0% found this document useful (0 votes)

133 views26 pages

Addition

This document summarizes the results of a scan run by Farbar Recovery Scan Tool on a Windows 10 Education system. It lists 5 user accounts, Windows Defender as the active security software, and over 80 installed programs including Google Chrome, Mozilla Firefox, Microsoft Office, 7-Zip, Dropbox, Spotify, and various video game and VPN applications.

Uploaded by

ilu593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

133 views26 pages

Addition

Uploaded by

ilu593

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 26

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.

2018
Ran by Luca Atzori (18-02-2018 10:58:59)
Running from C:\Users\Luca Atzori\Downloads
Windows 10 Education Version 1709 16299.248 (X64) (2017-12-16 00:48:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2930207519-6125519-2372475533-500 - Administrator -

Disabled)
DefaultAccount (S-1-5-21-2930207519-6125519-2372475533-503 - Limited - Disabled)
Guest (S-1-5-21-2930207519-6125519-2372475533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2930207519-6125519-2372475533-1005 - Limited - Enabled)
Luca Atzori (S-1-5-21-2930207519-6125519-2372475533-1001 - Administrator - Enabled)
=> C:\Users\Luca Atzori
WDAGUtilityAccount (S-1-5-21-2930207519-6125519-2372475533-504 - Limited -
Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems
Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:
28.0.0.161 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 -
NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 -
Apple Inc.)
Brave (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\Brave) (Version: 0.16.9
- Brave Software)
CERNBox (HKLM-x32\...\CERNBox) (Version: 2.1.1.544 - CERN)
Dropbox (HKLM-x32\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94})
(Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dynalist 1.0.2 (only current user) (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.2 - Dynalist Inc.)
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-
396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Factorio version 0.15.31 (HKLM\...\Factorio_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version:
5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
(Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HMA! Pro VPN 3.4.6.1 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.4.6.1 - Privax Ltd)
ibVPN (HKLM-x32\...\ibVPN) (Version: 1.9.3.2 - ibVPN)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version:
8.0.1610.12 - Oracle Corporation)
KeePassXC (HKLM-x32\...\KeePassXC) (Version: 2.2.4 - KeePassXC Team)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
ma Livebox (HKLM-x32\...\ma Livebox) (Version: 3.4.8.0 - Orange)
Mattermost (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\mattermost)
(Version: 3.4.1 - Mattermost, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-
A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version:
16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-
38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-
F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-
6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\
{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft
Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\
{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft
Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\
{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft
Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\
{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft
Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\
{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft
Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\
{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft
Corporation)
Mozilla Firefox 58.0.2 (x64 it) (HKLM\...\Mozilla Firefox 58.0.2 (x64 it))
(Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version:
58.0.2.6611 - Mozilla)
NordVPN (HKLM-x32\...\{2A2818C4-6A77-4AF8-9651-0B225B3B1B6B}) (Version: 6.0.2 -
NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.0.2) (Version: 6.0.2 - NordVPN)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-
0000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\
{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft
Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-
0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-
0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995})
(Version: 5.0.20 - Oracle Corporation)
Orange Update (HKLM-x32\...\Orange Update) (Version: 3.3.0.3 - Orange)
Pannello di controllo NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden
Plex Media Player (HKLM\...\{5F98B292-7491-494E-AB9B-9A4C834B03A1}) (Version: 1.3.4
- Plex) Hidden
Plex Media Player (HKLM-x32\...\{0fdef169-9dda-4c96-9865-0bf7b2a4ef4e}) (Version:
1.3.4 - Plex)
Plex Media Server (HKLM-x32\...\{7118FBC6-F81D-43B9-B30A-51945CC1A0C8}) (Version:
1.8.4249 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{dd96de17-0520-49fc-ab44-44e1710f6c77}) (Version:
1.8.4.4249 - Plex, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version:
2.7.12150 - Python Software Foundation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent
project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version:
10.0.10586.31222 - Realtek Semiconduct Corp.)
Signal 1.3.0 (only current user) (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.3.0 - Open Whisper
Systems)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-
EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Skype versione 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies
S.A.)
Slack (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\slack) (Version: 3.0.5 -
Slack Technologies)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version:
2.3.1511.1201 - LG Electronics Inc.)
Spotify (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\Spotify) (Version:
1.0.74.380.g1fcff12a - Spotify AB)
Stopping Plex (HKLM-x32\...\{68B69B2F-7F58-41DC-AB5E-05E4E735AB0A}) (Version:
1.8.4249 - Plex, Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 -
Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram
Messenger LLP)
Trackmania Turbo (HKLM-x32\...\Uplay Install 2070) (Version: - Ubisoft)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity
Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 -
LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WhatsApp (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\WhatsApp) (Version:
0.2.8082 - WhatsApp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 -
Xiph.Org)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX
-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 ->
C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722}
=> C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16]
(ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} =>
C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16] (ownCloud
Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-
276B1E3C3722} => C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-
02-16] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722}
=> C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16]
(ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-
276B1E3C3722} => C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-
02-16] (ownCloud Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [OCContextMenuHandler] -> {841A0AAD-AA11-4B50-84D9-
7F8E727D77D7} => C:\Program Files (x86)\cernbox\shellext\OCContextMenu_x64.dll
[2016-02-16] (ownCloud Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No
File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-
BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {011EB7F2-EE8D-462D-B92F-AE1C4DCB2862} - System32\Tasks\SmartShare =>

