desktop\3-Proteine_noanim.pdf
2018-03-18 16:07 - 2018-03-17 21:05 - 000000230 ___SH C:\Users\Public\Libraries.ini
2018-03-18 15:28 - 2018-03-18 15:28 - 032260096 _____ C:\Users\Peppe\Downloads\EpicInstaller-7.5.0-fortnite-c4899f16b6934760a534fe7ec70ae9b2.msi
2018-03-16 20:22 - 2018-03-16 20:22 - 044398486 _____ C:\Users\Peppe\Downloads\V3-Signed_ONE.PIECE.TREASURE.CRUISE_v.8.0.0o.apk
2018-03-16 19:38 - 2018-03-16 19:39 - 085022931 _____ C:\Users\Peppe\Downloads\Monster Legends RPG v6.2.2 FRsigned.apk
2018-03-16 19:32 - 2018-03-16 19:34 - 092931480 _____ C:\Users\Peppe\Downloads\m_l_v.5.0.2_mod_(1).apk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001031 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-15 20:29 - 2018-03-15 20:29 - 020361728 _____ (TeamViewer GmbH) C:\Users\Peppe\Downloads\TeamViewer_Setup.exe
2018-03-15 20:23 - 2018-03-15 20:24 - 020545618 _____ C:\Users\Peppe\Downloads\Summoners War v3.8.0 Mod v3 iHackedit.com.apk
2018-03-15 20:12 - 2018-03-15 20:12 - 000353023 _____ C:\Users\Peppe\Downloads\Office365RoadMap_Features_03-15-2018.xlsx
2018-03-13 03:23 - 2018-03-13 03:23 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Bad Seed SRL
2018-03-07 17:26 - 2018-03-07 17:26 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (3).pdf
2018-03-07 17:25 - 2018-03-07 17:25 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (2).pdf
2018-03-07 17:24 - 2018-03-07 17:24 - 000066208 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento (1).pdf
2018-03-07 15:55 - 2018-03-07 15:56 - 016093512 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.9 Mod iHackedit.com.apk
2018-03-06 22:04 - 2018-03-06 22:04 - 000154837 _____ C:\Users\Peppe\Downloads\ORDINAMENTO VVF.pptx
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Blizzard Entertainment
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\ProgramData\.mono
2018-02-24 02:06 - 2018-02-24 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoloMouse
2018-02-24 02:05 - 2018-02-24 02:06 - 000000000 ____D C:\Program Files\YoloMouse
2018-02-23 12:57 - 2018-02-23 12:56 - 000064521 _____ C:\Users\Peppe\Documents\pratica.ricevuta.pagamento (1).pdf
2018-02-23 12:56 - 2018-02-23 12:56 - 000064521 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (1).pdf
2018-02-23 12:54 - 2018-02-23 12:54 - 000064521 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento.pdf
2018-02-23 12:26 - 2018-02-23 12:26 - 000066197 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento.pdf
2018-02-21 03:52 - 2018-02-21 04:07 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Battlerite
2018-02-21 03:47 - 2018-02-21 03:47 - 000000222 _____ C:\Users\Peppe\Desktop\Battlerite.url
2018-02-19 15:00 - 2018-02-19 15:00 - 025910000 _____ (AMD Inc.) C:\Users\Peppe\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-02-19 03:34 - 2018-02-19 03:34 - 004182688 _____ (Husdawg, LLC) C:\Users\Peppe\Downloads\Detection.exe
2018-02-15 13:41 - 2018-02-15 13:41 - 001010694 _____ C:\Users\Peppe\Downloads\cnvvf per corsi.pdf
2018-02-15 13:40 - 2018-02-15 13:41 - 024742912 _____ C:\Users\Peppe\Downloads\la protezione civile in Italia.ppt
2018-02-13 18:56 - 2018-02-13 21:47 - 000000000 ____D C:\Users\Peppe\Downloads\Kingdom.Come.Deliverance-CODEX
2018-02-13 18:54 - 2018-02-13 18:54 - 000083269 _____ C:\Users\Peppe\Downloads\Kingdom.Come.Deliverance-CODEX.torrent
2018-02-13 13:40 - 2018-02-13 13:40 - 015604789 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.8 Mod v4 iHackedit.com.apk
2018-02-13 13:29 - 2018-02-13 13:29 - 015604794 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.8 Mod v3 iHackedit.com.apk
2018-02-07 21:08 - 2018-04-01 05:25 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-07 21:08 - 2018-04-01 05:24 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-07 21:05 - 2018-02-07 21:05 - 003312000 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Peppe\Downloads\Non confermato 507735.crdownload
2018-02-07 20:17 - 2018-02-07 20:18 - 000000000 ____D C:\Users\Peppe\Downloads\Windows 10 AIO 6in1 x86-x64
2018-02-07 20:16 - 2018-02-07 20:16 - 000969974 _____ C:\Users\Peppe\Downloads\Windows 10 ISO (1).zip
2018-02-07 20:16 - 2018-02-07 20:16 - 000000000 ____D C:\Users\Peppe\Desktop\Windows 10 ISO
2018-02-07 20:11 - 2018-02-21 21:59 - 000000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2018-02-07 20:11 - 2018-02-07 20:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Leadertech
2018-02-05 23:11 - 2018-02-05 23:11 - 002379532 _____ C:\Users\Peppe\Downloads\contratto (1).pdf
2018-02-05 23:11 - 2018-02-05 23:11 - 000528500 _____ C:\Users\Peppe\Downloads\certificato.pdf
2018-02-04 01:47 - 2018-02-04 01:50 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-02-04 01:47 - 2018-02-04 01:47 - 000001622 _____ C:\Users\Peppe\Desktop\Ironsight.lnk
2018-02-04 01:47 - 2018-02-04 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight
2018-02-04 00:33 - 2018-02-04 00:33 - 000000000 ____D C:\AeriaGames
2018-02-04 00:30 - 2018-02-04 00:30 - 000577056 _____ (gamigo AG) C:\Users\Peppe\Downloads\Ironsight_US_downloader.exe
2018-02-01 15:22 - 2018-02-01 15:22 - 002796344 _____ C:\Users\Peppe\Downloads\brick_wall_painted_yellow_01_specular.dds
2018-02-01 14:58 - 2018-02-01 14:58 - 001422106 _____ C:\Users\Peppe\Downloads\PREVENTIVO_PRP0000030874687.pdf
2018-02-01 02:12 - 2018-02-01 02:12 - 011770544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 009574032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000196400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000173216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000143864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 016040912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 013242384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 012359728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 011825664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 001961272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 001555488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000700296 _____ (AMD) C:\Windows\system32\atieclxx.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000536968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2018-02-01 02:11 - 2018-02-01 02:11 - 000475016 _____ (AMD) C:\Windows\system32\atitmm64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000472456 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000470920 _____ C:\Windows\system32\dgtrayicon.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000449416 _____ C:\Windows\system32\GameManager64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000405384 _____ C:\Windows\system32\atieah64.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000342920 _____ C:\Windows\system32\clinfo.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000224136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000197000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000163720 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000139656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 065594248 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 041570184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-02-01 02:10 - 2018-02-01 02:10 - 031553416 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 025145224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 016034696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 015434120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 012924808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 002933128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 002541448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001462664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001237896 _____ (AMD) C:\Windows\system32\coinst_17.50.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000694152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000436616 _____ C:\Windows\system32\amdgfxinfo64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2018-02-01 02:10 - 2018-02-01 02:10 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2018-02-01 02:10 - 2018-02-01 02:10 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2018-02-01 02:10 - 2018-02-01 02:10 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 051029384 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 029519240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 013607304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2018-02-01 02:08 - 2018-02-01 02:08 - 035689864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2018-02-01 01:24 - 2018-02-01 01:24 - 000858720 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-02-01 01:24 - 2018-02-01 01:24 - 000858720 _____ C:\Windows\system32\atiapfxx.blb
2018-02-01 01:18 - 2018-02-01 01:18 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2018-02-01 01:17 - 2018-02-01 01:17 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2018-02-01 01:12 - 2018-02-01 01:12 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-01-31 19:11 - 2018-01-31 19:11 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2018-01-31 19:11 - 2018-01-31 19:11 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-01-30 21:49 - 2018-01-30 21:50 - 015278630 _____ C:\Users\Peppe\Downloads\Fixed-Summoners War v3.7.7 Mod v3 iHackedit.com.apk
2018-01-30 21:49 - 2018-01-30 21:50 - 015278618 _____ C:\Users\Peppe\Downloads\Fixed-Summoners War v3.7.7 Mod v4 iHackedit.com.apk
2018-01-28 17:20 - 2018-01-28 17:44 - 000001908 _____ C:\Windows\diagwrn.xml
2018-01-28 17:20 - 2018-01-28 17:44 - 000001908 _____ C:\Windows\diagerr.xml
2018-01-28 17:20 - 2018-01-28 17:44 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-28 17:04 - 2018-01-28 17:20 - 000000000 ____D C:\ESD
2018-01-28 17:04 - 2018-01-28 17:04 - 000969974 _____ C:\Users\Peppe\Downloads\Windows 10 ISO.zip
2018-01-28 17:02 - 2018-01-28 17:02 - 000000000 ___HD C:\$Windows.~WS
2018-01-28 17:01 - 2018-01-28 17:01 - 018617536 _____ (Microsoft Corporation) C:\Users\Peppe\Downloads\MediaCreationTool.exe
2018-01-24 19:27 - 2018-01-24 19:27 - 005878801 _____ C:\Users\Peppe\Downloads\k-click_rc4.zip
2018-01-23 15:34 - 2018-01-23 15:35 - 007211520 _____ C:\Users\Peppe\Desktop\ECDL_mod_1 - Copia.ppt
2018-01-18 21:21 - 2018-01-18 21:21 - 000075791 _____ C:\Users\Peppe\Downloads\4_5983572648070742670.pdf
2018-01-18 20:49 - 2018-01-18 20:49 - 015477209 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.6 Mod v3 iHackedit.com.apk
2018-01-18 20:49 - 2018-01-18 20:49 - 015477202 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.6 Mod v4 iHackedit.com.apk
2018-01-18 09:17 - 2018-01-18 09:18 - 015908041 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.5 Mod v3 iHackedit.com.apk
2018-01-18 09:17 - 2018-01-18 09:18 - 015908029 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.5 Mod v4 iHackedit.com.apk
2018-01-16 21:43 - 2018-01-16 21:43 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\CDProjektRED
2018-01-14 23:54 - 2018-01-14 23:55 - 000000221 _____ C:\Users\Peppe\Desktop\Trine 2.url
2018-01-14 23:39 - 2018-04-01 00:41 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-01-14 23:39 - 2018-01-14 23:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\GOG.com
2018-01-14 23:38 - 2018-01-14 23:38 - 165087840 _____ (GOG.com ) C:\Users\Peppe\Downloads\setup_gwent_1.2.32.20_it-IT.exe
2018-01-14 23:38 - 2018-01-14 23:38 - 000000064 _____ C:\Users\Peppe\Downloads\gogGalaxy.auth
2018-01-13 16:08 - 2018-01-13 16:08 - 005235316 _____ (ShareX Team ) C:\Users\Peppe\Downloads\ShareX-12.0.0-setup.exe
2018-01-11 13:56 - 2018-01-11 13:56 - 000107628 _____ C:\Users\Peppe\Documents\sintesi_conto_per_isee.pdf
2018-01-11 13:52 - 2018-01-11 13:52 - 000107628 _____ C:\Users\Peppe\Downloads\sintesi_conto_per_isee.pdf
2018-01-08 21:33 - 2018-04-01 19:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Temp
2018-01-08 19:12 - 2018-01-08 19:12 - 000133800 _____ C:\Users\Peppe\Downloads\4_5900101199918531232 (2).pdf
2018-01-07 00:55 - 2018-01-07 00:55 - 000001164 _____ C:\Users\Peppe\Desktop\Nier Automata.lnk
2018-01-07 00:54 - 2018-01-07 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata
2018-01-07 00:22 - 2018-01-07 01:00 - 000000000 ____D C:\Program Files (x86)\Nier Automata
2018-01-07 00:22 - 2018-01-07 00:22 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Terrible Toybox
2018-01-07 00:21 - 2018-01-07 00:21 - 000001729 _____ C:\Users\Public\Desktop\Thimbleweed Park.lnk
2018-01-06 21:51 - 2018-01-06 21:51 - 000000000 ____D C:\Users\Peppe\AppData\Local\FinchGame
2018-01-06 20:56 - 2018-01-06 21:05 - 000000000 ____D C:\Users\Peppe\Downloads\What.Remains.of.Edith.Finch-HI2U
2018-01-06 20:55 - 2018-01-06 20:55 - 000052110 _____ C:\Users\Peppe\Downloads\What.Remains.of.Edith.Finch-HI2U-[rarbg.to].torrent
2018-01-06 20:54 - 2018-01-06 21:11 - 990340556 _____ C:\Users\Peppe\Downloads\thimbleweedpark10955gog.rar
2018-01-06 20:31 - 2018-01-06 23:09 - 131373056 _____ C:\Users\Peppe\Downloads\cpy-nra.iso
2018-01-06 20:15 - 2018-01-08 17:52 - 000000000 ____D C:\Users\Peppe\Documents\MEGAsync Downloads
2018-01-06 20:14 - 2018-01-28 17:10 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2018-01-06 20:14 - 2018-01-06 20:14 - 000000000 ____D C:\Users\Peppe\AppData\Local\Mega Limited
2018-01-06 20:13 - 2018-01-06 20:13 - 014975800 _____ (MEGA Limited) C:\Users\Peppe\Downloads\MEGAsyncSetup.exe
2018-01-06 20:05 - 2018-01-06 20:05 - 000268383 _____ C:\Users\Peppe\Downloads\Quantum.Break.COMPLETE-CODEX.torrent
2018-01-06 19:17 - 2018-01-06 19:17 - 001949447 _____ C:\Users\Peppe\Downloads\The Last of US PC Installer.rar
2018-01-06 19:17 - 2018-01-06 19:17 - 001949447 _____ C:\Users\Peppe\Downloads\The Last of US PC Installer (1).rar
2018-01-03 15:10 - 2018-01-03 15:10 - 000988781 _____ C:\Windows\system32\amdicdxx.dat

