0% found this document useful (0 votes)

109 views

Addition

This document summarizes the results of a scan run by Farbar Recovery Scan Tool on a Windows 10 Education system. It lists 5 user accounts, Windows Defender as the active security software, and over 80 installed programs including Google Chrome, Mozilla Firefox, Microsoft Office, 7-Zip, Dropbox, Spotify, and various video game and VPN applications.

Uploaded by

ilu593

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

109 views

Addition

Uploaded by

ilu593

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 26

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.

2018
Ran by Luca Atzori (18-02-2018 10:58:59)
Running from C:\Users\Luca Atzori\Downloads
Windows 10 Education Version 1709 16299.248 (X64) (2017-12-16 00:48:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2930207519-6125519-2372475533-500 - Administrator -

Disabled)
DefaultAccount (S-1-5-21-2930207519-6125519-2372475533-503 - Limited - Disabled)
Guest (S-1-5-21-2930207519-6125519-2372475533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2930207519-6125519-2372475533-1005 - Limited - Enabled)
Luca Atzori (S-1-5-21-2930207519-6125519-2372475533-1001 - Administrator - Enabled)
=> C:\Users\Luca Atzori
WDAGUtilityAccount (S-1-5-21-2930207519-6125519-2372475533-504 - Limited -
Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems
Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:
28.0.0.161 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 -
NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 -
Apple Inc.)
Brave (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\Brave) (Version: 0.16.9
- Brave Software)
CERNBox (HKLM-x32\...\CERNBox) (Version: 2.1.1.544 - CERN)
Dropbox (HKLM-x32\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94})
(Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dynalist 1.0.2 (only current user) (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.2 - Dynalist Inc.)
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-
396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Factorio version 0.15.31 (HKLM\...\Factorio_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version:
5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
(Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HMA! Pro VPN 3.4.6.1 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.4.6.1 - Privax Ltd)
ibVPN (HKLM-x32\...\ibVPN) (Version: 1.9.3.2 - ibVPN)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version:
8.0.1610.12 - Oracle Corporation)
KeePassXC (HKLM-x32\...\KeePassXC) (Version: 2.2.4 - KeePassXC Team)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
ma Livebox (HKLM-x32\...\ma Livebox) (Version: 3.4.8.0 - Orange)
Mattermost (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\mattermost)
(Version: 3.4.1 - Mattermost, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-
A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version:
16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-
38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-
F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-
6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\
{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft
Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\
{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft
Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\
{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft
Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\
{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft
Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\
{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft
Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\
{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft
Corporation)
Mozilla Firefox 58.0.2 (x64 it) (HKLM\...\Mozilla Firefox 58.0.2 (x64 it))
(Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version:
58.0.2.6611 - Mozilla)
NordVPN (HKLM-x32\...\{2A2818C4-6A77-4AF8-9651-0B225B3B1B6B}) (Version: 6.0.2 -
NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.0.2) (Version: 6.0.2 - NordVPN)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-
0000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\
{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft
Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-
0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-
0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995})
(Version: 5.0.20 - Oracle Corporation)
Orange Update (HKLM-x32\...\Orange Update) (Version: 3.3.0.3 - Orange)
Pannello di controllo NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden
Plex Media Player (HKLM\...\{5F98B292-7491-494E-AB9B-9A4C834B03A1}) (Version: 1.3.4
- Plex) Hidden
Plex Media Player (HKLM-x32\...\{0fdef169-9dda-4c96-9865-0bf7b2a4ef4e}) (Version:
1.3.4 - Plex)
Plex Media Server (HKLM-x32\...\{7118FBC6-F81D-43B9-B30A-51945CC1A0C8}) (Version:
1.8.4249 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{dd96de17-0520-49fc-ab44-44e1710f6c77}) (Version:
1.8.4.4249 - Plex, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version:
2.7.12150 - Python Software Foundation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent
project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version:
10.0.10586.31222 - Realtek Semiconduct Corp.)
Signal 1.3.0 (only current user) (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.3.0 - Open Whisper
Systems)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-
EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Skype versione 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies
S.A.)
Slack (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\slack) (Version: 3.0.5 -
Slack Technologies)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version:
2.3.1511.1201 - LG Electronics Inc.)
Spotify (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\Spotify) (Version:
1.0.74.380.g1fcff12a - Spotify AB)
Stopping Plex (HKLM-x32\...\{68B69B2F-7F58-41DC-AB5E-05E4E735AB0A}) (Version:
1.8.4249 - Plex, Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 -
Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-2930207519-6125519-2372475533-
1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram
Messenger LLP)
Trackmania Turbo (HKLM-x32\...\Uplay Install 2070) (Version: - Ubisoft)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity
Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 -
LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WhatsApp (HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\WhatsApp) (Version:
0.2.8082 - WhatsApp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 -
Xiph.Org)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX
-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 ->
C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2930207519-6125519-2372475533-1001_Classes\CLSID\
{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luca
Atzori\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722}
=> C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16]
(ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} =>
C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16] (ownCloud
Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-
276B1E3C3722} => C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-
02-16] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722}
=> C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-02-16]
(ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-
276B1E3C3722} => C:\Program Files (x86)\cernbox\shellext\OCOverlays_x64.dll [2016-
02-16] (ownCloud Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-
CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-
02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [OCContextMenuHandler] -> {841A0AAD-AA11-4B50-84D9-
7F8E727D77D7} => C:\Program Files (x86)\cernbox\shellext\OCContextMenu_x64.dll
[2016-02-16] (ownCloud Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll
[2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>
C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox,
Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No
File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-
BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {011EB7F2-EE8D-462D-B92F-AE1C4DCB2862} - System32\Tasks\SmartShare =>