C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2014-12-05]
(LG Electronics Inc.)
Task: {02CF33EE-871B-43CC-BCD6-5C22E1E9F7DC} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-1001Core
=> C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04]
(Google Inc.)
Task: {153DC3C2-A993-4597-8620-DE52AF546EA9} -
\Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {193F1407-2C6A-484D-B08E-137130CF1B77} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files
(x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-20] (Microsoft Corporation)
Task: {3519FFB9-F77C-4B81-8E58-22EFE7CD7F51} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files
(x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[2017-10-11] (NVIDIA Corporation)
Task: {3817A9CD-E691-4598-A6F8-3DB1E7F9DD80} -
System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program
Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-
01-20] ()
Task: {383D1B40-D003-4356-BB4E-A51C96713980} -
System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common
Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft
Corporation)
Task: {38CD0A89-E015-4313-AE63-B25E6EFF3C7C} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11]
(NVIDIA Corporation)
Task: {3B52FB55-95C4-40AD-ABF8-5B915E215CEF} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11]
(NVIDIA Corporation)
Task: {3E151138-7DE3-4D80-9B0C-2558923F8E7A} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
=> C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-
0\MpCmdRun.exe [2018-01-21] (Microsoft Corporation)
Task: {4116975B-51AA-40E5-A955-908E8B0C9C34} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23]
(Microsoft Corporation)
Task: {4C879943-7E08-49C7-931F-E92B38AACE4D} - System32\Tasks\NvTmRep_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update
Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {5525F23A-3E36-4345-B936-6351F3AA6492} - System32\Tasks\NvTmMon_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update
Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {55AB7626-067D-4CC9-B6D1-D53034BB810C} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001UA1d257f065148419 => C:\Users\Luca
Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {55D9E651-F1A1-4D9B-8CA6-49BE482BAC4A} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-20] (Microsoft
Corporation)
Task: {6DA936D3-1480-435E-A548-EA0520EE0C4B} -
System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {71F9F99B-90B5-458D-9756-CDFF66BE6794} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Launch => Command(1): Net -> stop
"Orange Update Core Service"
Task: {71F9F99B-90B5-458D-9756-CDFF66BE6794} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Launch => Command(2): Net -> start
"Orange Update Core Service"
Task: {7682F719-4DAA-4A6C-8FBC-C68175A1ACED} -
System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration =>
C:\Program Files (x86)\Microsoft
Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-20] ()
Task: {796B6B74-1938-4C9D-A41E-2672EBD1F2B9} -
System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-04] (Dropbox, Inc.)
Task: {95112576-76E6-4052-B15A-C9F17F44ED35} -
System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files
(x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft
Shared\Office16\OLicenseHeartbeat.exe [2018-01-20] (Microsoft Corporation)
Task: {9EB86741-9C11-4E5B-BCC6-34EFFCC659A7} -
System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA
Corporation)
Task: {AE7CFDCB-4287-458B-AB17-79844002859C} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001Core1d257f06509cccd => C:\Users\Luca
Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {C00FDCA5-CAC1-40EA-8DFB-7AC74CC53781} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-1001UA =>
C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04]
(Google Inc.)
Task: {C6F7D2C0-E9B8-4680-BA53-4017671681A5} - System32\Tasks\AutoPico Daily
Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-11] (@ByELDI)
Task: {C729793C-F10E-441C-8383-61F0F3BAA2E4} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Install => C:\Program Files
(x86)\Orange Update\install.bat [2017-11-13] () <==== ATTENTION
Task: {CCF6A4A0-A435-4038-82B3-95DFBA249909} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe
[2018-01-21] (Microsoft Corporation)
Task: {CF86D0AA-F9E2-4644-BF0D-750371C44517} - System32\Tasks\Adobe Flash Player
Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-
02-06] (Adobe Systems Incorporated)
Task: {D1AB73B8-C3D9-40E7-9C4D-33F4F60F7B78} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11]
(NVIDIA Corporation)
Task: {D33001B3-9080-41CC-BA57-1F7E4F848316} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {D5CDC3FB-CCAF-49D2-8ADC-B7B519CDF2BA} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe
[2018-01-21] (Microsoft Corporation)
Task: {E486F011-18EC-4BFA-86ED-86811F7FD6C6} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {E686C3DE-D8FE-49DE-B6AE-DC37E3C81B2E} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-
0\MpCmdRun.exe [2018-01-21] (Microsoft Corporation)
Task: {EC607472-050F-4A53-81CD-D5F7A250BFFA} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA
Corporation)
Task: {F677DDD7-3A91-4286-A2E1-5BB7730A765C} - System32\Tasks\ibVPN-Service =>
C:\Program Files (x86)\ibVPN\ibVPN.service.exe [2016-05-12] ()
Task: {F85DAB7C-9C9F-4317-8D2C-2533F5C48643} -
System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-04] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files

(x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001Core.job => C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001UA.job => C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ ()