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2064-01-01 16:45 - 2017-11-16 16:39 - 000000000 ____D C:\ProgramData\eLicenser
2018-04-01 19:33 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 19:33 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 19:26 - 2015-04-09 23:40 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-01 19:26 - 2014-10-17 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-01 19:25 - 2017-07-11 22:19 - 000000318 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-04-01 19:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 19:20 - 2016-08-05 17:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-01 19:09 - 2009-07-14 06:45 - 005075184 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-01 19:05 - 2014-09-30 15:09 - 000114824 _____ C:\Users\Peppe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-01 19:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-01 18:59 - 2014-09-30 15:38 - 000000000 ____D C:\AMD
2018-04-01 17:21 - 2015-10-01 13:31 - 000000000 ____D C:\Windows\pss
2018-04-01 17:08 - 2015-06-16 16:04 - 000000000 ____D C:\AdwCleaner
2018-04-01 16:23 - 2014-09-30 15:40 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-01 14:54 - 2016-03-22 22:21 - 000000000 ____D C:\Users\Peppe\Documents\ShareX
2018-04-01 14:40 - 2014-09-30 15:57 - 000000000 ____D C:\Users\Peppe\AppData\Local\Adobe
2018-04-01 13:59 - 2017-07-12 00:32 - 000000000 ____D C:\Users\Peppe\AppData\Local\Nox
2018-04-01 12:28 - 2015-01-03 17:22 - 000000000 ____D C:\Users\Peppe\.android
2018-04-01 12:27 - 2017-08-22 13:07 - 000000000 ____D C:\Users\Peppe\.BigNox
2018-04-01 12:27 - 2017-07-12 00:34 - 000000000 ____D C:\Users\Peppe\vmlogs
2018-04-01 06:26 - 2017-08-12 06:38 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2018-04-01 06:25 - 2016-09-16 19:12 - 000000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2018-04-01 06:25 - 2014-11-30 21:39 - 000000000 ____D C:\Program Files (x86)\2eb628ee-7327-4304-bd33-0abb95505b88
2018-04-01 06:25 - 2014-10-01 20:46 - 000000000 ____D C:\Program Files (x86)\Adobe Media Player
2018-04-01 06:06 - 2015-10-23 15:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\TeamViewer
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-01 05:26 - 2017-08-15 08:12 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-01 05:25 - 2014-09-30 16:21 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-04-01 05:24 - 2014-09-30 16:21 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-01 04:56 - 2016-10-04 18:23 - 000472328 _____ C:\Windows\SysWOW64\win32_hlp
2018-04-01 04:52 - 2009-07-14 12:53 - 000744956 _____ C:\Windows\system32\perfh010.dat
2018-04-01 04:52 - 2009-07-14 12:53 - 000148628 _____ C:\Windows\system32\perfc010.dat
2018-04-01 04:52 - 2009-07-14 07:13 - 001671250 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-01 04:15 - 2015-08-09 05:50 - 000707595 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2018-04-01 03:47 - 2014-10-01 13:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-01 03:29 - 2014-10-01 13:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\DAEMON Tools Lite
2018-04-01 03:29 - 2014-09-30 16:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-01 03:28 - 2015-10-16 20:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashDumps
2018-04-01 02:49 - 2015-10-13 02:02 - 000000000 ____D C:\Program Files (x86)\BDO - English Please
2018-04-01 02:42 - 2017-11-15 00:54 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-01 02:27 - 2017-07-10 12:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-01 02:26 - 2014-09-30 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-01 02:18 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-01 02:16 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-01 02:16 - 2009-07-14 04:34 - 000000408 _____ C:\Windows\win.ini
2018-04-01 02:15 - 2009-07-14 13:19 - 000000000 ____D C:\Windows\ShellNew
2018-04-01 02:15 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-01 01:21 - 2016-02-19 20:10 - 000000000 ____D C:\Program Files\Epic Games
2018-04-01 00:55 - 2014-10-01 13:59 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-01 00:53 - 2016-05-30 00:16 - 000000000 ____D C:\Users\Peppe\Desktop\SoundBoard
2018-04-01 00:53 - 2014-10-02 15:03 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\vlc
2018-04-01 00:52 - 2017-09-07 14:50 - 000001001 _____ C:\Users\Public\Desktop\SoundSwitch.lnk
2018-04-01 00:52 - 2014-10-01 13:32 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-01 00:41 - 2017-12-08 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-04-01 00:41 - 2017-09-16 14:22 - 000000000 ____D C:\ProgramData\GOG.com
2018-04-01 00:21 - 2014-10-17 19:37 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TeamViewer
2018-04-01 00:21 - 2014-10-01 13:57 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TS3Client
2018-04-01 00:21 - 2014-10-01 13:32 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\uTorrent
2018-04-01 00:05 - 2015-05-03 13:48 - 000000000 ____D C:\Windows\Minidump
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\Program Files\CCleaner
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\Program Files\ShareX
2018-03-31 22:43 - 2015-12-14 13:29 - 000000000 __SHD C:\Users\Peppe\IntelGraphicsProfiles
2018-03-31 22:36 - 2014-09-30 15:12 - 000000000 ____D C:\Intel
2018-03-30 22:42 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Spotify
2018-03-30 18:27 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Local\Spotify
2018-03-30 04:46 - 2017-07-11 22:19 - 000003302 _____ C:\Windows\System32\Tasks\iToolsDaemon
2018-03-30 04:46 - 2015-12-03 17:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-30 04:46 - 2014-12-25 13:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 04:46 - 2014-10-01 13:32 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 04:46 - 2014-09-30 15:26 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 04:46 - 2014-09-30 15:26 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-30 02:02 - 2017-06-15 22:26 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\discord
2018-03-21 20:44 - 2014-11-22 23:34 - 000000000 ____D C:\Users\Peppe\AppData\Local\ElevatedDiagnostics
2018-03-21 03:13 - 2014-09-30 15:27 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 16:02 - 2017-05-20 03:54 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\EasyAntiCheat
2018-03-18 16:02 - 2016-02-18 15:35 - 000000000 ____D C:\Users\Peppe\AppData\Local\UnrealEngine
2018-03-18 01:58 - 2016-07-16 04:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\YoloMouse
2018-03-17 20:07 - 2017-05-14 15:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Mozilla
2018-03-17 16:20 - 2017-09-07 14:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\Program Files\SoundSwitch
2018-03-17 01:42 - 2014-10-09 20:13 - 000000000 ____D C:\Users\Peppe\AppData\Local\Battle.net
2018-03-17 01:40 - 2014-10-09 20:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-14 19:13 - 2009-07-14 07:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-13 01:25 - 2015-07-18 22:11 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-03-13 01:06 - 2015-01-11 22:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-02 23:30 - 2015-08-04 18:26 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2009-04-03 13:09 - 2009-04-03 13:09 - 000142152 _____ (Microsoft Corporation) C:\Users\Peppe\oarpman.exe
2014-11-30 00:20 - 2014-11-30 00:20 - 000835843 _____ () C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx
2015-07-09 00:35 - 2015-07-09 00:35 - 000000050 _____ () C:\Users\Peppe\AppData\Roaming\Camdata.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamLayout.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamShapes.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000004521 _____ () C:\Users\Peppe\AppData\Roaming\CamStudio.cfg
2015-08-07 19:28 - 2015-08-08 15:48 - 000099384 _____ () C:\Users\Peppe\AppData\Roaming\inst.exe
2015-08-07 19:28 - 2015-08-08 15:48 - 000007859 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.cat
2015-08-07 19:28 - 2015-08-08 15:48 - 000001167 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.inf
2015-08-07 19:28 - 2015-08-08 15:48 - 000000055 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.log
2015-08-07 19:28 - 2015-08-08 15:48 - 000082816 _____ (VSO Software) C:\Users\Peppe\AppData\Roaming\pcouffin.sys
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-10 15:41 - 2014-11-10 15:41 - 000001153 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-30 03:36 - 2014-12-20 16:41 - 000000682 _____ () C:\Users\Peppe\AppData\Roaming\SpeedRunnersLog.txt
2015-08-07 19:27 - 2015-08-08 15:21 - 000001059 _____ () C:\Users\Peppe\AppData\Roaming\vso_ts_preview.xml
2014-11-30 22:27 - 2016-12-27 23:58 - 000000600 _____ () C:\Users\Peppe\AppData\Roaming\winscp.rnd
2018-04-01 19:27 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ () C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ () C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2017-01-25 17:54 - 2017-01-25 22:20 - 000000072 _____ () C:\Users\Peppe\AppData\Local\MamaToGo.txt
2017-08-20 12:43 - 2017-08-20 12:43 - 000000882 _____ () C:\Users\Peppe\AppData\Local\Nox_crash.log
2017-01-25 17:38 - 2017-01-25 22:20 - 000000020 _____ () C:\Users\Peppe\AppData\Local\PapaToGo.txt
2015-04-18 13:35 - 2015-04-18 13:35 - 000000000 _____ () C:\Users\Peppe\AppData\Local\{45FD1050-0D15-4B13-8C02-0B27F8613971}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identificatore {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale it-IT
inherit {globalsettings}
default {current}
resumeobject {3d59d639-489f-11e4-a9d9-d8ff8242313e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 3

Caricatore di avvio di Windows
-------------------
identificatore {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale it-IT
inherit {bootloadersettings}
recoverysequence {3d59d63b-489f-11e4-a9d9-d8ff8242313e}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {3d59d639-489f-11e4-a9d9-d8ff8242313e}
nx OptIn
numproc 4
usefirmwarepcisettings No

Caricatore di avvio di Windows
-------------------
identificatore {3d59d63b-489f-11e4-a9d9-d8ff8242313e}
device ramdisk=[C:]\Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\Winre.wim,{3d59d63c-489f-11e4-a9d9-d8ff8242313e}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\Winre.wim,{3d59d63c-489f-11e4-a9d9-d8ff8242313e}
systemroot \windows
nx OptIn
winpe Yes

Ripresa da modalit� di ibernazione
---------------------
identificatore {3d59d639-489f-11e4-a9d9-d8ff8242313e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale it-IT
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Tester memoria di Windows
---------------------
identificatore {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostica memoria Windows
locale it-IT
inherit {globalsettings}
badmemoryaccess Yes

Impostazioni Servizi di gestione emergenze
------------
identificatore {emssettings}
bootems Yes

Impostazioni debugger
-----------------
identificatore {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Problemi RAM
-----------
identificatore {badmemory}

Impostazioni globali
---------------
identificatore {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Impostazioni caricatore di avvio
-------------------
identificatore {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Impostazioni hypervisor
-------------------
identificatore {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Impostazioni Resume Loader
----------------------
identificatore {resumeloadersettings}
inherit {globalsettings}

Opzioni dispositivo
--------------
identificatore {3d59d63c-489f-11e4-a9d9-d8ff8242313e}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\boot.sdi


LastRegBack: 2018-03-30 17:10

==================== End of FRST.txt ============================

 

[.MaxTechnology]