C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2014-12-05]
(LG Electronics Inc.)
Task: {02CF33EE-871B-43CC-BCD6-5C22E1E9F7DC} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-1001Core
=> C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04]
(Google Inc.)
Task: {153DC3C2-A993-4597-8620-DE52AF546EA9} -
\Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {193F1407-2C6A-484D-B08E-137130CF1B77} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files
(x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-20] (Microsoft Corporation)
Task: {3519FFB9-F77C-4B81-8E58-22EFE7CD7F51} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files
(x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[2017-10-11] (NVIDIA Corporation)
Task: {3817A9CD-E691-4598-A6F8-3DB1E7F9DD80} -
System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program
Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-
01-20] ()
Task: {383D1B40-D003-4356-BB4E-A51C96713980} -
System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common
Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft
Corporation)
Task: {38CD0A89-E015-4313-AE63-B25E6EFF3C7C} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11]
(NVIDIA Corporation)
Task: {3B52FB55-95C4-40AD-ABF8-5B915E215CEF} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11]
(NVIDIA Corporation)
Task: {3E151138-7DE3-4D80-9B0C-2558923F8E7A} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
=> C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-
0\MpCmdRun.exe [2018-01-21] (Microsoft Corporation)
Task: {4116975B-51AA-40E5-A955-908E8B0C9C34} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23]
(Microsoft Corporation)
Task: {4C879943-7E08-49C7-931F-E92B38AACE4D} - System32\Tasks\NvTmRep_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update
Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {5525F23A-3E36-4345-B936-6351F3AA6492} - System32\Tasks\NvTmMon_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update
Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {55AB7626-067D-4CC9-B6D1-D53034BB810C} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001UA1d257f065148419 => C:\Users\Luca
Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {55D9E651-F1A1-4D9B-8CA6-49BE482BAC4A} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-20] (Microsoft
Corporation)
Task: {6DA936D3-1480-435E-A548-EA0520EE0C4B} -
System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {71F9F99B-90B5-458D-9756-CDFF66BE6794} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Launch => Command(1): Net -> stop
"Orange Update Core Service"
Task: {71F9F99B-90B5-458D-9756-CDFF66BE6794} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Launch => Command(2): Net -> start
"Orange Update Core Service"
Task: {7682F719-4DAA-4A6C-8FBC-C68175A1ACED} -
System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration =>
C:\Program Files (x86)\Microsoft
Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-20] ()
Task: {796B6B74-1938-4C9D-A41E-2672EBD1F2B9} -
System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-04] (Dropbox, Inc.)
Task: {95112576-76E6-4052-B15A-C9F17F44ED35} -
System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files
(x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft
Shared\Office16\OLicenseHeartbeat.exe [2018-01-20] (Microsoft Corporation)
Task: {9EB86741-9C11-4E5B-BCC6-34EFFCC659A7} -
System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA
Corporation)
Task: {AE7CFDCB-4287-458B-AB17-79844002859C} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001Core1d257f06509cccd => C:\Users\Luca
Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {C00FDCA5-CAC1-40EA-8DFB-7AC74CC53781} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-1001UA =>
C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-04]
(Google Inc.)
Task: {C6F7D2C0-E9B8-4680-BA53-4017671681A5} - System32\Tasks\AutoPico Daily
Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-11] (@ByELDI)
Task: {C729793C-F10E-441C-8383-61F0F3BAA2E4} -
System32\Tasks\Microsoft\Windows\OrangeUpdate_Install => C:\Program Files
(x86)\Orange Update\install.bat [2017-11-13] () <==== ATTENTION
Task: {CCF6A4A0-A435-4038-82B3-95DFBA249909} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe
[2018-01-21] (Microsoft Corporation)
Task: {CF86D0AA-F9E2-4644-BF0D-750371C44517} - System32\Tasks\Adobe Flash Player
Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-
02-06] (Adobe Systems Incorporated)
Task: {D1AB73B8-C3D9-40E7-9C4D-33F4F60F7B78} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11]
(NVIDIA Corporation)
Task: {D33001B3-9080-41CC-BA57-1F7E4F848316} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {D5CDC3FB-CCAF-49D2-8ADC-B7B519CDF2BA} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe
[2018-01-21] (Microsoft Corporation)
Task: {E486F011-18EC-4BFA-86ED-86811F7FD6C6} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {E686C3DE-D8FE-49DE-B6AE-DC37E3C81B2E} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-
0\MpCmdRun.exe [2018-01-21] (Microsoft Corporation)
Task: {EC607472-050F-4A53-81CD-D5F7A250BFFA} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA
Corporation)
Task: {F677DDD7-3A91-4286-A2E1-5BB7730A765C} - System32\Tasks\ibVPN-Service =>
C:\Program Files (x86)\ibVPN\ibVPN.service.exe [2016-05-12] ()
Task: {F85DAB7C-9C9F-4317-8D2C-2533F5C48643} -
System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-04] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files