C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-06 12:21 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA
Corporation\NvContainer\libprotobuf.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 001970544 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
2016-02-16 15:30 - 2016-02-16 15:30 - 000058880 _____ () C:\Program Files
(x86)\cernbox\shellext\OCUtil_x64.dll
2018-02-15 18:13 - 2018-02-10 05:39 - 011044864 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-15 18:13 - 2018-02-10 05:36 - 001804288 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 000086528 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 18:22 - 2018-01-31 18:22 - 000195072 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgrou
ndTasks.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 025135104 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 002542592 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 000667136 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-02-26 14:38 - 2016-02-26 14:38 - 035928709 _____ () C:\Program Files
(x86)\cernbox\cernbox.exe
2018-02-03 10:03 - 2018-02-03 10:03 - 002250240 _____ () C:\Program
Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsof
t.UI.Xaml.dll
2018-02-07 04:19 - 2018-02-07 04:19 - 001231536 _____ () C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d
8bbwe\Office.UI.Xaml.Word.dll
2018-02-16 23:40 - 2018-02-16 23:40 - 027138048 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\Video.UI.
exe
2018-02-16 23:40 - 2018-02-16 23:40 - 000306176 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\SharedUI.
dll
2018-02-16 23:40 - 2018-02-16 23:40 - 006687744 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\EntCommon
.dll
2017-09-26 18:05 - 2017-09-26 18:05 - 003553704 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\Microsoft
.UI.Xaml.dll
2018-02-16 23:40 - 2018-02-16 23:40 - 009283072 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\EntPlat.d
ll
2018-02-10 20:43 - 2018-02-10 20:43 - 002144528 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\ffmpeg.dll
2018-02-17 19:05 - 2018-02-17 19:05 - 000492032 _____ () \\?\C:\Users\Luca
Atzori\AppData\Local\Temp\EE9F.tmp.node
2018-02-10 20:43 - 2018-02-10 20:43 - 002555152 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\libglesv2.dll
2018-02-10 20:43 - 2018-02-10 20:43 - 000096528 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\libegl.dll
2018-02-17 19:05 - 2018-02-17 19:05 - 000492032 _____ () \\?\C:\Users\Luca
Atzori\AppData\Local\Temp\FD83.tmp.node
2017-12-14 03:48 - 2017-12-14 03:48 - 001139282 _____ () C:\Program
Files\KeePassXC\libgcrypt-20.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000093830 _____ () C:\Program
Files\KeePassXC\zlib1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000021164 _____ () C:\Program
Files\KeePassXC\libssp-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000143177 _____ () C:\Program
Files\KeePassXC\libgpg-error-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000387616 _____ () C:\Program
Files\KeePassXC\libykpers-1-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 001796044 _____ () C:\Program
Files\KeePassXC\libicuuc58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000304319 _____ () C:\Program
Files\KeePassXC\libpcre2-16-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000083150 _____ () C:\Program
Files\KeePassXC\libgcc_s_seh-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000225623 _____ () C:\Program
Files\KeePassXC\libjson-c-2.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 001432713 _____ () C:\Program
Files\KeePassXC\libstdc++-6.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000347956 _____ () C:\Program
Files\KeePassXC\libyubikey-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 026230434 _____ () C:\Program
Files\KeePassXC\libicudt58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000650125 _____ () C:\Program
Files\KeePassXC\libharfbuzz-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 002735264 _____ () C:\Program
Files\KeePassXC\libicuin58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000226591 _____ () C:\Program
Files\KeePassXC\libgraphite2.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000231566 _____ () C:\Program
Files\KeePassXC\libpng16-16.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000677139 _____ () C:\Program
Files\KeePassXC\libfreetype-6.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000285375 _____ () C:\Program
Files\KeePassXC\libpcre-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000074400 _____ () C:\Program
Files\KeePassXC\libbz2-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000054800 _____ () C:\Program
Files\KeePassXC\libkeepassx-autotype-windows.dll
2016-07-28 08:48 - 2018-01-20 04:56 - 008929480 _____ () C:\Program Files
(x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft
Office\Office16\1033\GrooveIntlResource.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000047616 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITeleme
try.dll
2018-02-15 18:13 - 2018-02-10 05:41 - 004173824 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataMo
del.dll
2018-02-15 18:13 - 2018-02-10 05:41 - 003662336 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewMo
dels.dll
2017-09-07 03:28 - 2017-09-07 03:28 - 000083432 _____ () C:\Program Files
(x86)\Plex\Plex Media Server\zlib.dll
2017-09-07 03:27 - 2017-09-07 03:27 - 000203240 _____ () C:\Program Files
(x86)\Plex\Plex Media Server\libidn.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000549888 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\netsnmp.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000182784 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\ProxyDetection.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000157184 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\pupnp.dll
2016-01-29 14:26 - 2016-01-29 14:26 - 000051095 _____ () C:\Program Files
(x86)\cernbox\libqt5keychain.dll
2016-02-26 14:37 - 2016-02-26 14:37 - 003148899 _____ () C:\Program Files
(x86)\cernbox\libocsync.dll
2016-02-26 14:37 - 2016-02-26 14:37 - 017989222 _____ () C:\Program Files
(x86)\cernbox\libcernboxsync.dll
2016-01-25 20:36 - 2016-01-25 20:36 - 000097326 _____ () C:\Program Files
(x86)\cernbox\libgcc_s_sjlj-1.dll
2016-01-25 20:36 - 2016-01-25 20:36 - 000922727 _____ () C:\Program Files
(x86)\cernbox\libstdc++-6.dll
2016-01-25 17:26 - 2016-01-25 17:26 - 001366986 _____ () C:\Program Files
(x86)\cernbox\libGLESv2.dll
2016-01-25 17:25 - 2016-01-25 17:25 - 000085548 _____ () C:\Program Files
(x86)\cernbox\zlib1.dll
2016-01-25 18:37 - 2016-01-25 18:37 - 000209711 _____ () C:\Program Files
(x86)\cernbox\libpng16-16.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 002197765 _____ () C:\Program Files
(x86)\cernbox\icui18n53.dll
2016-01-25 17:24 - 2016-01-25 17:24 - 000148117 _____ () C:\Program Files
(x86)\cernbox\libpcre16-0.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 001308778 _____ () C:\Program Files
(x86)\cernbox\icuuc53.dll
2016-01-25 17:27 - 2016-01-25 17:27 - 000350662 _____ () C:\Program Files
(x86)\cernbox\libjpeg-8.dll
2016-01-25 21:36 - 2016-01-25 21:36 - 000231727 _____ () C:\Program Files
(x86)\cernbox\libxslt-1.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 021539975 _____ () C:\Program Files
(x86)\cernbox\icudata53.dll
2016-01-25 17:26 - 2016-01-25 17:26 - 000154982 _____ () C:\Program Files
(x86)\cernbox\libEGL.dll
2016-01-25 17:25 - 2016-01-25 17:25 - 000689339 _____ () C:\Program Files
(x86)\cernbox\libsqlite3-0.dll
2016-01-25 20:57 - 2016-01-25 20:57 - 000247540 _____ () C:\Program Files
(x86)\cernbox\libwebp-4.dll
2016-01-25 18:41 - 2016-01-25 18:41 - 001169416 _____ () C:\Program Files
(x86)\cernbox\libxml2-2.dll