Spoiler: Shortcut

Users shortcut scan result (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:39:28)
Running from C:\Users\Peppe\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\Administrator\Desktop ()
Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\Administrator\Downloads ()
Shortcut: C:\Users\Administrator\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Administrator\Desktop\EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.exe ()
Shortcut: C:\Users\Administrator\Desktop\Hammerwatch v1.3.lnk -> C:\Games\Hammerwatch v1.3\Hammerwatch.exe ()
Shortcut: C:\Users\Administrator\Desktop\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\Users\Administrator\Desktop\Strife.lnk -> C:\Program Files (x86)\Strife\bin\strife.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files (x86)\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\{31881BD7-13BB-42B0-9D44-B28D35F29C52}\DesktopReminderSetup.lnk -> [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2\Desktop-Reminder 2.lnk
7
C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 7.0.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe (Adobe Systems Incorporated )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk -> C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Device Central CS4\DeviceCentral.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit CS4\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk -> C:\Program Files (x86)\Adobe\Adobe Help Center\ahc.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\Adobe Media Encoder.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\Pixel Bender Toolkit\pixel_bender_toolkit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Mocha\bin\Mocha For After Effects.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk -> C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoloMouse\YoloMouse.lnk -> C:\Program Files\YoloMouse\YoloMouse.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Gamecaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo32.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo32.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Disinstalla ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\LGPL license.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\lgpl-2.1.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Localizza ConvertXToDVD 5.lnk -> C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Installa.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Rimuovi driver (modalità compatibile).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Unità\ Verifica.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Disinstalla Tunngle.lnk -> C:\Program Files (x86)\Tunngle\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Spotify Converter\TunesKit Spotify Converter.lnk -> C:\Program Files (x86)\TunesKit Spotify Converter\SpotifyConverter.exe (TunesKit)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Spotify Converter\Uninstall TunesKit Spotify Converter.lnk -> C:\Program Files (x86)\TunesKit Spotify Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Disinstalla Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Media Burner.lnk -> C:\Program Files (x86)\Total Video Converter\MediaBurner.exe (iTinySoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter sul Web.lnk -> C:\Program Files (x86)\Total Video Converter\tvc.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\tvcshell.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Player.lnk -> C:\Program Files (x86)\Total Video Converter\tvp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team Meat\SuperMeatBoy\Super Meat Boy.lnk -> C:\Program Files (x86)\Team Meat\SuperMeatBoy\SuperMeatBoy.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team Meat\SuperMeatBoy\Uninstall Super Meat Boy.lnk -> C:\Program Files (x86)\Team Meat\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife\Strife.lnk -> C:\Program Files (x86)\Strife\bin\strife.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife\Uninstall.lnk -> C:\Program Files (x86)\Strife\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg\ASIO Generic Lower Latency Driver Setup.lnk -> C:\Program Files\Steinberg\Asio\asioglldsetup.exe (Steinberg Media Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer help.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer on the Web.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer\Uninstall Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\File Shredder.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SDShred.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Tutorial.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\Help\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch\SoundSwitch.lnk -> C:\Program Files\SoundSwitch\SoundSwitch.exe (SoundSwitch)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch\Uninstall SoundSwitch.lnk -> C:\Program Files\SoundSwitch\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Vegas_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Video Capture 6.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Videocapture_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX\Uninstall ShareX.lnk -> C:\Program Files\ShareX\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redout Enhanced Edition Neptune Pack\Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\redout.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redout Enhanced Edition Neptune Pack\Uninstall Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Informazioni su QuickTime.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Arc.lnk -> C:\Program Files (x86)\Arc\ArcLauncher.exe (Perfect World Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Ripara Arc.lnk -> C:\Program Files (x86)\Arc\ArcRepair.exe (Perfect World Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Disinstalla Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Segnalazione errori Origin.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Uninstall Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\WarRock.lnk -> C:\Nexon\Warrock EU\WRLauncher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Light Blends for Windows\Uninstall.lnk -> C:\Program Files (x86)\NewBlue\Light Blends for Windows\Uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero BackItUp [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NeroBackItUp_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Burning ROM [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\NeroBurningRom_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero BurnRights [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroBurnRights_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero ControlCenter [Manuale Italiano].lnk -> C:\Program Files (x86)\Common Files\Nero\Nero Web\NeroControlCenter_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero CoverDesigner [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\NeroCoverDesigner_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero DiscSpeed [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroDiscSpeed_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroDriveSpeed_Ita.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Express [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\NeroExpress_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Home [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero InfoTool [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroInfoTool_Ita.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero MediaHome [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaHome\NeroMediaHome_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero MediaStreaming Plug-in (for MCE) [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaStreaming\NeroMediaStreamingForMCE_ITA.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero PhotoSnap [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\NeroPhotoSnap_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Recode [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Recode\NeroRecode_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero RescueAgent [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero ShowTime [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\NeroShowTime_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero SoundTrax [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero SoundTrax\NeroSoundTrax_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero StartSmart [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart_ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero Vision [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Manuals\Nero WaveEditor [Manuale Italiano].lnk -> C:\Program Files (x86)\Nero\Nero8\Nero WaveEditor\NeroWaveEditor_Ita.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\libmp3splt_doc.lnk -> C:\Program Files (x86)\mp3splt-gtk\libmp3splt_doc (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\mp3splt-gtk.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\mp3splt-gtk_doc.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk_doc (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk\uninstall.lnk -> C:\Program Files (x86)\mp3splt-gtk\mp3splt-gtk_uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Certificato digitale per progetti VBA.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Preferenze di lingua di Microsoft Office 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Strumenti di Microsoft Office 2010\Raccolta multimediale Microsoft.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\M-Audio M-Track 2X2M Control Panel.lnk -> C:\Program Files (x86)\M-Audio\M-Track 2X2M\Panel.exe (M-Audio)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\ReadMe.txt.lnk -> C:\Program Files\M-Audio\M-Track 2X2M\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Gaming Software 8.57.lnk -> C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> C:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition Documentation.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition on the Web.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Home Edition\Uninstall EVEREST Home Edition.lnk -> C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_65\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configura Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Informazioni su iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\it.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight\Ironsight.lnk -> C:\AeriaGames\Ironsight\launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm Public Test\Heroes of the Storm Public Test.lnk -> C:\Program Files (x86)\Heroes of the Storm Public Test\Heroes of the Storm Public Test.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware\Mouse\Disinstallazione di Smart-X7.Lnk -> C:\Program Files\Mouse\Uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware\Mouse\Smart-X7 7.80.Lnk -> C:\Program Files\Mouse\Amoumain.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS 7 Manuals.lnk -> C:\Program Files\Grass Valley\EDIUS 7\Manual ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS 7.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EDIUS.exe (Grass Valley K.K.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\EDIUS System Reporter.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EdiusSystemReporter.exe (Grass Valley K.K.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grass Valley\Serial number registration.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Thimbleweed Park\Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\ThimbleweedPark.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Thimbleweed Park\Uninstall Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\EtG.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Uninstall Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dragon Age II.lnk -> [LF6"pH,R GFSI"xsH'{KBDragon Age II 2011 EA International (Studio and Publishing) Ltd.(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\EA SPORTS™ FIFA 15.lnk -> [LF6"pH,R GFSIě3[{Eo=WEA SPORTS"! FIFA 15(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Enter the Gungeon.lnk -> [LF6"pH,R GFSIŨ`@YEnter the Gungeon(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows - LIVE.lnk -> [LF6"pH,R GFSIC^BC[#BGames for Windows - LIVE(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Disinstalla Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Uninstall Gameforge Live.lnk -> C:\Program Files (x86)\GameforgeLive\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk -> C:\Fraps\uninstall.exe (Beepa Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18\FIFA18.lnk -> C:\Program Files\FIFA18\FIFA18.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18\Uninstall FIFA18.lnk -> C:\Program Files\FIFA18\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Easy Photo Print.lnk -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Read Me\Easy Photo Print.lnk -> C:\Program Files (x86)\Epson Software\Easy Photo Print\DspReadMe.exe (SEIKO EPSON CORPORATION)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus SX100_TX100 Manuale.lnk -> C:\Program Files (x86)\epson\TPMANUAL\ESSX100_TX100\ITA\USE_G\INDEX.HTM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\eLicenser Control Center.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\Documentation\eLicenser Control Release Notes.lnk -> C:\Program Files (x86)\eLicenser\Release Notes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDIUS\EDIUS 6\EDIUS 6.lnk -> C:\Program Files (x86)\Grass Valley\EDIUS 6\EDIUS.exe (Thomson Canopus Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\DeskPins.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\Help.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins\Uninstall.lnk -> C:\Program Files (x86)\DeskPins\uninstall.exe (Elias Fotinis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\BlackBerry Desktop Software.lnk -> C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\Leggimi.lnk -> C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\BlackBerry Desktop Software readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk -> C:\Program Files (x86)\AutoIt3\Examples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk -> C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe (Neil Hodgson neilh@scintilla.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk -> C:\Program Files (x86)\AutoIt3\Extras ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\VBScript Examples.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\ActiveX\VBScript (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe (DsNET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\AI Suite 3.lnk -> C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk -> C:\Program Files\Andy\HandyAndy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings\AMD Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Media Player.lnk -> C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\ExtendScript Toolkit.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##\##ID_STRING17##.lnk -> C:\Program Files\AMD\CIM\BIN64\amdprw.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\Documenti - collegamento.lnk -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
Shortcut: C:\Users\Peppe\Pictures\Desktop.lnk -> C:\Users\Peppe\Desktop ()
Shortcut: C:\Users\Peppe\Music\MacheteMixtvol3\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Peppe\Links\Creative Cloud Files.lnk -> C:\Users\Peppe\Creative Cloud Files ()
Shortcut: C:\Users\Peppe\Links\Desktop.lnk -> C:\Users\Peppe\Desktop ()
Shortcut: C:\Users\Peppe\Links\Downloads.lnk -> C:\Users\Peppe\Downloads ()
Shortcut: C:\Users\Peppe\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Peppe\Documents\Peppe - collegamento (2).lnk -> C:\Users\Peppe ()
Shortcut: C:\Users\Peppe\Documents\Peppe - collegamento.lnk -> C:\Users\Peppe ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_31052832_234@98.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\103805906\98-Hero-1-33840 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_41070007_334@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\101416759\2-Hero-1-673527 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_53286321_196@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\103805906\2-Hero-1-5367862 ()
Shortcut: C:\Users\Peppe\Documents\Heroes of the Storm\T_75935551_165@2.lnk -> C:\Users\Peppe\Documents\Heroes of the Storm\Accounts\431730612\2-Hero-1-8744466 ()
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects 7.0.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe (Adobe Systems Incorporated )
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects CS4.lnk -> C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Peppe\Desktop\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Peppe\Desktop\Championify.lnk -> C:\Users\Peppe\AppData\Local\Championify\championify.exe (Dustin Blackman)
Shortcut: C:\Users\Peppe\Desktop\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\Peppe\Desktop\Cubase LE AI Elements 9.lnk -> C:\Program Files\Steinberg\Cubase LE AI Elements 9\Cubase LE AI Elements 9.exe (Steinberg Media Technologies)
Shortcut: C:\Users\Peppe\Desktop\Ironsight.lnk -> C:\AeriaGames\Ironsight\launcher.exe ()
Shortcut: C:\Users\Peppe\Desktop\Keep Talking and Nobody Explodes.lnk -> C:\Program Files (x86)\Steel Crate Games\Keep Talking and Nobody Explodes\ktane.exe ()
Shortcut: C:\Users\Peppe\Desktop\League of Legends.lnk -> C:\Riot Games\League of Legends\LeagueClient.exe ()
Shortcut: C:\Users\Peppe\Desktop\Multi-Drive.lnk -> C:\Program Files (x86)\Nox\bin\MultiPlayerManager.exe ()
Shortcut: C:\Users\Peppe\Desktop\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Peppe\Desktop\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\Desktop\Open Broadcaster Software.lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\Desktop\Redout Enhanced Edition Neptune Pack.lnk -> C:\Program Files (x86)\Redout Enhanced Edition Neptune Pack\redout.exe ()
Shortcut: C:\Users\Peppe\Desktop\Resolve.lnk -> C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.)
Shortcut: C:\Users\Peppe\Desktop\Riders of Icarus.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe (No File)
Shortcut: C:\Users\Peppe\Desktop\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\Users\Peppe\Desktop\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Peppe\Desktop\Spotify.lnk -> C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Peppe\Desktop\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Peppe\Desktop\Startup Optimizer.lnk -> C:\Program Files (x86)\Startup Optimizer\StartOpt.exe ()
Shortcut: C:\Users\Peppe\Desktop\Total Video Converter.lnk -> C:\Program Files (x86)\Total Video Converter\tvcshell.exe ()
Shortcut: C:\Users\Peppe\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Peppe\Desktop\Vegas Pro 12.0 (64-bit).lnk -> C:\Program Files\Sony\Vegas Pro 12.0\vegas120.exe (Sony Creative Software Inc.)
Shortcut: C:\Users\Peppe\Desktop\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\Desktop\Data\Adobe Photoshop CC 2014\local\modified\@DESKTOP@\Adobe Photoshop CC 2014.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\BioniX Wallpaper Changer.lnk -> C:\BioniX Wallpaper\Bionix Wallpaper.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> C:\Users\Peppe\Desktop\Tor Browser\Browser\firefox.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files (x86)\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Cartella dei dati dell'applicazione.lnk -> C:\Users\Peppe\AppData\Roaming\Steinberg\Cubase LE AI Elements 9_64 ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Cubase LE AI Elements 9.lnk -> C:\Program Files\Steinberg\Cubase LE AI Elements 9\Cubase LE AI Elements 9.exe (Steinberg Media Technologies)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Uninstall Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OWUninstaller.exe (Overwolf Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk -> C:\Program Files\OBS\OBS.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk -> C:\Program Files (x86)\OBS\uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Riders of Icarus.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCDSirReal\Start LCDSirReal.lnk -> C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCDSirReal\Uninstall LCDSirReal.lnk -> C:\Users\Peppe\Documents\LCDSirReal\Uninstall.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Medal of Honor Pacific Assault™.lnk -> [LF6"pH,R GFSI*qG4=h0}. Medal of Honor: Pacific Assault"!(1SPSXFL8C&m]
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dustin Blackman\Championify.lnk -> C:\Users\Peppe\AppData\Local\Championify\championify.exe (Dustin Blackman)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design\DaVinci Resolve\Resolve.lnk -> C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox.lnk -> C:\Program Files (x86)\Nox\bin\Nox.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Nox\Nox_unload.lnk -> C:\Program Files (x86)\Nox\bin\Nox_unload.exe (Duodian Technology Co. Ltd.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk -> C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nier Automata.lnk -> C:\Program Files (x86)\Nier Automata\NieRAutomata.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk -> C:\Program Files (x86)\Total Video Converter\tvp.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paladins.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Paladins\Binaries\Win32\Paladins.exe (No File)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\deb74e6ef302b553\Speed Dial [FVD] - New Tab Page, 3D, Sync.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ()
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -> shell32.dll
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
Shortcut: C:\Users\Peppe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (No File)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\aTube Catcher.lnk -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe (DsNET)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\Users\Public\Desktop\Desktop-Reminder 2.lnk -> C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Polenter - Software Solutions)
Shortcut: C:\Users\Public\Desktop\EDIUS 6.lnk -> C:\Program Files (x86)\Grass Valley\EDIUS 6\EDIUS.exe (Thomson Canopus Co., Ltd.)
Shortcut: C:\Users\Public\Desktop\EDIUS 7.lnk -> C:\Program Files\Grass Valley\EDIUS 7\EDIUS.exe (Grass Valley K.K.)
Shortcut: C:\Users\Public\Desktop\eLicenser Control Center.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH)
Shortcut: C:\Users\Public\Desktop\Enter the Gungeon.lnk -> C:\GOG Games\Enter the Gungeon\EtG.exe ()
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Users\Public\Desktop\FIFA18.lnk -> C:\Program Files\FIFA18\FIFA18.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Public\Desktop\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SoundSwitch.lnk -> C:\Program Files\SoundSwitch\SoundSwitch.exe (SoundSwitch)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\SuperMeatBoy.lnk -> C:\Program Files (x86)\Team Meat\SuperMeatBoy\SuperMeatBoy.exe ()
Shortcut: C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Public\Desktop\TeamViewer 13.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\Thimbleweed Park.lnk -> C:\GOG Games\Thimbleweed Park\ThimbleweedPark.exe ()
Shortcut: C:\Users\Public\Desktop\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\VNC Viewer.lnk -> C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (RealVNC Ltd)
Shortcut: C:\Users\Public\Desktop\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Public\Desktop\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Public\Desktop\XSplit Gamecaster.lnk -> C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)


ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall XSplit Broadcaster.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {19F00CA3-338D-497C-BA31-0507101F2BBB} /L*V "C:\Users\Peppe\AppData\Roaming\SplitmediaLabs\XSplit\xsplit_installer.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall XSplit Gamecaster.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955} /L*V "C:\Users\Peppe\AppData\Roaming\SplitmediaLabs\XSplit Gamecaster\xsplit_patch_uninstall.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset\Trust GXT Gaming Headset.lnk -> C:\Windows\SysWOW64\control.exe (Microsoft Corporation) -> C:\Windows\syswow64\CM108.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset\Uninstall Trust GXT Gaming Headset.lnk -> C:\Windows\System32\Cmeau108.exe () -> /rm /pusb108
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\VNC Server.lnk -> C:\Program Files\RealVNC\VNC Server\vncguihelper.exe (RealVNC Ltd) -> vncserver.exe -_fromGui -start -showstatus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Disinstalla QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Arc\Disinstalla Arc.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe (Perfect World Entertainment) -> -runfromtemp -l0x0410 -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Light Blends for Windows\Manage Activation 64bit.lnk -> C:\Program Files\NewBlue\Light Blends for Windows\ManageActivation64.exe () -> LightBlends64.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero BackItUp.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\BackItUp.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverDes.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65 /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Home.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero MediaHome.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero PhotoSnap Viewer.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero PhotoSnap.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Recode.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Recode\Recode.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero ShowTime.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero SoundTrax.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero SoundTrax\SoundTrax.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero StartSmart.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Vision.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero WaveEditor.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero WaveEditor\waveedit.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\NeroBurnRights.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk -> C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=65 MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero RescueAgent.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk -> C:\Program Files (x86)\Common Files\Nero\Lib\NeroScoutOptions.exe (Nero AG) -> -ScParameter=65
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\M-Track 2X2M\Uninstall M-Audio M-Track 2X2M.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {A1AD4677-B615-4E51-B559-E0145F0FE3A7}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Informazioni su Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rileva aggiornamenti.lnk -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company) -> uninstall=all
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Aggiornamento driver.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_GUPA30.EXE (SEIKO EPSON CORPORATION) -> /P "EPSON SX100 Series" /D C:\Windows\system32\spool\DRIVERS\x64\3\E_IVIFEDE.VIF
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Assistenza tecnica.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\Windows\system32\spool\DRIVERS\x64\3\E_IGEPEDE.DLL,GE_OpenELINK "Stylus SX100"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON SX100 Series\Disinstallazione software stampante EPSON.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_IINSEDE.EXE (SEIKO EPSON CORPORATION) -> /R /APD /P:"EPSON SX100 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser\License Activation.lnk -> C:\Program Files (x86)\eLicenser\eLCC\eLCC.exe (Steinberg Media Technologies GmbH) -> -GuidedActivation
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team) -> "C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\Uninstall AI Suite 3.lnk -> C:\ProgramData\ASUS\AI Suite III\Setup.exe () -> -u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Remote Server Administration Tools.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> rsat_client.chm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##\##ID_STRING18##.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {A97D6752-EC02-4974-2B72-4AFBFBF90B0E}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Peppe\Desktop\Discord.lnk -> C:\Users\Peppe\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Peppe\Desktop\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe (Nero AG) -> -ScParameter=65 /w
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Download Player.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 690096451.skygo.sky.it
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 9\Disinstalla.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) -> -silent
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\Peppe\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Git Shell.lnk -> C:\Users\Peppe\AppData\Local\GitHub\GitHub.appref-ms () -> --open-shell
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (pre invio).lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list


InternetURL: C:\Users\Administrator\Favorites\Benvenuti su MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Administrator\Favorites\Home Page di Microsoft Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Administrator\Favorites\Microsoft Italia.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Administrator\Favorites\Siti Web Microsoft\Internet Explorer - Home.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Administrator\Favorites\Siti Web Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Intrattenimento.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Motori.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Notizie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Administrator\Favorites\MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Administrator\Favorites\Microsoft Websites\Gallery Add-on per IE.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Administrator\Favorites\Links\Raccolta Web Slice.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Administrator\Favorites\Links\Siti suggeriti.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster Release Notes.url -> URL: hxxp://www.xspl.it/bc/relnotes/1.3.1403.1202
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Gamecaster Release Notes.url -> URL: hxxp://www.xspl.it/gc/relnotes/1.9.1409.2308
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle sul Web.url -> URL: hxxp://www.Tunngle.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata\Nier Automata on the Web.url -> URL: hxxp://store.steampowered.com/app/524220
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\넥슨.url -> URL: hxxp://www.nexon.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Documentazione di riferimento.url -> URL: hxxp://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visita Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visualizza la Guida.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Enter the Gungeon\Documents\Support.url -> URL: hxxp://www.gog.com/support/enter_the_gungeon
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live Website.url -> URL: hxxp://gfl.gameforge.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Pagina web di Gameforge Live.url -> URL: hxxp://gfl.gameforge.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher sul Web.url -> URL: hxxp://www.atube.me/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Follow us on marapcana.com.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Follow Us on Twitter.url -> URL: hxxps://twitter.com/marapcana
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Like us On Facebook.url -> URL: hxxps://www.facebook.com/maRAPcana/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\tutta la musica rap che puoi desiderare la trovi qui.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Follow us on marapcana.com.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Follow Us on Twitter.url -> URL: hxxps://twitter.com/marapcana
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\Like us On Facebook.url -> URL: hxxps://www.facebook.com/maRAPcana/
InternetURL: C:\Users\Peppe\Music\Salmo - Hellvisback\Salmo - Hellvisback\tutta la musica rap che puoi desiderare la trovi qui.url -> URL: hxxp://marapcana.com/
InternetURL: C:\Users\Peppe\Music\Fabri_Fibra_-_Squallor\Fabri Fibra - Squallor\ci trovi qui su italianblogbuster.net.url -> URL: hxxp://italianblogbuster.net/
InternetURL: C:\Users\Peppe\Favorites\Benvenuti su MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Peppe\Favorites\Difesa.url -> BASEURL: hxxps://concorsi.difesa.it/Pagine/storico.aspx?rID=1 URL: hxxps://concorsi.difesa.it/Pagine/storico.aspx?rID=1
InternetURL: C:\Users\Peppe\Favorites\Home Page di Microsoft Windows.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Peppe\Favorites\Microsoft Italia.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Peppe\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Peppe\Favorites\Siti Web Microsoft\Internet Explorer - Home.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Peppe\Favorites\Siti Web Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Intrattenimento.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Motori.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Notizie.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Peppe\Favorites\MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Peppe\Favorites\Microsoft Websites\Gallery Add-on per IE.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Peppe\Favorites\Links\Raccolta Web Slice.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Peppe\Favorites\Links\Siti suggeriti.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Peppe\Desktop\Battlerite.url -> URL: steam://rungameid/504370
InternetURL: C:\Users\Peppe\Desktop\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\Users\Peppe\Desktop\Rocket League.url -> URL: steam://rungameid/252950
InternetURL: C:\Users\Peppe\Desktop\Tom Clancy's Ghost Recon Wildlands.url -> URL: steam://rungameid/460930
InternetURL: C:\Users\Peppe\Desktop\Trine 2.url -> URL: steam://rungameid/35720
InternetURL: C:\Users\Peppe\Desktop\x tutti\ProgettoSPDJD.url -> URL: hxxp://progettospdjd1.blogspot.it/
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Battlerite.url -> URL: steam://rungameid/504370
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Black Squad.url -> URL: steam://rungameid/550650
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Chivalry BETA.url -> URL: steam://rungameid/232210
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Rocket League.url -> URL: steam://rungameid/252950
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Tom Clancy's Ghost Recon Wildlands.url -> URL: steam://rungameid/460930
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Trine 2.url -> URL: steam://rungameid/35720
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knudsen Apps\Supporto tecnico Moobot Assistant.url -> BASEURL: hxxp://twitch.moobot.tv/ URL: hxxp://twitch.moobot.tv/
InternetURL: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Supporto tecnico GitHub.url -> BASEURL: hxxps://help.github.com/desktop URL: hxxps://help.github.com/desktop

==================== End of Shortcut.txt =============================

Spoiler: Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peppe (01-04-2018 19:38:03)
Running from C:\Users\Peppe\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-09-30 11:46:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2921988991-613299845-3104574246-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2921988991-613299845-3104574246-501 - Limited - Disabled)
Peppe (S-1-5-21-2921988991-613299845-3104574246-1000 - Administrator - Enabled) => C:\Users\Peppe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1025 - DsNET Corp)
aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioniX Wallpaper Changer v9 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\BioniX Wallpaper Changer v9) (Version: - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canopus Codec Option 6.01 (HKLM-x32\...\{28C515CC-489B-4c02-898E-FE5B790E52FF}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Championify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Championify) (Version: 2.0.4 - Dustin Blackman)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DaVinci Resolve (HKLM\...\{993A1353-910B-41B1-9846-7BD2E15641D5}) (Version: 12.0.1006 - Blackmagic Design)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.118 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.118 - Polenter - Software Solutions)
Discord (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
EDIUS (HKLM\...\{E7CCB338-2A54-4F44-947B-958BD847A5D3}) (Version: 7.50 - Grass Valley K.K.)
EDIUS 6.01 (HKLM-x32\...\{B91A1230-C199-421e-8F63-7235731D925E}) (Version: 6.01 - Thomson Canopus Co., Ltd.)
EDIUS Codec Option 7.50 (HKLM-x32\...\{7E4E5B65-9B8B-4ECE-9C1F-9C96DA0BC620}) (Version: 7.50 - Grass Valley K.K.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.1203 - Steinberg Media Technologies GmbH)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{7A92850A-3660-487C-BE6B-0D054942570B}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX100_TX100 Manuale (HKLM-x32\...\EPSON Stylus SX100_TX100 Guida utente) (Version: - )
EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
GitHub (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.2.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Heroes of the Storm Public Test (HKLM-x32\...\Heroes of the Storm Public Test) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HOTSLogsUploader (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Ironsight version 1 (HKLM-x32\...\Ironsight_is1) (Version: 1 - Aeria Games)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Keep Talking and Nobody Explodes 1.1.4 (HKLM-x32\...\Keep Talking and Nobody Explodes 1.1.4) (Version: 1.1.4 - Steel Crate Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LCDSirReal - a multipurpose plugin for the Logitech G13/G15 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\LCDSirReal) (Version: - Link Data Stockholm)
League of Legends (HKLM-x32\...\{83B763CD-5771-408A-B7C9-6C1A5B161F41}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes versione 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
M-Audio M-Track 2X2M 1.0.6 (HKLM\...\{A1AD4677-B615-4E51-B559-E0145F0FE3A7}) (Version: 1.0.6 - M-Audio)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Mozilla Firefox 56.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 it)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1040}) (Version: 8.3.465 - Nero AG)
Nier Automata (HKLM-x32\...\{0F48043A-5115-42C3-B1B3-958AC3A319CF}_is1) (Version: - Square Enix)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.1.2 - Duodian Technology Co. Ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (HKLM-x32\...\{43509E18-076E-40FE-AF38-CA5ED400A5A9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Redout Enhanced Edition Neptune Pack (HKLM-x32\...\Redout Enhanced Edition Neptune Pack_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.1.1 - ShareX Team)
Sky Go Download Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\690096451.skygo.sky.it) (Version: - skygo.sky.it)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Smart-X7 7.80 (HKLM\...\WheelMouse) (Version: - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
SoundSwitch 4.3.6643.23689 (HKLM\...\SoundSwitch_is1) (Version: 4.3.6643.23689 - Antoine Aflalo)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Startup Optimizer 1.6 (HKLM-x32\...\Startup Optimizer_is1) (Version: - Cyberlion Solutions Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase LE AI Elements 9 (HKLM\...\{E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}) (Version: 9.0.1 - Steinberg Media Technologies GmbH)
Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.10 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 Host (MSI Wrapper) (HKLM-x32\...\{146C4A0D-592D-4D7E-A637-6BC18BA614F8}) (Version: 12.1.6829 - TeamViewer)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Thimbleweed Park (HKLM-x32\...\1325604411_is1) (Version: 1.0.955 - GOG.com)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
TunesKit Spotify Converter 1.2.1.100 (HKLM-x32\...\TunesKit Spotify Converter_is1) (Version: - TunesKit, Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.52 - VSO Software)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WarRock (HKLM-x32\...\Warrock EU) (Version: - )
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
XSplit Broadcaster (HKLM-x32\...\{19F00CA3-338D-497C-BA31-0507101F2BBB}) (Version: 1.3.1403.1202 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2921988991-613299845-3104574246-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-01] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {342C16A9-1225-4A48-96C0-6212CDE49072} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-13] ()
Task: {43ECB724-D5A7-43E2-B4AE-EB0B718CEDAF} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {50D67F8C-89B8-415C-83B7-E1159DFDC2BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-01] (AVAST Software)
Task: {52C11248-CFEA-40C6-AE02-C23BB533A609} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {54876FB3-2555-4A3D-A4D2-4C2BD6BC7AEC} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {5A5F73DE-5F06-41B8-985A-8CFB1D002B18} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {5CF391B2-9CD8-45A6-AD15-4098F6ADB9CD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {6083B581-E2C7-497B-A55A-ED50BE8D6E8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-05] (AVAST Software)
Task: {7255F974-1275-4EB5-BDBB-CD9CE21C6267} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8225076B-9A2D-476B-83DD-81FAB6A4C075} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {885BD0A2-A46A-4762-82DA-6F7AEFC07730} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98A95066-B209-48B6-988E-44735726BF8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {ACA6B3AF-306E-464F-A234-11E19E1F6F68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B92FB331-15EC-45A3-BA12-7BB323F6BBFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {C161BAEC-D415-45CC-9167-024E993F966F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {CAFB815E-F7AA-4A1A-A32F-09CDF204E458} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {D6A18C6F-323B-469B-B06B-A9A9FBA57729} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D8999CE7-4769-4C8B-A28D-F74FF3D0B971} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {DB2DCE1D-C1FC-48F9-A4A6-1FE43D01A41F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {E8C62854-E833-47D8-9BB1-2155662F50CC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {EBCB3D36-20CE-4310-BAF0-A91BA205F967} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-07-22 01:02 - 2015-07-22 01:02 - 000803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-30 15:26 - 2013-08-13 20:55 - 001225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-30 15:24 - 2013-07-24 10:16 - 001425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2017-07-12 13:22 - 2017-07-12 13:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 13:22 - 2017-07-12 13:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 001050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 000059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 000242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-11-13 14:10 - 2000-01-01 02:00 - 000196608 _____ () C:\Program Files\Mouse\Amoumain.exe
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-06 23:58 - 2018-03-06 23:58 - 000089984 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2011-06-21 11:14 - 2011-06-21 11:14 - 000207872 _____ () C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
2015-07-18 22:00 - 2016-07-31 21:53 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-01 05:36 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 03:13 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2016-02-18 15:35 - 2017-09-29 22:40 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-01 14:40 - 2018-04-01 14:40 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18040100\algo.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-30 15:26 - 2013-08-13 20:55 - 000776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-30 15:26 - 2013-08-13 20:46 - 002745344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-30 15:24 - 2013-08-08 10:44 - 001139200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-30 15:25 - 2013-06-24 15:59 - 001173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-09-30 15:24 - 2013-06-04 19:41 - 000662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-30 15:24 - 2013-08-07 19:11 - 000053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-09-30 15:24 - 2013-07-31 20:05 - 005773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-30 15:24 - 2010-06-21 15:21 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2018-04-01 05:25 - 2018-04-01 05:25 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-01 05:24 - 2018-04-01 05:24 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-09-30 15:09 - 2018-04-01 19:25 - 000027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-09-30 15:09 - 2013-05-07 09:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-10-11 16:38 - 2000-01-01 02:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{66007900-6900-6800-6200-470032003600} [192]
AlternateDataStreams: C:\Program Files (x86)\Desktop-Reminder 2:{67005600-3500-4800-7000-70004A006400} [748]
AlternateDataStreams: C:\Users\Peppe:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\Certificato.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Peppe\Documents\DOC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-23 19:48 - 2018-04-01 06:25 - 000000511 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 mpa.one.microsoft.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spoti15Autostart => "C:\Users\Peppe\Downloads\Spoti15_fix_by_nima158\Release\Spoti15.exe" -autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Peppe\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peppe\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A3A59915-427B-494E-A622-82A59F4DA8BD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{64E16E3D-C230-4491-8D5C-C2A5F9E5056B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F26BE04-A505-4ABF-919D-AD642F27D51B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D81436F-15FB-4143-99C8-DB261813F64B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F1C2A98-ABB7-4575-914B-606C0AA9587C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3087EB8-F16E-45EE-9302-CEC891FC9C29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF88EC1-A8F0-499C-960F-2FFBF618EFDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2B4B39B-08A1-4A5B-BCF9-AE941F330A97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{225B4C9A-F34D-4B7B-A6B0-9325D1776C18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63950430-0921-4779-9FA9-053A0E421B51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4D72CD56-2E16-4316-AD2F-A85CEBD0E05E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7A7B648F-36AC-4213-A91B-88872A590AB0}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8D46AAEE-D439-48BC-9247-C24EA9E9905B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2F6FDF15-D135-4909-BF3C-5AF866BB97AF}] => (Allow) LPort=4481
FirewallRules: [{FA0DB5FA-25C0-45A7-A522-1D414818A12B}] => (Allow) LPort=4481
FirewallRules: [{A892D951-F776-4DE4-B8B8-61CFF450DAA3}] => (Allow) LPort=4482
FirewallRules: [{BF3E8268-5D92-4949-903D-446E3D373AA1}] => (Allow) LPort=4482
FirewallRules: [{E7E639A6-305A-473B-8384-584BAAFD8912}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D61D3BAC-5ECC-48BA-9F2D-16B24C159237}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B4627E5-3559-4A53-A14F-4808F7263E77}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [UDP Query User{5E6A5FA4-2169-48C2-88B6-749E8DB2395B}C:\games\hammerwatch v1.3\hammerwatch.exe] => (Allow) C:\games\hammerwatch v1.3\hammerwatch.exe
FirewallRules: [TCP Query User{55ACBA91-B223-4FD7-8862-793CC72A47FD}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F3A79791-5DA0-49FD-A6A2-1009648B510E}C:\users\peppe\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{51FDE9D4-A93B-4123-8303-1D960759709C}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA910F7A-8C41-4688-B933-4B0F65299C98}] => (Block) C:\users\peppe\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0454318D-3FE4-4FA8-8931-A99D8A27EF22}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8C18AFBE-A306-4DFA-A461-CB98423960B5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{53E59F4A-37F9-47A6-B8AB-F27DDDD4D3C1}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C8F88B47-E566-41EF-B047-5B91C0A2E337}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8C753392-D2C2-461C-8659-2AF2B09319A7}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B47133E7-0EB5-464D-9B7F-BEACFDCBDF4C}] => (Allow) C:\Users\Peppe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92A2FF91-B16A-415F-B2EF-A654457F5E44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1142F39E-2025-4078-9DAE-5632983F608D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4D8EA730-DC2A-489D-A5F3-5586926F4DEA}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [UDP Query User{7B346264-1CD7-4EEC-9567-6B7F8E228619}C:\users\peppe\downloads\hko_download_manager.exe] => (Allow) C:\users\peppe\downloads\hko_download_manager.exe
FirewallRules: [{FFCAFFFF-EDDF-4F07-A09B-4348A4E258E8}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DE892CE3-1897-4C67-AC36-54BA20D93958}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F93DB709-E6FA-4AAF-8F24-3B47AFEAE821}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1AC1AD2D-B6D5-4137-B489-7E76DA727340}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{DC1D5F44-B451-4684-8110-D8EF51CD8891}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{FAE21213-D420-44F2-AAFC-24EF77AE3859}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B93C6F4C-8CC5-4E85-84E5-F132F16D1B8F}C:\users\peppe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peppe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{23384FD3-E699-47B1-ACF7-0B0654EBC160}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{34B4986E-8092-4FCB-8DE8-FD0779B4BFFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6907BB7-AD03-4227-86D6-2A45F2BCA1FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F64BB74C-AE97-4D7E-A7D1-A4E501E1803F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7D29240D-05B6-4F27-A5E7-B4896EBFC6C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60F791D7-298A-46BF-8028-D07C47630670}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 07:16:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato.
.
L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente.