(x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files
(x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001Core.job => C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2930207519-6125519-2372475533-
1001UA.job => C:\Users\Luca Atzori\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ ()

C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-06 12:21 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA
Corporation\NvContainer\libprotobuf.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 001970544 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
2016-02-16 15:30 - 2016-02-16 15:30 - 000058880 _____ () C:\Program Files
(x86)\cernbox\shellext\OCUtil_x64.dll
2018-02-15 18:13 - 2018-02-10 05:39 - 011044864 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-15 18:13 - 2018-02-10 05:36 - 001804288 _____ ()
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 000086528 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 18:22 - 2018-01-31 18:22 - 000195072 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgrou
ndTasks.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 025135104 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 002542592 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-31 18:22 - 2018-01-31 18:22 - 000667136 _____ () C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-02-26 14:38 - 2016-02-26 14:38 - 035928709 _____ () C:\Program Files
(x86)\cernbox\cernbox.exe
2018-02-03 10:03 - 2018-02-03 10:03 - 002250240 _____ () C:\Program
Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsof
t.UI.Xaml.dll
2018-02-07 04:19 - 2018-02-07 04:19 - 001231536 _____ () C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d
8bbwe\Office.UI.Xaml.Word.dll
2018-02-16 23:40 - 2018-02-16 23:40 - 027138048 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\Video.UI.
exe
2018-02-16 23:40 - 2018-02-16 23:40 - 000306176 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\SharedUI.
dll
2018-02-16 23:40 - 2018-02-16 23:40 - 006687744 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\EntCommon
.dll
2017-09-26 18:05 - 2017-09-26 18:05 - 003553704 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\Microsoft
.UI.Xaml.dll
2018-02-16 23:40 - 2018-02-16 23:40 - 009283072 _____ () C:\Program
Files\WindowsApps\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\EntPlat.d
ll
2018-02-10 20:43 - 2018-02-10 20:43 - 002144528 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\ffmpeg.dll
2018-02-17 19:05 - 2018-02-17 19:05 - 000492032 _____ () \\?\C:\Users\Luca
Atzori\AppData\Local\Temp\EE9F.tmp.node
2018-02-10 20:43 - 2018-02-10 20:43 - 002555152 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\libglesv2.dll
2018-02-10 20:43 - 2018-02-10 20:43 - 000096528 _____ () C:\Users\Luca
Atzori\AppData\Local\WhatsApp\app-0.2.8082\libegl.dll
2018-02-17 19:05 - 2018-02-17 19:05 - 000492032 _____ () \\?\C:\Users\Luca
Atzori\AppData\Local\Temp\FD83.tmp.node
2017-12-14 03:48 - 2017-12-14 03:48 - 001139282 _____ () C:\Program
Files\KeePassXC\libgcrypt-20.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000093830 _____ () C:\Program
Files\KeePassXC\zlib1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000021164 _____ () C:\Program
Files\KeePassXC\libssp-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000143177 _____ () C:\Program
Files\KeePassXC\libgpg-error-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000387616 _____ () C:\Program
Files\KeePassXC\libykpers-1-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 001796044 _____ () C:\Program
Files\KeePassXC\libicuuc58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000304319 _____ () C:\Program
Files\KeePassXC\libpcre2-16-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000083150 _____ () C:\Program
Files\KeePassXC\libgcc_s_seh-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000225623 _____ () C:\Program
Files\KeePassXC\libjson-c-2.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 001432713 _____ () C:\Program
Files\KeePassXC\libstdc++-6.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000347956 _____ () C:\Program
Files\KeePassXC\libyubikey-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 026230434 _____ () C:\Program