2018-01-08 22:21 - 2018-02-02 21:48 - 001782904 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-02-10 11:30 - 2018-02-08 21:10 - 000740168 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-10 11:30 - 2018-02-08 21:10 - 002079048 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 21:54 - 2018-02-08 21:10 - 000100312 _____ () C:\Program Files
(x86)\Dropbox\Client\_ctypes.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000018896 _____ () C:\Program Files
(x86)\Dropbox\Client\select.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000020808 _____ () C:\Program Files
(x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000035808 _____ () C:\Program Files
(x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000694232 _____ () C:\Program Files
(x86)\Dropbox\Client\unicodedata.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000130520 _____ () C:\Program Files
(x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001856864 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000022880 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000145880 _____ () C:\Program Files
(x86)\Dropbox\Client\pyexpat.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000116696 _____ () C:\Program Files
(x86)\Dropbox\Client\pywintypes27.dll
2017-09-21 21:54 - 2018-02-08 21:10 - 000105944 _____ () C:\Program Files
(x86)\Dropbox\Client\win32api.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022872 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000063312 _____ () C:\Program Files
(x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024536 _____ () C:\Program Files
(x86)\Dropbox\Client\win32event.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000077120 _____ () C:\Program Files
(x86)\Dropbox\Client\fastpath.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000020952 _____ () C:\Program Files
(x86)\Dropbox\Client\mmapfile.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000124888 _____ () C:\Program Files
(x86)\Dropbox\Client\win32file.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000116184 _____ () C:\Program Files
(x86)\Dropbox\Client\win32security.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000392664 _____ () C:\Program Files
(x86)\Dropbox\Client\pythoncom27.dll
2017-09-21 21:54 - 2018-02-08 21:12 - 000392520 _____ () C:\Program Files
(x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000026464 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024024 _____ () C:\Program Files
(x86)\Dropbox\Client\win32clipboard.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000175576 _____ () C:\Program Files
(x86)\Dropbox\Client\win32gui.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000030168 _____ () C:\Program Files
(x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000043480 _____ () C:\Program Files
(x86)\Dropbox\Client\win32process.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000026072 _____ () C:\Program Files
(x86)\Dropbox\Client\win32job.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000048600 _____ () C:\Program Files
(x86)\Dropbox\Client\win32service.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000057816 _____ () C:\Program Files
(x86)\Dropbox\Client\win32evtlog.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000021840 _____ () C:\Program Files
(x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000023376 _____ () C:\Program Files
(x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000022864 _____ () C:\Program Files
(x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000066400 _____ () C:\Program Files
(x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001796416 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000084944 _____ () C:\Program Files
(x86)\Dropbox\Client\sip.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001956672 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 003859272 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000155472 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000521032 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000051024 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000043336 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000131400 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000219984 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000204104 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000025440 _____ () C:\Program Files
(x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000060888 _____ () C:\Program Files
(x86)\Dropbox\Client\win32print.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000054616 _____ () C:\Program Files
(x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024024 _____ () C:\Program Files
(x86)\Dropbox\Client\win32profile.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022880 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000100704 _____ () C:\Program Files
(x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000028632 _____ () C:\Program Files
(x86)\Dropbox\Client\win32ts.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022368 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022368 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000027496 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000349144 _____ () C:\Program Files
(x86)\Dropbox\Client\winxpgui.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000101704 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000023904 _____ () C:\Program Files
(x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000025432 _____ () C:\Program Files
(x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000036312 _____ () C:\Program Files
(x86)\Dropbox\Client\librsync.dll
2018-02-10 11:30 - 2018-02-08 21:12 - 000032608 _____ () C:\Program Files
(x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000293392 _____ () C:\Program Files
(x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 21:14 - 2018-02-08 21:13 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000181064 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 21:54 - 2018-02-08 21:12 - 000030544 _____ () C:\Program Files
(x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000024384 _____ () C:\Program Files
(x86)\Dropbox\Client\libEGL.DLL
2018-02-10 11:30 - 2018-02-08 21:12 - 001638208 _____ () C:\Program Files
(x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 21:54 - 2018-02-08 21:13 - 000026464 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000545096 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000359232 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000038216 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-01-08 22:21 - 2018-02-02 21:48 - 002559616 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-08 22:21 - 2018-02-02 21:48 - 000031872 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\libegl.dll
2018-02-10 11:28 - 2018-02-02 21:48 - 000208384 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\electron-
ssid\build\Release\electron-ssid.node
2018-01-08 22:21 - 2018-02-02 21:48 - 000400384 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Rel
ease\spellchecker.node
2018-01-08 22:21 - 2018-02-02 21:48 - 000129536 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\keyboard-
layout\build\Release\keyboard-layout-manager.node
2018-01-08 22:21 - 2018-02-02 21:48 - 002167808 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2016-11-06 12:21 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files
(x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-28 08:48 - 2018-01-20 04:55 - 008928968 _____ () C:\Program Files
(x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
"AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to
default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____