Operazione:
Raccolta dei dati del processo di scrittura

Contesto:
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {9746529f-53b9-4f10-aa3b-f0efdd5d2146}

Error: (04/01/2018 02:01:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Cadavers.exe versione 9.5.8.166 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1c50

Ora di avvio: 01d3c9af2e792f65

Ora di chiusura: 3

Percorso applicazione: C:\Users\Peppe\AppData\Local\Cadavers.exe

ID segnalazione: 5437df03-35a4-11e8-97b5-00ac31a303cd

Error: (04/01/2018 12:15:59 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (1964) Tentativo di apertura del file "C:\Users\Peppe\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" per accesso in sola lettura non riuscito con errore di sistema 32 (0x00000020): "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione di apertura file non verrà effettuata con errore -1032 (0xfffffbf8).

Error: (01/01/2000 12:05:59 AM) (Source: TracerX - SoundSwitch) (EventID: 10004) (User: )
Description: 23:05:58.862 <null> SoundSwitch+ Exception while getting release Exception type: System.Net.WebException
Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Source: System
StackTrace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Inner Exception type: System.Security.Authentication.AuthenticationException
Message: The remote certificate is invalid according to the validation procedure.
Source: System
StackTrace:
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

Error: (04/01/2018 04:19:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Explorer.EXE versione 6.1.7601.17567 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1390

Ora di avvio: 01d3c95ef8043115

Ora di chiusura: 60000

Percorso applicazione: C:\Windows\Explorer.EXE

ID segnalazione: d4f02294-3552-11e8-af03-00ac31a303cd

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2018 03:54:23 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/01/2018 07:31:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Windows Update bloccato in partenza.

Error: (04/01/2018 07:28:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni predefinite del computer non concedono l'autorizzazione di Attivazione Locale per l'applicazione server COM con CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
e APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (04/01/2018 07:28:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0 non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 07:28:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0.

Error: (04/01/2018 07:27:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio aswbIDSAgent non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (04/01/2018 07:27:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio aswbIDSAgent.

Error: (04/01/2018 07:27:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
VBoxNetAdp

Error: (04/01/2018 07:26:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Origin Web Helper Service non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.


Windows Defender:
===================================
Date: 2015-04-16 02:37:00.595
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4212;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:39:00.772
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:6432;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 20:37:00.653
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:7536;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 11:17:40.482
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

Date: 2015-04-15 02:39:01.254
Description:
Windows Defender: rilevato spyware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/IeEnablerCby&threatid=207189
Nome:BrowserModifier:Win32/IeEnablerCby
ID:207189
Gravità:Alto
Categoria:Modificatore di browser
Percorso trovato:file:C:\Program Files (x86)\I - Cinema\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.exe;file:C:\Program Files (x86)\TotalPlusHD-3.1V30.11\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.exe;file:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;file:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;file:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;file:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job;process:pid:4424;process:pid:7588;taskscheduler:C:\Windows\System32\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2;taskscheduler:C:\Windows\System32\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2;taskscheduler:C:\Windows\Tasks\12a137b8-f9ad-4e08-85fd-7f50e18b898f-2.job;taskscheduler:C:\Windows\Tasks\3a2eaa25-d3de-4ad1-a29f-9e0869efb2ec-2.job
Tipo rilevamento:Concreta
Origine rilevamento:Sistema
Stato:Sconosciuto
Utente:NT AUTHORITY\SYSTEM
Nome processo:

CodeIntegrity:
===================================

Date: 2018-04-01 18:37:09.290
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.249
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Peppe\AppData\Local\Temp\EverestDriver.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.094
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2018-04-01 18:37:09.056
Description:
Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 44%
Total physical RAM: 8130.15 MB
Available physical RAM: 4511.72 MB
Total Virtual: 16258.5 MB
Available Virtual: 11538.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:203.73 GB) NTFS

\\?\Volume{ef14e60e-4896-11e4-992e-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BB9EC00)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Spoiler: Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peppe (administrator) on ADMINISTRATOR (01-04-2018 19:36:23)
Running from C:\Users\Peppe\Desktop
Loaded Profiles: Peppe (Available Profiles: Peppe & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Mouse\Amoumain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Grass Valley K.K.) C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe
() C:\Users\Peppe\Documents\LCDSirReal\LCDSirReal.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(M-Audio) C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-04-01] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1008832 2018-03-10] (SoundSwitch)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: H - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0ab1aa23-1432-11e5-ac98-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {0c848b72-d75e-11e7-98ea-00ac31a303cd} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {3ae279b5-f628-11e4-9c0a-10c37b50a90d} - E:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {58ce6838-f2d4-11e7-8e9d-00ac31a303cd} - H:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {9c599feb-1b35-11e5-90f3-10c37b50a90d} - G:\stp-fifa18.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {beab5097-c1bc-11e7-8195-00ac31a303cd} - F:\setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {e1a26777-41b7-11e5-aca0-10c37b50a90d} - H:\Setup.exe
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\...\MountPoints2: {f8d5210f-cc95-11e7-aed9-00ac31a303cd} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-03-31]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A7E9B46-9D4A-470E-868B-FAACC9D530F8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5CC126F7-0DC5-4908-B1C9-B26DD7136AFF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AFACDD1F-24EC-44B4-BA1D-2105A6B6490B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EEF4A8DF-F5DE-4E0F-BA02-D84A6A21B012}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2921988991-613299845-3104574246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2921988991-613299845-3104574246-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-01] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-12-14] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: s1qci7f5.default
FF ProfilePath: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default [2018-04-01]
FF user.js: detected! => C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\s1qci7f5.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF NewTab: Mozilla\Firefox\Profiles\s1qci7f5.default -> about:newtab
FF Extension: (System Table) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Extension: (Avast SafePrice) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\sp@avast.com.xpi [2017-08-15]
FF Extension: (Avast Online Security) - C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\Extensions\wrc@avast.com.xpi [2018-02-07]
FF SearchPlugin: C:\Users\Peppe\AppData\Roaming\Mozilla\Firefox\Profiles\s1qci7f5.default\searchplugins\google-avast.xml [2016-09-17]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-12-22] (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-12-14] (Perfect World Entertainment Inc)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2921988991-613299845-3104574246-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peppe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://ibfhiehdjpogpbdcicjnphklppinghjj/index.html"
CHR Profile: C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Presentazioni) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2000-01-01]
CHR Extension: (Google Drive) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-22]
CHR Extension: (Google Search) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Fogli) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2000-01-01]
CHR Extension: (Google Documenti offline) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Speed Dial 3™(APP)) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfhiehdjpogpbdcicjnphklppinghjj [2015-06-11]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speechnotes - Dettatura Notepad) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\opekipbefdbacebgkjjdgoiofdbhocok [2018-01-13]
CHR Extension: (Gmail) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Peppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Teddy Protection Lite) - C:\Users\Peppe\AppData\Roaming\Opera Software\Opera Stable\Extensions\nojkagbjbhgnilkopgljfkhddmdjcjfn [2017-03-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-09] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-12-14] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-04-01] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-04-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-15] ()
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)
R2 GVDownloadAgentService; C:\Program Files\Grass Valley\EDIUS 7\GV DownloadAgent\GVDownloadAgent.exe [68832 2015-03-30] (Grass Valley K.K.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-20] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MTrack2X2MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 2X2M\AudioDevMon.exe [595032 2016-12-13] (M-Audio)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-25] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-07-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-07-31] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsaudio; C:\Windows\SysWOW64\wsaudio.dll [1072128 2015-07-22] () [File not signed]
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-04-01] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-01] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-01] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-01] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-01] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-04-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-01] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-01] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-01] (AVAST Software)
R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-05] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
S3 maxjoypad; C:\Windows\System32\DRIVERS\maxjoypad.sys [18880 2016-08-05] (Windows (R) Win 7 DDK provider)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-01] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2000-01-01] (Intel Corporation)
S3 MTRACK2X2M; C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys [569432 2016-12-13] (M-Audio)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [38432 2017-07-24] (SoftEther Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125520 2015-10-02] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-08-22] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R2 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [270608 2018-01-24] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys AF0AA655323BB0E6288F47C56DBA9FD4
C:\Windows\System32\DRIVERS\atikmpag.sys DE729FB8DD5ED960430E5AC751215FAE
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys A0711D119BA4B48A1470C768D301013E
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\drivers\aswArPot.sys DCD966874B4C8C952662D2D16DDB4D7C
C:\Windows\System32\drivers\aswbidsdrivera.sys A2F689B3E2BEAF05DD6DBE6ED862F781
C:\Windows\System32\drivers\aswbidsha.sys 9CAF76B70650DBF39AD85E6CE885F5B7
C:\Windows\System32\drivers\aswbloga.sys A846D0306A72F8AF5515009D811F344B
C:\Windows\System32\drivers\aswbuniva.sys 6A4C9AEBDBB30D9DF0A6F03BC3B4007B
C:\Windows\System32\drivers\aswHdsKe.sys 385F63137F179F0ED040E3D7899AF149
C:\Windows\System32\drivers\aswHwid.sys 92F25DFDF0C1051B311A7BD980A0E9AE
C:\Windows\System32\drivers\aswMonFlt.sys 6B24EFD741C02480A7AFDD68A334EA4F
C:\Windows\System32\drivers\aswRdr2.sys B9C7752B3D482D8CAEE9848F414164A9
C:\Windows\System32\drivers\aswRvrt.sys 841177ED7A3F4A899E50736FBA7E9AB2
C:\Windows\System32\drivers\aswSnx.sys CC12B6E35CCC5282DEFE3E74A9C7D33D
C:\Windows\System32\drivers\aswSP.sys CD8387672DA9F706481EF9D3F7C32BB2
C:\Windows\System32\drivers\aswStm.sys 95B840B4BEDA5DBCC60D7A5FEF0DAE54
C:\Windows\System32\drivers\aswVmm.sys CA1FC21F1A2D55AE0BB5F6E8FBEA8ECF
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 22710CB9781EF2370610400E689D74B4
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrblock.sys 5A6632F51F643E2EB47F647D82CB242D
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 679FF716052109392D870F6A6C4A3535
C:\Windows\System32\DRIVERS\dtliteusbbus.sys E23FDD696839A4790682CA66C48D3F2F
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 25555186E4FBDF0E30A5DBFC9B9A73F9
C:\Windows\System32\DRIVERS\iaStorF.sys 10E79E366FA255318F5D1D0ED07F947D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys DB612DDA2E9643F8C759E68DAE07F2D4
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 734E92848983F17822B4F71C5F912C6C
C:\Windows\System32\DRIVERS\IntcDAud.sys 9D01DDF5EA8494BBCBB73FF385E35D35
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys A01C412699B6F21645B2885C2BAE4454
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys A1EA5DFDE6C4C3A55C54B50B68BA1EF5
C:\Windows\System32\DRIVERS\iusb3hub.sys 61DB13A14A7F384D21DEADAEE3763BBC
C:\Windows\System32\DRIVERS\iusb3xhc.sys F3A9A90A8B6C5B9DF60D0EA957976E66
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A405647429DE231CD954D93F792CFBA2
C:\Windows\System32\Drivers\ksecpkg.sys E4DC0909B5EACB5BF50F6252095BCFF2
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\maxjoypad.sys 8D57626FC4E8E6F7A3B5E9C8CF5F4099
C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 43E1F4B0EFDC244D2A83995CCD7846F7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 62CEA59FF56B66154E08BD51D87392C2
C:\Windows\System32\DRIVERS\mrxsmb20.sys 7D65B5E9573A26C204AA547457DBF544
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MAudioMTrack2X2M.sys 4ED04901579644D270C3CE58ACC3B5CA
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisrd.sys 2E7C9CC1DF7F878358C7292D036AFE63
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Neo_0116.sys 3351A92971670764F014A566D1106E2B
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 065F79543D7999EC28B687F87E96B803
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 6D850FAD4CC9498D1F382B77BA4035CC
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 344604E6913BD6E4EAEC34AF2E0943D7
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 61A04C0C084D560BBEF1D09604608262
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWOW64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901t.sys C2535200B274DEC508881F587B7B5F16
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\drivers\CM10864.sys A3FD7E087957D765DF5575EF10AE0E96
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys E1915B4B40F5F36E2FC9E8EBD2696B14
C:\Windows\System32\Drivers\VBoxUSB.sys 62ACAECC82F16F604960BB627860F715
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys FB10E94F07D3F3892779129FDAA8FBAD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vncmirror.sys 93F279A2C172562050700A18FA84BE2E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\drivers\xspltspk.sys 377F3E3467A8BFA3CDC921AD6425D513
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys 27578F40FD3C5EFD43563A266476F466