Files\KeePassXC\libicudt58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000650125 _____ () C:\Program
Files\KeePassXC\libharfbuzz-0.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 002735264 _____ () C:\Program
Files\KeePassXC\libicuin58.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000226591 _____ () C:\Program
Files\KeePassXC\libgraphite2.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000231566 _____ () C:\Program
Files\KeePassXC\libpng16-16.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000677139 _____ () C:\Program
Files\KeePassXC\libfreetype-6.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000285375 _____ () C:\Program
Files\KeePassXC\libpcre-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000074400 _____ () C:\Program
Files\KeePassXC\libbz2-1.dll
2017-12-14 03:48 - 2017-12-14 03:48 - 000054800 _____ () C:\Program
Files\KeePassXC\libkeepassx-autotype-windows.dll
2016-07-28 08:48 - 2018-01-20 04:56 - 008929480 _____ () C:\Program Files
(x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft
Office\Office16\1033\GrooveIntlResource.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000047616 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITeleme
try.dll
2018-02-15 18:13 - 2018-02-10 05:41 - 004173824 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataMo
del.dll
2018-02-15 18:13 - 2018-02-10 05:41 - 003662336 _____ ()
C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewMo
dels.dll
2017-09-07 03:28 - 2017-09-07 03:28 - 000083432 _____ () C:\Program Files
(x86)\Plex\Plex Media Server\zlib.dll
2017-09-07 03:27 - 2017-09-07 03:27 - 000203240 _____ () C:\Program Files
(x86)\Plex\Plex Media Server\libidn.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000549888 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\netsnmp.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000182784 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\ProxyDetection.dll
2014-09-15 10:01 - 2014-09-15 10:01 - 000157184 _____ () C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\pupnp.dll
2016-01-29 14:26 - 2016-01-29 14:26 - 000051095 _____ () C:\Program Files
(x86)\cernbox\libqt5keychain.dll
2016-02-26 14:37 - 2016-02-26 14:37 - 003148899 _____ () C:\Program Files
(x86)\cernbox\libocsync.dll
2016-02-26 14:37 - 2016-02-26 14:37 - 017989222 _____ () C:\Program Files
(x86)\cernbox\libcernboxsync.dll
2016-01-25 20:36 - 2016-01-25 20:36 - 000097326 _____ () C:\Program Files
(x86)\cernbox\libgcc_s_sjlj-1.dll
2016-01-25 20:36 - 2016-01-25 20:36 - 000922727 _____ () C:\Program Files
(x86)\cernbox\libstdc++-6.dll
2016-01-25 17:26 - 2016-01-25 17:26 - 001366986 _____ () C:\Program Files
(x86)\cernbox\libGLESv2.dll
2016-01-25 17:25 - 2016-01-25 17:25 - 000085548 _____ () C:\Program Files
(x86)\cernbox\zlib1.dll
2016-01-25 18:37 - 2016-01-25 18:37 - 000209711 _____ () C:\Program Files
(x86)\cernbox\libpng16-16.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 002197765 _____ () C:\Program Files
(x86)\cernbox\icui18n53.dll
2016-01-25 17:24 - 2016-01-25 17:24 - 000148117 _____ () C:\Program Files
(x86)\cernbox\libpcre16-0.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 001308778 _____ () C:\Program Files
(x86)\cernbox\icuuc53.dll
2016-01-25 17:27 - 2016-01-25 17:27 - 000350662 _____ () C:\Program Files
(x86)\cernbox\libjpeg-8.dll
2016-01-25 21:36 - 2016-01-25 21:36 - 000231727 _____ () C:\Program Files
(x86)\cernbox\libxslt-1.dll
2016-01-25 17:30 - 2016-01-25 17:30 - 021539975 _____ () C:\Program Files
(x86)\cernbox\icudata53.dll
2016-01-25 17:26 - 2016-01-25 17:26 - 000154982 _____ () C:\Program Files
(x86)\cernbox\libEGL.dll
2016-01-25 17:25 - 2016-01-25 17:25 - 000689339 _____ () C:\Program Files
(x86)\cernbox\libsqlite3-0.dll
2016-01-25 20:57 - 2016-01-25 20:57 - 000247540 _____ () C:\Program Files
(x86)\cernbox\libwebp-4.dll
2016-01-25 18:41 - 2016-01-25 18:41 - 001169416 _____ () C:\Program Files
(x86)\cernbox\libxml2-2.dll
2018-01-08 22:21 - 2018-02-02 21:48 - 001782904 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-02-10 11:30 - 2018-02-08 21:10 - 000740168 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-10 11:30 - 2018-02-08 21:10 - 002079048 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 21:54 - 2018-02-08 21:10 - 000100312 _____ () C:\Program Files