C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2930207519-6125519-2372475533-1001\Control Panel\Desktop\\Wallpaper ->

C:\Users\Luca
Atzori\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\46
924.jpg
DNS Servers: 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\StartupApproved\StartupFolder:
=> "Facebook Gameroom.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

FirewallRules: [{6D081B0C-5159-4399-BDED-A2EF267AAEBB}] => (Allow) C:\Program

Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{76278E2D-1C93-4441-8491-1988B91018C6}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7C577AE5-9BE6-4BA5-A6B6-9E1A816AFBCA}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{47ED8C62-19C8-4E53-B3A9-EFC4F15F9C45}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4AC005A1-74DB-46A6-802A-06616657EF6D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B11514B9-AE5F-4BCB-90F9-2BCA0DEE6183}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{120AB57A-D068-4867-AA4D-E1CA26C40DFD}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{DF2C8E69-4B88-4EE4-AFA1-4902CA28F4DA}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{C900221A-CD4E-4AF5-A6FE-4128AD518711}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{3CB43FF0-6BCA-489D-BD5E-357054F9CBA9}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{B8DBCA87-6356-4C67-9512-3A0B2692D0D6}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [UDP Query User{CE5963B5-EC9A-4BD7-9514-7A6CACF20AC5}C:\program
files\factorio\bin\x64\factorio.exe] => (Allow) C:\program
files\factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{466B6369-95B9-4885-ABF5-0209DA0DF83B}C:\program
files\factorio\bin\x64\factorio.exe] => (Allow) C:\program
files\factorio\bin\x64\factorio.exe
FirewallRules: [{34BA2BF6-BF32-4281-98C4-281B4A83436C}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{6E4278C1-9F83-4E47-9341-ED44FEA19ADF}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{CF8B7ABD-9669-4230-95CA-CC76636224F5}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe
FirewallRules: [{678D7F16-CB84-49AB-B2CE-A8D967BBC2FD}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe
FirewallRules: [{FCDA19E7-98EF-4B47-98D5-ADC18E5A2C8F}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginDmControlPoint.exe
FirewallRules: [{A10F9A1A-945E-4D58-9EB1-A084E5028158}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginDmControlPoint.exe
FirewallRules: [{4D33BC3E-8AAA-418E-A877-5768E428C96F}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe
FirewallRules: [{D5A60F85-FCAE-4EFA-893A-43952E03D53B}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe
FirewallRules: [{C089849E-EFCC-45BC-BA9E-4D9162967707}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
FirewallRules: [{FFB5D48B-9D14-42A0-B835-488703F77BB1}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
FirewallRules: [{B292FD60-2E17-4187-84F4-A21BF438BD31}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DE86B99-03DA-4100-A4D3-B68FBDF12625}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F86C6A1-B85A-46F1-8DF1-A9891AA778B9}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CC0F06D-FA54-46EA-90E9-164A5785EAA7}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5ECFA3EE-602A-479B-8484-800953D21524}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{141A6CF5-11CA-4853-8AF9-DAD89B42E5C8}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F80595D5-E4DC-4735-8C9F-38754EE93530}C:\program
files (x86)\hearthstonetracker\hearthcap.exe] => (Allow) C:\program files
(x86)\hearthstonetracker\hearthcap.exe
FirewallRules: [TCP Query User{3CC94EF7-CB5C-4774-95E4-6C4A4D92D80A}C:\program
files (x86)\hearthstonetracker\hearthcap.exe] => (Allow) C:\program files
(x86)\hearthstonetracker\hearthcap.exe
FirewallRules: [{0D7A19F7-8D20-4866-A25E-B4699D9EDF6A}] => (Allow) C:\Program Files
(x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{C715B22A-38A6-4BB6-ABCB-215253DD39BF}] => (Allow) C:\Program Files
(x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [UDP Query User{DBC06861-CBBF-4D9A-A5A4-C1CB1C6C91DC}C:\program
files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files
(x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{A8270586-924F-41C8-8810-6609C4072054}C:\program
files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files
(x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6EB64205-1F2B-4263-9920-7D48C4B19710}C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4AF5348C-3256-4882-9B01-290B7EA23F31}C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DDEFACAF-ACCF-4739-9B3D-09D948B8D086}] => (Allow) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B663208-692A-4F10-84E7-2B66A4F896C5}] => (Allow) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DAC101D-C97F-494D-A517-42F2770997F1}] => (Allow) C:\Program Files
(x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{9E41FEC2-E465-426E-954E-4BCDE8078D1E}] => (Allow) C:\Program Files
(x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F67FEAE5-29A4-4D4C-A0DE-9EF9807E19F3}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{116D74F6-E240-482D-A1DC-2C8FBA354C97}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3F8BE1F7-B39B-4A88-8598-0F56D1CB1FFB}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CB72F66-49ED-46F3-952A-71A495A208A4}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0786BBE2-6D67-462F-BF30-AFE878134801}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7A38EE66-C5F7-4A9E-B513-65F65D619910}C:\program
files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files
(x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{CFE53F86-305F-4B9C-9DB5-E3A9E53FBAB0}C:\program
files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files
(x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{627AE6D9-EA28-40B2-B619-0C515ADCE7CC}C:\program
files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E994E48C-2D24-4342-9AF4-E4068D95555E}C:\program
files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{E2ABA18E-3EA9-477F-A983-73BE75E42453}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{2A37C064-40AD-49B3-A633-C38EE8A07A93}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{9F7E395C-4C4E-4CB1-AD6C-C7743ED26695}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{4DF068C9-E21C-4205-B208-A3E83028A5CB}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [TCP Query User{D4692798-786F-42F4-B512-0A19CEC2DCE7}C:\program
files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files
(x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D4F2653B-AE7B-4EB3-9286-099F5B1A9807}C:\program
files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files
(x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{6940E482-F544-4031-A208-7CB65922D700}C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
] => (Allow) C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [UDP Query User{8A785802-B33A-4393-B628-922227457E2F}C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
] => (Allow) C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [{98BAC98F-AAFE-4E92-B231-EAF5F2E1B735}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC4895B2-4016-4171-AB51-213405B4B6FC}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{96F42307-0936-4147-9D15-ABD9599D63C5}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FB448C3A-4D5A-44AA-A08A-81E69CB75501}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{997F83DF-FD45-4B20-BB93-6CF0BC01B223}] => (Allow) C:\Program
Files\Plex\Plex Media Player\PlexMediaPlayer.exe
FirewallRules: [{D347DE5A-3CD8-49B5-803D-95E0E5EB1A1B}] => (Allow) C:\Program
Files\Plex\Plex Media Player\PMPHelper.exe
FirewallRules: [{C603FEE6-3B19-4DF2-8E9F-073FB0170CD6}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{541A3945-7694-4A2F-9CF6-3D7F0E2F6CD3}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C08111B0-2EA3-4A52-B766-260369C5298D}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B38EE73D-5520-40CC-9093-79FA58EBE4CA}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{70B34FDE-9906-49F1-9B86-12F1D6D2750D}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B17B9BB4-4323-4B44-9041-CBAB77E36D20}] => (Allow) C:\Program Files
(x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{6F1F76F6-006E-4528-B03D-297206600113}] => (Allow) C:\Program Files
(x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{61580D3A-E5DE-488A-ADAF-8C876B792CAD}] => (Allow) C:\Program Files
(x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{104FFCE6-6116-438E-8465-3186CCE4DFAF}] => (Allow) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-02-2018 08:53:30 Windows Update