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 19:36 - 2018-04-01 19:37 - 000049354 _____ C:\Users\Peppe\Desktop\FRST.txt
2018-04-01 19:28 - 2018-04-01 19:28 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-01 19:27 - 2018-04-01 00:41 - 000137728 _____ C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 19:16 - 2018-04-01 19:19 - 000007660 _____ C:\Users\Peppe\Desktop\Fixlog.txt
2018-04-01 19:13 - 2018-04-01 19:13 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\AMD
2018-04-01 19:10 - 2018-04-01 19:16 - 000000000 ____D C:\Users\Peppe\AppData\Local\AMD
2018-04-01 19:03 - 2018-04-01 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\##ID_STRING16##
2018-04-01 19:03 - 2018-04-01 19:03 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-04-01 19:03 - 2018-04-01 19:03 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-04-01 19:03 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-01 19:01 - 2018-04-01 19:01 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-04-01 19:00 - 2018-04-01 19:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-01 19:00 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-04-01 19:00 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-04-01 19:00 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-04-01 18:59 - 2018-04-01 18:59 - 000000000 ____D C:\Users\Peppe\AppData\Local\RadeonInstaller
2018-04-01 18:58 - 2018-04-01 19:03 - 000000000 ____D C:\Program Files\AMD
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\settings
2018-04-01 18:51 - 2018-04-01 18:52 - 000000000 ____D C:\Users\Peppe\Desktop\DDU Logs
2018-04-01 18:51 - 2018-04-01 18:51 - 000000000 ____D C:\Users\Peppe\Desktop\x64
2018-04-01 18:51 - 2018-02-27 20:36 - 000615936 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.pdb
2018-04-01 18:51 - 2018-01-30 16:23 - 000000893 _____ C:\Users\Peppe\Desktop\Readme.txt
2018-04-01 18:51 - 2017-06-18 14:43 - 000000937 _____ C:\Users\Peppe\Desktop\Issues and solutions.txt
2018-04-01 18:51 - 2015-09-06 13:26 - 000000224 _____ C:\Users\Peppe\Desktop\Display Driver Uninstaller.exe.config
2018-04-01 18:49 - 2018-04-01 18:52 - 000309986 _____ C:\Windows\ntbtlog.txt
2018-04-01 18:46 - 2018-04-01 18:46 - 051965752 _____ (AMD Inc.) C:\Users\Peppe\Downloads\radeon-crimson-relive-17.7.2-minimalsetup-170727_web.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 004179293 _____ (Lavalys, Inc. ) C:\Users\Peppe\Downloads\everesthome220.exe
2018-04-01 18:36 - 2018-04-01 18:36 - 000001102 _____ C:\Users\Administrator\Desktop\EVEREST Home Edition.lnk
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2018-04-01 18:36 - 2018-04-01 18:36 - 000000000 ____D C:\Program Files (x86)\Lavalys
2018-04-01 18:34 - 2018-04-01 18:34 - 001100518 _____ C:\Users\Peppe\Downloads\[Guru3D.com]-DDU (1).zip
2018-04-01 17:23 - 2018-04-01 17:23 - 000069011 _____ C:\Users\Peppe\Downloads\Addition.txt
2018-04-01 17:22 - 2018-04-01 19:36 - 000000000 ____D C:\FRST
2018-04-01 17:22 - 2018-04-01 17:23 - 000055091 _____ C:\Users\Peppe\Downloads\FRST.txt
2018-04-01 17:22 - 2018-04-01 17:22 - 002403328 _____ (Farbar) C:\Users\Peppe\Desktop\FRST64.exe
2018-04-01 17:06 - 2018-04-01 17:06 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\adwcleaner_7.0.8.0.exe
2018-04-01 16:57 - 2018-04-01 16:59 - 000000000 ____D C:\Program Files (x86)\Startup Optimizer
2018-04-01 16:57 - 2018-04-01 16:57 - 001147120 _____ (Cyberlion Solutions Inc. ) C:\Users\Peppe\Downloads\StartOpt.exe
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Peppe\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000988 _____ C:\Users\Administrator\Desktop\Startup Optimizer.lnk
2018-04-01 16:57 - 2018-04-01 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer
2018-04-01 16:48 - 2018-04-01 16:48 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashReportClient
2018-04-01 05:59 - 2018-04-01 12:19 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-01 05:57 - 2018-04-01 14:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-01 05:56 - 2018-04-01 05:56 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-01 05:52 - 2018-04-01 05:56 - 036513656 _____ (Adlice Software ) C:\Users\Peppe\Downloads\RogueKiller_setup (1).exe
2018-04-01 05:50 - 2018-04-01 12:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\36659E07.sys
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\Users\Peppe\Desktop\mbar
2018-04-01 05:49 - 2018-04-01 13:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-01 05:49 - 2018-04-01 12:26 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-01 05:49 - 2018-04-01 05:49 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Peppe\Downloads\mbar-1.10.3.1001.exe
2018-04-01 05:48 - 2018-04-01 05:48 - 008222496 _____ (Malwarebytes) C:\Users\Peppe\Downloads\AdwCleaner.exe
2018-04-01 05:36 - 2018-04-01 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000448512 _____ (OldTimer Tools) C:\Users\Peppe\Downloads\TFC.exe
2018-04-01 05:36 - 2018-04-01 05:36 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-01 05:36 - 2018-04-01 05:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-01 05:36 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-01 05:35 - 2018-04-01 05:35 - 071942408 _____ (Malwarebytes ) C:\Users\Peppe\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-01 05:25 - 2018-04-01 05:25 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 04:57 - 2018-04-01 04:57 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-01 03:13 - 2018-04-01 03:13 - 000000909 ____R C:\Windows\system32\Drivers\etc\hosts.20180401-031326.backup
2018-04-01 02:27 - 2018-04-01 02:45 - 000000000 ____D C:\ProgramData\e1604ea055
2018-04-01 02:27 - 2018-04-01 02:43 - 000000000 ____D C:\Program Files (x86)\hennigan
2018-04-01 02:27 - 2018-04-01 02:27 - 000000012 _____ C:\Windows\b81125234
2018-04-01 02:27 - 2018-04-01 02:27 - 000000000 ___HD C:\Program Files (x86)\testimonial
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2018-04-01 02:00 - 2018-04-01 02:00 - 058809515 _____ C:\Users\Peppe\Downloads\Microsoft Toolkit 2.6.3 Official Torrent.zip
2018-04-01 01:46 - 2018-04-01 01:46 - 000000134 _____ C:\Windows\wininit.ini
2018-04-01 01:44 - 2018-04-01 01:45 - 001797188 _____ C:\Users\Peppe\Downloads\Removewat 2.2.7 pass 123456 (1).rar
2018-04-01 01:10 - 2018-04-01 01:10 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-04-01 00:41 - 2018-04-01 00:41 - 000137728 _____ C:\Windows\inventors.exe
2018-03-31 23:23 - 2018-03-31 23:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-31 23:20 - 2018-03-31 23:20 - 015333512 _____ (Piriform Ltd) C:\Users\Peppe\Downloads\ccsetup541 (1).exe
2018-03-31 22:47 - 2018-03-31 22:52 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Peppe\Downloads\flashplayer29ppau_ha_install.exe
2018-03-31 22:43 - 2018-03-31 22:43 - 000017916 _____ C:\Windows\system32\results.xml
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD.rar
2018-03-31 17:59 - 2018-03-31 17:59 - 037780649 _____ C:\Users\Peppe\Downloads\phoenix-reveal-by-LMD (1).rar
2018-03-30 16:05 - 2018-03-31 18:00 - 000000000 ____D C:\Users\Peppe\Desktop\VOD
2018-03-27 03:30 - 2018-03-27 03:30 - 006648319 ____R C:\Users\Peppe\Downloads\Stephen Covey - Le sette abitudini per avere successo.pdf
2018-03-27 03:27 - 2018-03-27 03:28 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\uTorrent
2018-03-27 03:27 - 2018-03-27 03:27 - 000001010 _____ C:\Users\Peppe\Downloads\Stephen R Covey - Le sette regole per avere successo.torrent
2018-03-23 12:28 - 2018-03-23 12:28 - 010269280 _____ C:\Users\Peppe\Desktop\3-Proteine_noanim.pdf
2018-03-18 16:07 - 2018-03-17 21:05 - 000000230 ___SH C:\Users\Public\Libraries.ini
2018-03-18 15:28 - 2018-03-18 15:28 - 032260096 _____ C:\Users\Peppe\Downloads\EpicInstaller-7.5.0-fortnite-c4899f16b6934760a534fe7ec70ae9b2.msi
2018-03-16 20:22 - 2018-03-16 20:22 - 044398486 _____ C:\Users\Peppe\Downloads\V3-Signed_ONE.PIECE.TREASURE.CRUISE_v.8.0.0o.apk
2018-03-16 19:38 - 2018-03-16 19:39 - 085022931 _____ C:\Users\Peppe\Downloads\Monster Legends RPG v6.2.2 FRsigned.apk
2018-03-16 19:32 - 2018-03-16 19:34 - 092931480 _____ C:\Users\Peppe\Downloads\m_l_v.5.0.2_mod_(1).apk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-15 20:30 - 2018-03-15 20:30 - 000001031 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-15 20:29 - 2018-03-15 20:29 - 020361728 _____ (TeamViewer GmbH) C:\Users\Peppe\Downloads\TeamViewer_Setup.exe
2018-03-15 20:23 - 2018-03-15 20:24 - 020545618 _____ C:\Users\Peppe\Downloads\Summoners War v3.8.0 Mod v3 iHackedit.com.apk
2018-03-15 20:12 - 2018-03-15 20:12 - 000353023 _____ C:\Users\Peppe\Downloads\Office365RoadMap_Features_03-15-2018.xlsx
2018-03-13 03:23 - 2018-03-13 03:23 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Bad Seed SRL
2018-03-07 17:26 - 2018-03-07 17:26 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (3).pdf
2018-03-07 17:25 - 2018-03-07 17:25 - 000064523 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (2).pdf
2018-03-07 17:24 - 2018-03-07 17:24 - 000066208 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento (1).pdf
2018-03-07 15:55 - 2018-03-07 15:56 - 016093512 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.9 Mod iHackedit.com.apk
2018-03-06 22:04 - 2018-03-06 22:04 - 000154837 _____ C:\Users\Peppe\Downloads\ORDINAMENTO VVF.pptx
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Blizzard Entertainment
2018-03-04 17:06 - 2018-03-04 17:06 - 000000000 ____D C:\ProgramData\.mono
2018-02-24 02:06 - 2018-02-24 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoloMouse
2018-02-24 02:05 - 2018-02-24 02:06 - 000000000 ____D C:\Program Files\YoloMouse
2018-02-23 12:57 - 2018-02-23 12:56 - 000064521 _____ C:\Users\Peppe\Documents\pratica.ricevuta.pagamento (1).pdf
2018-02-23 12:56 - 2018-02-23 12:56 - 000064521 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento (1).pdf
2018-02-23 12:54 - 2018-02-23 12:54 - 000064521 _____ C:\Users\Peppe\Downloads\pratica.ricevuta.pagamento.pdf
2018-02-23 12:26 - 2018-02-23 12:26 - 000066197 _____ C:\Users\Peppe\Downloads\stampa.bollettino.pagamento.pdf
2018-02-21 03:52 - 2018-02-21 04:07 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Battlerite
2018-02-21 03:47 - 2018-02-21 03:47 - 000000222 _____ C:\Users\Peppe\Desktop\Battlerite.url
2018-02-19 15:00 - 2018-02-19 15:00 - 025910000 _____ (AMD Inc.) C:\Users\Peppe\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-02-19 03:34 - 2018-02-19 03:34 - 004182688 _____ (Husdawg, LLC) C:\Users\Peppe\Downloads\Detection.exe
2018-02-15 13:41 - 2018-02-15 13:41 - 001010694 _____ C:\Users\Peppe\Downloads\cnvvf per corsi.pdf
2018-02-15 13:40 - 2018-02-15 13:41 - 024742912 _____ C:\Users\Peppe\Downloads\la protezione civile in Italia.ppt
2018-02-13 18:56 - 2018-02-13 21:47 - 000000000 ____D C:\Users\Peppe\Downloads\Kingdom.Come.Deliverance-CODEX
2018-02-13 18:54 - 2018-02-13 18:54 - 000083269 _____ C:\Users\Peppe\Downloads\Kingdom.Come.Deliverance-CODEX.torrent
2018-02-13 13:40 - 2018-02-13 13:40 - 015604789 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.8 Mod v4 iHackedit.com.apk
2018-02-13 13:29 - 2018-02-13 13:29 - 015604794 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.8 Mod v3 iHackedit.com.apk
2018-02-07 21:08 - 2018-04-01 05:25 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-07 21:08 - 2018-04-01 05:24 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-07 21:05 - 2018-02-07 21:05 - 003312000 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Peppe\Downloads\Non confermato 507735.crdownload
2018-02-07 20:17 - 2018-02-07 20:18 - 000000000 ____D C:\Users\Peppe\Downloads\Windows 10 AIO 6in1 x86-x64
2018-02-07 20:16 - 2018-02-07 20:16 - 000969974 _____ C:\Users\Peppe\Downloads\Windows 10 ISO (1).zip
2018-02-07 20:16 - 2018-02-07 20:16 - 000000000 ____D C:\Users\Peppe\Desktop\Windows 10 ISO
2018-02-07 20:11 - 2018-02-21 21:59 - 000000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2018-02-07 20:11 - 2018-02-07 20:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Leadertech
2018-02-05 23:11 - 2018-02-05 23:11 - 002379532 _____ C:\Users\Peppe\Downloads\contratto (1).pdf
2018-02-05 23:11 - 2018-02-05 23:11 - 000528500 _____ C:\Users\Peppe\Downloads\certificato.pdf
2018-02-04 01:47 - 2018-02-04 01:50 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-02-04 01:47 - 2018-02-04 01:47 - 000001622 _____ C:\Users\Peppe\Desktop\Ironsight.lnk
2018-02-04 01:47 - 2018-02-04 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ironsight
2018-02-04 00:33 - 2018-02-04 00:33 - 000000000 ____D C:\AeriaGames
2018-02-04 00:30 - 2018-02-04 00:30 - 000577056 _____ (gamigo AG) C:\Users\Peppe\Downloads\Ironsight_US_downloader.exe
2018-02-01 15:22 - 2018-02-01 15:22 - 002796344 _____ C:\Users\Peppe\Downloads\brick_wall_painted_yellow_01_specular.dds
2018-02-01 14:58 - 2018-02-01 14:58 - 001422106 _____ C:\Users\Peppe\Downloads\PREVENTIVO_PRP0000030874687.pdf
2018-02-01 02:12 - 2018-02-01 02:12 - 011770544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 009574032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000196400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000173216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000143864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-02-01 02:12 - 2018-02-01 02:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 016040912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 013242384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 012359728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 011825664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 001961272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 001555488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000700296 _____ (AMD) C:\Windows\system32\atieclxx.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000536968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2018-02-01 02:11 - 2018-02-01 02:11 - 000475016 _____ (AMD) C:\Windows\system32\atitmm64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000472456 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000470920 _____ C:\Windows\system32\dgtrayicon.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000449416 _____ C:\Windows\system32\GameManager64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000405384 _____ C:\Windows\system32\atieah64.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000342920 _____ C:\Windows\system32\clinfo.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2018-02-01 02:11 - 2018-02-01 02:11 - 000224136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000197000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000163720 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000139656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2018-02-01 02:11 - 2018-02-01 02:11 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 065594248 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 041570184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-02-01 02:10 - 2018-02-01 02:10 - 031553416 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 025145224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 016034696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 015434120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 012924808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 002933128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 002541448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001462664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001237896 _____ (AMD) C:\Windows\system32\coinst_17.50.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000694152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000436616 _____ C:\Windows\system32\amdgfxinfo64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2018-02-01 02:10 - 2018-02-01 02:10 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2018-02-01 02:10 - 2018-02-01 02:10 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2018-02-01 02:10 - 2018-02-01 02:10 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2018-02-01 02:10 - 2018-02-01 02:10 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 051029384 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 029519240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 013607304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2018-02-01 02:09 - 2018-02-01 02:09 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2018-02-01 02:08 - 2018-02-01 02:08 - 035689864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2018-02-01 01:24 - 2018-02-01 01:24 - 000858720 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-02-01 01:24 - 2018-02-01 01:24 - 000858720 _____ C:\Windows\system32\atiapfxx.blb
2018-02-01 01:18 - 2018-02-01 01:18 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2018-02-01 01:17 - 2018-02-01 01:17 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2018-02-01 01:17 - 2018-02-01 01:17 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2018-02-01 01:12 - 2018-02-01 01:12 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-01-31 19:11 - 2018-01-31 19:11 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2018-01-31 19:11 - 2018-01-31 19:11 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-01-30 21:49 - 2018-01-30 21:50 - 015278630 _____ C:\Users\Peppe\Downloads\Fixed-Summoners War v3.7.7 Mod v3 iHackedit.com.apk
2018-01-30 21:49 - 2018-01-30 21:50 - 015278618 _____ C:\Users\Peppe\Downloads\Fixed-Summoners War v3.7.7 Mod v4 iHackedit.com.apk
2018-01-28 17:20 - 2018-01-28 17:44 - 000001908 _____ C:\Windows\diagwrn.xml
2018-01-28 17:20 - 2018-01-28 17:44 - 000001908 _____ C:\Windows\diagerr.xml
2018-01-28 17:20 - 2018-01-28 17:44 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-28 17:04 - 2018-01-28 17:20 - 000000000 ____D C:\ESD
2018-01-28 17:04 - 2018-01-28 17:04 - 000969974 _____ C:\Users\Peppe\Downloads\Windows 10 ISO.zip
2018-01-28 17:02 - 2018-01-28 17:02 - 000000000 ___HD C:\$Windows.~WS
2018-01-28 17:01 - 2018-01-28 17:01 - 018617536 _____ (Microsoft Corporation) C:\Users\Peppe\Downloads\MediaCreationTool.exe
2018-01-24 19:27 - 2018-01-24 19:27 - 005878801 _____ C:\Users\Peppe\Downloads\k-click_rc4.zip
2018-01-23 15:34 - 2018-01-23 15:35 - 007211520 _____ C:\Users\Peppe\Desktop\ECDL_mod_1 - Copia.ppt
2018-01-18 21:21 - 2018-01-18 21:21 - 000075791 _____ C:\Users\Peppe\Downloads\4_5983572648070742670.pdf
2018-01-18 20:49 - 2018-01-18 20:49 - 015477209 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.6 Mod v3 iHackedit.com.apk
2018-01-18 20:49 - 2018-01-18 20:49 - 015477202 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.6 Mod v4 iHackedit.com.apk
2018-01-18 09:17 - 2018-01-18 09:18 - 015908041 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.5 Mod v3 iHackedit.com.apk
2018-01-18 09:17 - 2018-01-18 09:18 - 015908029 _____ C:\Users\Peppe\Downloads\Summoners War v3.7.5 Mod v4 iHackedit.com.apk
2018-01-16 21:43 - 2018-01-16 21:43 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\CDProjektRED
2018-01-14 23:54 - 2018-01-14 23:55 - 000000221 _____ C:\Users\Peppe\Desktop\Trine 2.url
2018-01-14 23:39 - 2018-04-01 00:41 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-01-14 23:39 - 2018-01-14 23:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\GOG.com
2018-01-14 23:38 - 2018-01-14 23:38 - 165087840 _____ (GOG.com ) C:\Users\Peppe\Downloads\setup_gwent_1.2.32.20_it-IT.exe
2018-01-14 23:38 - 2018-01-14 23:38 - 000000064 _____ C:\Users\Peppe\Downloads\gogGalaxy.auth
2018-01-13 16:08 - 2018-01-13 16:08 - 005235316 _____ (ShareX Team ) C:\Users\Peppe\Downloads\ShareX-12.0.0-setup.exe
2018-01-11 13:56 - 2018-01-11 13:56 - 000107628 _____ C:\Users\Peppe\Documents\sintesi_conto_per_isee.pdf
2018-01-11 13:52 - 2018-01-11 13:52 - 000107628 _____ C:\Users\Peppe\Downloads\sintesi_conto_per_isee.pdf
2018-01-08 21:33 - 2018-04-01 19:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Temp
2018-01-08 19:12 - 2018-01-08 19:12 - 000133800 _____ C:\Users\Peppe\Downloads\4_5900101199918531232 (2).pdf
2018-01-07 00:55 - 2018-01-07 00:55 - 000001164 _____ C:\Users\Peppe\Desktop\Nier Automata.lnk
2018-01-07 00:54 - 2018-01-07 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nier Automata
2018-01-07 00:22 - 2018-01-07 01:00 - 000000000 ____D C:\Program Files (x86)\Nier Automata
2018-01-07 00:22 - 2018-01-07 00:22 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Terrible Toybox
2018-01-07 00:21 - 2018-01-07 00:21 - 000001729 _____ C:\Users\Public\Desktop\Thimbleweed Park.lnk
2018-01-06 21:51 - 2018-01-06 21:51 - 000000000 ____D C:\Users\Peppe\AppData\Local\FinchGame
2018-01-06 20:56 - 2018-01-06 21:05 - 000000000 ____D C:\Users\Peppe\Downloads\What.Remains.of.Edith.Finch-HI2U
2018-01-06 20:55 - 2018-01-06 20:55 - 000052110 _____ C:\Users\Peppe\Downloads\What.Remains.of.Edith.Finch-HI2U-[rarbg.to].torrent
2018-01-06 20:54 - 2018-01-06 21:11 - 990340556 _____ C:\Users\Peppe\Downloads\thimbleweedpark10955gog.rar
2018-01-06 20:31 - 2018-01-06 23:09 - 131373056 _____ C:\Users\Peppe\Downloads\cpy-nra.iso
2018-01-06 20:15 - 2018-01-08 17:52 - 000000000 ____D C:\Users\Peppe\Documents\MEGAsync Downloads
2018-01-06 20:14 - 2018-01-28 17:10 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2018-01-06 20:14 - 2018-01-06 20:14 - 000000000 ____D C:\Users\Peppe\AppData\Local\Mega Limited
2018-01-06 20:13 - 2018-01-06 20:13 - 014975800 _____ (MEGA Limited) C:\Users\Peppe\Downloads\MEGAsyncSetup.exe
2018-01-06 20:05 - 2018-01-06 20:05 - 000268383 _____ C:\Users\Peppe\Downloads\Quantum.Break.COMPLETE-CODEX.torrent
2018-01-06 19:17 - 2018-01-06 19:17 - 001949447 _____ C:\Users\Peppe\Downloads\The Last of US PC Installer.rar
2018-01-06 19:17 - 2018-01-06 19:17 - 001949447 _____ C:\Users\Peppe\Downloads\The Last of US PC Installer (1).rar
2018-01-03 15:10 - 2018-01-03 15:10 - 000988781 _____ C:\Windows\system32\amdicdxx.dat