15-02-2018 18:11:51 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2018 02:43:55 AM) (Source: Microsoft-Windows-Spell-Checking)
(EventID: 31) (User: DESKTOP-TIOPBP2)
Description: Impossibile aggiornare l'elenco di parole 1 dell'utente: -2147024864.
Il controllo ortografia rimarrà disponibile, ma l'elenco di parole dell'utente non
verrà aggiornato.

Error: (02/17/2018 11:59:07 PM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/17/2018 11:04:44 AM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/17/2018 10:54:43 AM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/16/2018 11:59:10 PM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5265

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5265

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/18/2018 10:45:47 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: È stato individuato un danneggiamento nella struttura del file system
nel volume E:.

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

riferimento del file è 0x1000000000497. Il nome del file è
"\Personal\tesi_titanic\atzori". L'attributo dell'indice danneggiato è ":
$I30:$INDEX_ROOT". Il blocco dell'indice danneggiato si trova nella posizione
seguente: VCN 0xffffffffffffffff, LCN 0xffffffffffffffff. Il danneggiamento inizia
all'offset 128 all'interno del blocco dell'indice.

Error: (02/18/2018 10:45:47 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: È stato individuato un danneggiamento nella struttura del file system
nel volume E:.

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

riferimento del file è 0x1000000000f36. Il nome del file è "\Personal\taxes".
L'attributo dell'indice danneggiato è ":$I30:$INDEX_ALLOCATION".

Error: (02/18/2018 04:15:56 AM) (Source: DCOM) (EventID: 10016) (User: NT

AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost
(tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non
disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è
possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/18/2018 03:10:44 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/18/2018 01:00:15 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/17/2018 06:42:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-
TIOPBP2)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente DESKTOP-TIOPBP2\SID Luca Atzori (S-1-5-21-2930207519-6125519-
2372475533-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del
contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale
autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo
Servizi componenti.

Error: (02/17/2018 06:40:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-
TIOPBP2)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente DESKTOP-TIOPBP2\SID Luca Atzori (S-1-5-21-2930207519-6125519-
2372475533-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del
contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale
autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo
Servizi componenti.

Error: (02/17/2018 01:00:11 PM) (Source: DCOM) (EventID: 10016) (User: NT

Windows Defender:
===================================
Date: 2018-02-13 19:05:50.863
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {85832C16-6303-4DF9-954F-E8BCBB2D80DD}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2017-12-18 19:43:13.748

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:3608,ProcessStart:131580958034842169;regkey:_HKLM\SOFTWARE\Mic
rosoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico
Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\Service_KMS.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:03.409

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:100,ProcessStart:131580251427213040;process:_pid:11504,Process
Start:131579387428215040;process:_pid:3588,ProcessStart:131579029059761587;regkey:_
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{C6F7D2C0-E9B8-4680-BA53-4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;star
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\AutoPico.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:03.059

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:11504,ProcessStart:131579387428215040;process:_pid:3588,Proces
sStart:131579029059761587;regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\AutoPico.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:02.896

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:11504,ProcessStart:131579387428215040;process:_pid:3588,Proces
sStart:131579029059761587;regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Windows\System32\svchost.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2018-01-30 19:14:08.845

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.520.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-30 19:14:08.844

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 118.2.0.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Network Inspection System
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 2.1.14202.0
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.336

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.364.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.336

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.364.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antispyware
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.335

CodeIntegrity:
===================================

Date: 2018-02-18 10:21:55.946

Description:
Code Integrity determined that a process
(\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Microsoft signing level requirements.

Date: 2018-02-18 10:21:55.945

Date: 2018-02-18 10:09:28.327

Date: 2018-02-18 10:09:28.326

Date: 2018-02-18 10:09:11.283

Date: 2018-02-18 10:09:11.282

Date: 2018-02-18 09:51:55.946

Date: 2018-02-18 09:51:55.945

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz

Percentage of memory in use: 58%
Total physical RAM: 8047.52 MB
Available physical RAM: 3338.21 MB
Total Virtual: 9327.52 MB
Available Virtual: 3074.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:798.64 GB) NTFS

Drive e: () (Removable) (Total:60.53 GB) (Free:52.24 GB) NTFS

\\?\Volume{9798cba0-d02c-420f-9550-96aa24439ca9}\ (Ripristino) (Fixed) (Total:0.44

GB) (Free:0.42 GB) NTFS
\\?\Volume{9a9fc904-522c-4631-8a38-ecc13e1039e6}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
\\?\Volume{b4edb79d-5d2e-4ffc-9520-d6be929c8689}\ () (Fixed) (Total:0.49 GB)
(Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.