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2064-01-01 16:45 - 2017-11-16 16:39 - 000000000 ____D C:\ProgramData\eLicenser
2018-04-01 19:33 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 19:33 - 2009-07-14 06:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 19:26 - 2015-04-09 23:40 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-01 19:26 - 2014-10-17 19:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-01 19:25 - 2017-07-11 22:19 - 000000318 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-04-01 19:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 19:20 - 2016-08-05 17:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-01 19:09 - 2009-07-14 06:45 - 005075184 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-01 19:05 - 2014-09-30 15:09 - 000114824 _____ C:\Users\Peppe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-01 19:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-01 18:59 - 2014-09-30 15:38 - 000000000 ____D C:\AMD
2018-04-01 17:21 - 2015-10-01 13:31 - 000000000 ____D C:\Windows\pss
2018-04-01 17:08 - 2015-06-16 16:04 - 000000000 ____D C:\AdwCleaner
2018-04-01 16:23 - 2014-09-30 15:40 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-01 14:54 - 2016-03-22 22:21 - 000000000 ____D C:\Users\Peppe\Documents\ShareX
2018-04-01 14:40 - 2014-09-30 15:57 - 000000000 ____D C:\Users\Peppe\AppData\Local\Adobe
2018-04-01 13:59 - 2017-07-12 00:32 - 000000000 ____D C:\Users\Peppe\AppData\Local\Nox
2018-04-01 12:28 - 2015-01-03 17:22 - 000000000 ____D C:\Users\Peppe\.android
2018-04-01 12:27 - 2017-08-22 13:07 - 000000000 ____D C:\Users\Peppe\.BigNox
2018-04-01 12:27 - 2017-07-12 00:34 - 000000000 ____D C:\Users\Peppe\vmlogs
2018-04-01 06:26 - 2017-08-12 06:38 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2018-04-01 06:25 - 2016-09-16 19:12 - 000000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2018-04-01 06:25 - 2014-11-30 21:39 - 000000000 ____D C:\Program Files (x86)\2eb628ee-7327-4304-bd33-0abb95505b88
2018-04-01 06:25 - 2014-10-01 20:46 - 000000000 ____D C:\Program Files (x86)\Adobe Media Player
2018-04-01 06:06 - 2015-10-23 15:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\TeamViewer
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-01 05:31 - 2014-09-30 15:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-01 05:26 - 2017-08-15 08:12 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-01 05:25 - 2014-09-30 16:21 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-01 05:25 - 2014-09-30 16:21 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-04-01 05:24 - 2017-08-15 08:12 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-04-01 05:24 - 2014-09-30 16:21 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-01 04:56 - 2016-10-04 18:23 - 000472328 _____ C:\Windows\SysWOW64\win32_hlp
2018-04-01 04:52 - 2009-07-14 12:53 - 000744956 _____ C:\Windows\system32\perfh010.dat
2018-04-01 04:52 - 2009-07-14 12:53 - 000148628 _____ C:\Windows\system32\perfc010.dat
2018-04-01 04:52 - 2009-07-14 07:13 - 001671250 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-01 04:15 - 2015-08-09 05:50 - 000707595 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2018-04-01 03:47 - 2014-10-01 13:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-01 03:29 - 2014-10-01 13:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\DAEMON Tools Lite
2018-04-01 03:29 - 2014-09-30 16:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-01 03:28 - 2015-10-16 20:39 - 000000000 ____D C:\Users\Peppe\AppData\Local\CrashDumps
2018-04-01 02:49 - 2015-10-13 02:02 - 000000000 ____D C:\Program Files (x86)\BDO - English Please
2018-04-01 02:42 - 2017-11-15 00:54 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-01 02:27 - 2017-07-10 12:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-01 02:26 - 2014-09-30 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-01 02:18 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-01 02:16 - 2014-09-30 16:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-01 02:16 - 2009-07-14 04:34 - 000000408 _____ C:\Windows\win.ini
2018-04-01 02:15 - 2009-07-14 13:19 - 000000000 ____D C:\Windows\ShellNew
2018-04-01 02:15 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-01 01:21 - 2016-02-19 20:10 - 000000000 ____D C:\Program Files\Epic Games
2018-04-01 00:55 - 2014-10-01 13:59 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-01 00:53 - 2016-05-30 00:16 - 000000000 ____D C:\Users\Peppe\Desktop\SoundBoard
2018-04-01 00:53 - 2014-10-02 15:03 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\vlc
2018-04-01 00:52 - 2017-09-07 14:50 - 000001001 _____ C:\Users\Public\Desktop\SoundSwitch.lnk
2018-04-01 00:52 - 2014-10-01 13:32 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-01 00:41 - 2017-12-08 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-04-01 00:41 - 2017-09-16 14:22 - 000000000 ____D C:\ProgramData\GOG.com
2018-04-01 00:21 - 2014-10-17 19:37 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TeamViewer
2018-04-01 00:21 - 2014-10-01 13:57 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\TS3Client
2018-04-01 00:21 - 2014-10-01 13:32 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\uTorrent
2018-04-01 00:05 - 2015-05-03 13:48 - 000000000 ____D C:\Windows\Minidump
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-31 23:23 - 2014-10-01 13:32 - 000000000 ____D C:\Program Files\CCleaner
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2018-03-31 22:46 - 2016-03-22 22:20 - 000000000 ____D C:\Program Files\ShareX
2018-03-31 22:43 - 2015-12-14 13:29 - 000000000 __SHD C:\Users\Peppe\IntelGraphicsProfiles
2018-03-31 22:36 - 2014-09-30 15:12 - 000000000 ____D C:\Intel
2018-03-30 22:42 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\Spotify
2018-03-30 18:27 - 2015-07-14 15:11 - 000000000 ____D C:\Users\Peppe\AppData\Local\Spotify
2018-03-30 04:46 - 2017-07-11 22:19 - 000003302 _____ C:\Windows\System32\Tasks\iToolsDaemon
2018-03-30 04:46 - 2015-12-03 17:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-30 04:46 - 2014-12-25 13:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 04:46 - 2014-10-01 13:32 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 04:46 - 2014-09-30 15:26 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 04:46 - 2014-09-30 15:26 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-30 02:02 - 2017-06-15 22:26 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\discord
2018-03-21 20:44 - 2014-11-22 23:34 - 000000000 ____D C:\Users\Peppe\AppData\Local\ElevatedDiagnostics
2018-03-21 03:13 - 2014-09-30 15:27 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 16:02 - 2017-05-20 03:54 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\EasyAntiCheat
2018-03-18 16:02 - 2016-02-18 15:35 - 000000000 ____D C:\Users\Peppe\AppData\Local\UnrealEngine
2018-03-18 01:58 - 2016-07-16 04:19 - 000000000 ____D C:\Users\Peppe\AppData\Local\YoloMouse
2018-03-17 20:07 - 2017-05-14 15:18 - 000000000 ____D C:\Users\Peppe\AppData\LocalLow\Mozilla
2018-03-17 16:20 - 2017-09-07 14:50 - 000000000 ____D C:\Users\Peppe\AppData\Roaming\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch
2018-03-17 16:19 - 2017-09-07 14:50 - 000000000 ____D C:\Program Files\SoundSwitch
2018-03-17 01:42 - 2014-10-09 20:13 - 000000000 ____D C:\Users\Peppe\AppData\Local\Battle.net
2018-03-17 01:40 - 2014-10-09 20:13 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-14 19:13 - 2009-07-14 07:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-13 01:25 - 2015-07-18 22:11 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-03-13 01:06 - 2015-01-11 22:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-02 23:30 - 2015-08-04 18:26 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2009-04-03 13:09 - 2009-04-03 13:09 - 000142152 _____ (Microsoft Corporation) C:\Users\Peppe\oarpman.exe
2014-11-30 00:20 - 2014-11-30 00:20 - 000835843 _____ () C:\Users\Peppe\AppData\Roaming\b4gzzFlQsfcHnrWMIsZw6L3G5VuSbKU9ZH1gGxAzRaV44Qnxrw8c1umknivrERRqIRs6Eq11qVpoPeauHYiZDnrW2T6wGzgFLlf9eCLG.K8eIx
2015-07-09 00:35 - 2015-07-09 00:35 - 000000050 _____ () C:\Users\Peppe\AppData\Roaming\Camdata.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamLayout.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000000408 _____ () C:\Users\Peppe\AppData\Roaming\CamShapes.ini
2015-07-09 00:35 - 2015-07-09 00:35 - 000004521 _____ () C:\Users\Peppe\AppData\Roaming\CamStudio.cfg
2015-08-07 19:28 - 2015-08-08 15:48 - 000099384 _____ () C:\Users\Peppe\AppData\Roaming\inst.exe
2015-08-07 19:28 - 2015-08-08 15:48 - 000007859 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.cat
2015-08-07 19:28 - 2015-08-08 15:48 - 000001167 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.inf
2015-08-07 19:28 - 2015-08-08 15:48 - 000000055 _____ () C:\Users\Peppe\AppData\Roaming\pcouffin.log
2015-08-07 19:28 - 2015-08-08 15:48 - 000082816 _____ (VSO Software) C:\Users\Peppe\AppData\Roaming\pcouffin.sys
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.Exception.log
2014-11-10 15:41 - 2014-11-10 15:41 - 000001153 _____ () C:\Users\Peppe\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-10 15:41 - 2014-11-10 15:43 - 000000077 _____ () C:\Users\Peppe\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-30 03:36 - 2014-12-20 16:41 - 000000682 _____ () C:\Users\Peppe\AppData\Roaming\SpeedRunnersLog.txt
2015-08-07 19:27 - 2015-08-08 15:21 - 000001059 _____ () C:\Users\Peppe\AppData\Roaming\vso_ts_preview.xml
2014-11-30 22:27 - 2016-12-27 23:58 - 000000600 _____ () C:\Users\Peppe\AppData\Roaming\winscp.rnd
2018-04-01 19:27 - 2018-04-01 00:41 - 000137728 _____ () C:\Users\Peppe\AppData\Local\Cadavers.exe
2018-04-01 02:26 - 2018-04-01 02:26 - 000194048 _____ () C:\Users\Peppe\AppData\Local\install.dll
2018-04-01 02:26 - 2018-04-01 02:26 - 000003072 _____ () C:\Users\Peppe\AppData\Local\install_UEFIConfig.exe
2017-01-25 17:54 - 2017-01-25 22:20 - 000000072 _____ () C:\Users\Peppe\AppData\Local\MamaToGo.txt
2017-08-20 12:43 - 2017-08-20 12:43 - 000000882 _____ () C:\Users\Peppe\AppData\Local\Nox_crash.log
2017-01-25 17:38 - 2017-01-25 22:20 - 000000020 _____ () C:\Users\Peppe\AppData\Local\PapaToGo.txt
2015-04-18 13:35 - 2015-04-18 13:35 - 000000000 _____ () C:\Users\Peppe\AppData\Local\{45FD1050-0D15-4B13-8C02-0B27F8613971}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identificatore {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale it-IT
inherit {globalsettings}
default {current}
resumeobject {3d59d639-489f-11e4-a9d9-d8ff8242313e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 3