========================================================
Disk: 1 (Size: 60.5 GB) (Disk ID: A028C66D)
Partition 1: (Not Active) - (Size=60.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

FAQ-AirIndia SkyFam Retirees
100% (1)
FAQ-AirIndia SkyFam Retirees
13 pages
CDB
No ratings yet
CDB
40 pages
CHAINWAY C2000 Handheld Terminal API Instructions
No ratings yet
CHAINWAY C2000 Handheld Terminal API Instructions
66 pages
Malware analysis Documentación-20241216.zip Malicious activity _ ANY.RUN - Malware Sandbox Online
No ratings yet
Malware analysis Documentación-20241216.zip Malicious activity _ ANY.RUN - Malware Sandbox Online
19 pages
Addition_30-07-2018 12.49.18
No ratings yet
Addition_30-07-2018 12.49.18
27 pages
ADDITINAL.TXT AND FRST.TXT LOG
No ratings yet
ADDITINAL.TXT AND FRST.TXT LOG
56 pages
Addition
No ratings yet
Addition
28 pages
1.4.virtualization 2
No ratings yet
1.4.virtualization 2
36 pages
Middleware Comm Liberty Security Intro 3
No ratings yet
Middleware Comm Liberty Security Intro 3
57 pages
Addition
No ratings yet
Addition
25 pages
Addition
No ratings yet
Addition
18 pages
Uninstal Items
No ratings yet
Uninstal Items
50 pages
Dog Wif Tools
No ratings yet
Dog Wif Tools
202 pages
Addition
No ratings yet
Addition
16 pages
sluaa17a
No ratings yet
sluaa17a
9 pages
Fingerprint-Based_Vote_Marking_System_for_Elector_Identification
No ratings yet
Fingerprint-Based_Vote_Marking_System_for_Elector_Identification
8 pages
Arduino Programming Code
No ratings yet
Arduino Programming Code
19 pages
Software Rip
No ratings yet
Software Rip
1,320 pages
Windows 10, Version 1809 and Windows Server 2019 _ Microsoft Learn
No ratings yet
Windows 10, Version 1809 and Windows Server 2019 _ Microsoft Learn
7 pages
UsbFix Report
No ratings yet
UsbFix Report
116 pages
MonkeyCam Pro User Manual
No ratings yet
MonkeyCam Pro User Manual
9 pages
Addition
No ratings yet
Addition
12 pages
Analysis and Simulation of Plant Disease Progress
No ratings yet
Analysis and Simulation of Plant Disease Progress
13 pages
Untitled
No ratings yet
Untitled
295 pages
Backup AND Restore / Update Firmware: Doug Wendyker
No ratings yet
Backup AND Restore / Update Firmware: Doug Wendyker
12 pages
AMOS Business Suite Vrs. 10.4.40 Maintenance and Purchase User Guide
No ratings yet
AMOS Business Suite Vrs. 10.4.40 Maintenance and Purchase User Guide
475 pages
FRST
No ratings yet
FRST
183 pages
Uninstal Itemstesting
No ratings yet
Uninstal Itemstesting
50 pages
Bridge Design Pattern - Exp4
No ratings yet
Bridge Design Pattern - Exp4
4 pages
DLBT1416006EN01
No ratings yet
DLBT1416006EN01
3 pages
XXXXX
No ratings yet
XXXXX
9 pages
Except Armada 2
No ratings yet
Except Armada 2
40 pages
Addition
No ratings yet
Addition
5 pages
Tech Outlook - Jonah Cheng
No ratings yet
Tech Outlook - Jonah Cheng
89 pages
Embedded Systems Interview Questions _ Updated 2019 TIB Academy
No ratings yet
Embedded Systems Interview Questions _ Updated 2019 TIB Academy
4 pages
Check Vcredist Result
No ratings yet
Check Vcredist Result
1 page
xcpt DESKTOP-UEN18BN 25-01-02 19.13.56
No ratings yet
xcpt DESKTOP-UEN18BN 25-01-02 19.13.56
6 pages
Anyrun Report
No ratings yet
Anyrun Report
9 pages
all.preinstalled-system-common.apps.on.vanillaOSafter.Windex
0% (1)
all.preinstalled-system-common.apps.on.vanillaOSafter.Windex
4 pages
Addition
No ratings yet
Addition
12 pages
SOL_EJER5_RADIADORES
No ratings yet
SOL_EJER5_RADIADORES
2 pages
HHHH
No ratings yet
HHHH
12 pages
Name of The Faculty: Mrs.M.Akilandeeswari Subject Name & Code: Branch & Department: B.Tech & AI&DS Year & Semester: 2023 / VI Academic Year:2023-24
No ratings yet
Name of The Faculty: Mrs.M.Akilandeeswari Subject Name & Code: Branch & Department: B.Tech & AI&DS Year & Semester: 2023 / VI Academic Year:2023-24
16 pages
GUID_dump_BEAST_2024-12-06
No ratings yet
GUID_dump_BEAST_2024-12-06
14 pages
system_info
No ratings yet
system_info
7 pages
XCPT DESKTOP-3HHCP5S 18-01-11 20.47.19
No ratings yet
XCPT DESKTOP-3HHCP5S 18-01-11 20.47.19
7 pages
608 Advanced Intelligent Tourist Guide System
No ratings yet
608 Advanced Intelligent Tourist Guide System
16 pages
FRST
No ratings yet
FRST
25 pages
Mtputty - Copie
No ratings yet
Mtputty - Copie
66 pages
Manifest NonUFSFiles Win64
No ratings yet
Manifest NonUFSFiles Win64
1 page
Addition
No ratings yet
Addition
25 pages
myprogramlist
No ratings yet
myprogramlist
2 pages
HTML Code
No ratings yet
HTML Code
1 page
FRST
No ratings yet
FRST
66 pages
Exception Report LAPTOP-VARJHBOR 12-19-23 16.47.10 Exception
No ratings yet
Exception Report LAPTOP-VARJHBOR 12-19-23 16.47.10 Exception
6 pages
Addition
No ratings yet
Addition
15 pages
XCPT DESKTOP-F969TJ6 23-03-09 20.18.24
No ratings yet
XCPT DESKTOP-F969TJ6 23-03-09 20.18.24
6 pages
Ai OLog
No ratings yet
Ai OLog
1 page
Addition
No ratings yet
Addition
17 pages
Chapter 2 - Database Models
No ratings yet
Chapter 2 - Database Models
7 pages
Installed_Applications_List
No ratings yet
Installed_Applications_List
4 pages
Sky Children of the Light - Golden Wasteland Winged Light Locations
No ratings yet
Sky Children of the Light - Golden Wasteland Winged Light Locations
1 page
XCPT DESKTOP-F969TJ6 23-03-09 20.17.33
No ratings yet
XCPT DESKTOP-F969TJ6 23-03-09 20.17.33
6 pages
Information
No ratings yet
Information
7 pages
Addition
No ratings yet
Addition
43 pages
SpybotSD Results
No ratings yet
SpybotSD Results
103 pages
Addition
No ratings yet
Addition
19 pages
TS2BodyShop 2023.03.25 10.46.02
No ratings yet
TS2BodyShop 2023.03.25 10.46.02
4 pages
Yash's Resume
No ratings yet
Yash's Resume
1 page
Untitled17 - Jupyter Notebook
No ratings yet
Untitled17 - Jupyter Notebook
2 pages
Addition
No ratings yet
Addition
20 pages
Diamond The Ultimate Semiconductor
No ratings yet
Diamond The Ultimate Semiconductor
53 pages
Addition - 21-09-2022 14.25.50
No ratings yet
Addition - 21-09-2022 14.25.50
13 pages
SimCity Exception Report 2014.04.21 22.02.19
No ratings yet
SimCity Exception Report 2014.04.21 22.02.19
4 pages
Xinfo
No ratings yet
Xinfo
9 pages
Addition
No ratings yet
Addition
16 pages
Release Notes
No ratings yet
Release Notes
2 pages
A
No ratings yet
A
3 pages
LinError 110628 2011 06 29 12 44
No ratings yet
LinError 110628 2011 06 29 12 44
4 pages
ISC Computer Record Batch 2020-2021
No ratings yet
ISC Computer Record Batch 2020-2021
73 pages
Trade Mark Search Report - NTMC2020060 PDF
No ratings yet
Trade Mark Search Report - NTMC2020060 PDF
9 pages
MQ Control Commands
100% (1)
MQ Control Commands
7 pages
Cyber Essentials Plus Illustrative Test Specification April 2020
No ratings yet
Cyber Essentials Plus Illustrative Test Specification April 2020
13 pages
Srujani Mainframe Mar
No ratings yet
Srujani Mainframe Mar
5 pages
Exception Report TORRES-PC 10-23-11 17.57.30 Exception
No ratings yet
Exception Report TORRES-PC 10-23-11 17.57.30 Exception
5 pages
Addition
No ratings yet
Addition
15 pages
PCIDSS Compliance Requirement Checklist 2020
No ratings yet
PCIDSS Compliance Requirement Checklist 2020
6 pages
Dreamcast Architecture: Architecture of Consoles: A Practical Analysis, #9
From Everand
Dreamcast Architecture: Architecture of Consoles: A Practical Analysis, #9
Rodrigo Copetti
No ratings yet
Windows Vista Sp2 Install Guide English Edition
From Everand
Windows Vista Sp2 Install Guide English Edition
Cyber Jannah Studio
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Addition

Uploaded by

Addition

Uploaded by

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.

==================== Accounts: =============================

Administrator (S-1-5-21-2930207519-6125519-2372475533-500 - Administrator -

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)

==================== Custom CLSID (Whitelisted): ==========================

==================== Scheduled Tasks (Whitelisted) =============

Task: {011EB7F2-EE8D-462D-B92F-AE1C4DCB2862} - System32\Tasks\SmartShare =>

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ ()

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

==================== Hosts content: ===============================

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2930207519-6125519-2372475533-1001\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

FirewallRules: [{6D081B0C-5159-4399-BDED-A2EF267AAEBB}] => (Allow) C:\Program

==================== Restore Points =========================

07-02-2018 08:53:30 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Error: (02/17/2018 11:59:07 PM) (Source: Software Protection Platform Service)

Error: (02/17/2018 11:04:44 AM) (Source: Software Protection Platform Service)

Error: (02/17/2018 10:54:43 AM) (Source: Software Protection Platform Service)

Error: (02/16/2018 11:59:10 PM) (Source: Software Protection Platform Service)

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

Error: (02/18/2018 04:15:56 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/18/2018 03:10:44 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/18/2018 01:00:15 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/17/2018 01:00:11 PM) (Source: DCOM) (EventID: 10016) (User: NT

Date: 2017-12-18 19:43:13.748

Date: 2017-12-17 23:59:03.409

Date: 2017-12-17 23:59:03.059

Date: 2017-12-17 23:59:02.896

Date: 2018-01-30 19:14:08.845

Date: 2018-01-30 19:14:08.844

Date: 2018-01-28 00:09:02.336

Date: 2018-01-28 00:09:02.336

Date: 2018-01-28 00:09:02.335

Date: 2018-02-18 10:21:55.946

Date: 2018-02-18 10:21:55.945

Date: 2018-02-18 10:09:28.327

Date: 2018-02-18 10:09:28.326

Date: 2018-02-18 10:09:11.283

Date: 2018-02-18 10:09:11.282

Date: 2018-02-18 09:51:55.946

Date: 2018-02-18 09:51:55.945

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:798.64 GB) NTFS

\\?\Volume{9798cba0-d02c-420f-9550-96aa24439ca9}\ (Ripristino) (Fixed) (Total:0.44

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.