Caricatore di avvio di Windows
-------------------
identificatore {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale it-IT
inherit {bootloadersettings}
recoverysequence {3d59d63b-489f-11e4-a9d9-d8ff8242313e}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {3d59d639-489f-11e4-a9d9-d8ff8242313e}
nx OptIn
numproc 4
usefirmwarepcisettings No

Caricatore di avvio di Windows
-------------------
identificatore {3d59d63b-489f-11e4-a9d9-d8ff8242313e}
device ramdisk=[C:]\Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\Winre.wim,{3d59d63c-489f-11e4-a9d9-d8ff8242313e}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\Winre.wim,{3d59d63c-489f-11e4-a9d9-d8ff8242313e}
systemroot \windows
nx OptIn
winpe Yes

Ripresa da modalit� di ibernazione
---------------------
identificatore {3d59d639-489f-11e4-a9d9-d8ff8242313e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale it-IT
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Tester memoria di Windows
---------------------
identificatore {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostica memoria Windows
locale it-IT
inherit {globalsettings}
badmemoryaccess Yes

Impostazioni Servizi di gestione emergenze
------------
identificatore {emssettings}
bootems Yes

Impostazioni debugger
-----------------
identificatore {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Problemi RAM
-----------
identificatore {badmemory}

Impostazioni globali
---------------
identificatore {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Impostazioni caricatore di avvio
-------------------
identificatore {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Impostazioni hypervisor
-------------------
identificatore {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Impostazioni Resume Loader
----------------------
identificatore {resumeloadersettings}
inherit {globalsettings}

Opzioni dispositivo
--------------
identificatore {3d59d63c-489f-11e4-a9d9-d8ff8242313e}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\3d59d63b-489f-11e4-a9d9-d8ff8242313e\boot.sdi


LastRegBack: 2018-03-30 17:10

==================== End of FRST.txt ============================

Intanto che verifico, hai riavviato il computer dopo aver effettuato il fix

Grazie

 

[LupoVelenos]

Intanto che verifico, hai riavviato il computer dopo aver effettuato il fix

Grazie

sisi lo ha riavviato da solo quindi si

 

[EdwardTheGamer]

Da gestione attività fai: Tasto Destro > Apri Percorso File sul processo in questione e prova ad eliminare i file relativi ad esso.

@LupoVelenos

 

[.MaxTechnology]

sisi lo ha riavviato da solo quindi si

Il "Malware" in questione, rimane sempre aperto all^interno del task manager? Nonostante il fixlog^.
Erano collegati a svariati programmi come Coston, Dismantled ed magna. Se vedi questa tipologia di percorsi puoi procedere con l^eliminazione. Sono ubicati in : C:\Program Files (x86)\
Per cortesia, linkami la directory del processo, anche se credo di averle già risolte...
Procedi anche come ha detto Edward.


max

 

[LupoVelenos]

Dopo il fix ho riavviato e vi era ancora il processo aperto l'ho terminato e non si è replicato più , ora provo a riavviare e vedere se si ripresenta !

 

[.MaxTechnology]

Dopo il fix ho riavviato e vi era ancora il processo aperto l'ho terminato e non si è replicato più , ora provo a riavviare e vedere se si ripresenta !

Eh per questo, non riesco a spiegarmi anche dopo il fix come sia possibile :patpat: fammi sapere, in caso provvedo a preparare un^altro fixlist, intanto in C:\FRST\ trovi la cartella Quarantine con tutto ciò che e^ stato rimosso puoi anche eliminarlo

max

 

[LupoVelenos]

Eh per questo, non riesco a spiegarmi anche dopo il fix come sia possibile :patpat: fammi sapere, in caso provvedo a preparare un^altro fixlist, intanto in C:\FRST\ trovi la cartella Quarantine con tutto ciò che e^ stato rimosso puoi anche eliminarlo

max

dal processo la directory è C:\Users\Peppe\AppData\Local\Temp\Cadavers.DMP
ho rimosso i file in quarantena ora provo a cancellare il file nella directory e riavvio per vedere se continua
Grazie per la pazienza :(

 

[.MaxTechnology]

dal processo la directory è C:\Users\Peppe\AppData\Local\Temp\Cadavers.DMP
ho rimosso i file in quarantena ora provo a cancellare il file nella directory e riavvio per vedere se continua
Grazie per la pazienza :(

Tienici aggiornati, forse avrò dimenticato/sbagliato qualcosa io ;) può capitare