(x86)\Dropbox\Client\_ctypes.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000018896 _____ () C:\Program Files
(x86)\Dropbox\Client\select.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000020808 _____ () C:\Program Files
(x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000035808 _____ () C:\Program Files
(x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000694232 _____ () C:\Program Files
(x86)\Dropbox\Client\unicodedata.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000130520 _____ () C:\Program Files
(x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001856864 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000022880 _____ () C:\Program Files
(x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000145880 _____ () C:\Program Files
(x86)\Dropbox\Client\pyexpat.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000116696 _____ () C:\Program Files
(x86)\Dropbox\Client\pywintypes27.dll
2017-09-21 21:54 - 2018-02-08 21:10 - 000105944 _____ () C:\Program Files
(x86)\Dropbox\Client\win32api.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022872 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000063312 _____ () C:\Program Files
(x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024536 _____ () C:\Program Files
(x86)\Dropbox\Client\win32event.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000077120 _____ () C:\Program Files
(x86)\Dropbox\Client\fastpath.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000020952 _____ () C:\Program Files
(x86)\Dropbox\Client\mmapfile.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000124888 _____ () C:\Program Files
(x86)\Dropbox\Client\win32file.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000116184 _____ () C:\Program Files
(x86)\Dropbox\Client\win32security.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000392664 _____ () C:\Program Files
(x86)\Dropbox\Client\pythoncom27.dll
2017-09-21 21:54 - 2018-02-08 21:12 - 000392520 _____ () C:\Program Files
(x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000026464 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024024 _____ () C:\Program Files
(x86)\Dropbox\Client\win32clipboard.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000175576 _____ () C:\Program Files
(x86)\Dropbox\Client\win32gui.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000030168 _____ () C:\Program Files
(x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000043480 _____ () C:\Program Files
(x86)\Dropbox\Client\win32process.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000026072 _____ () C:\Program Files
(x86)\Dropbox\Client\win32job.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000048600 _____ () C:\Program Files
(x86)\Dropbox\Client\win32service.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000057816 _____ () C:\Program Files
(x86)\Dropbox\Client\win32evtlog.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000021840 _____ () C:\Program Files
(x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000023376 _____ () C:\Program Files
(x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000022864 _____ () C:\Program Files
(x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000066400 _____ () C:\Program Files
(x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001796416 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000084944 _____ () C:\Program Files
(x86)\Dropbox\Client\sip.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 001956672 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 003859272 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000155472 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000521032 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000051024 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000043336 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000131400 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000219984 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000204104 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000025440 _____ () C:\Program Files
(x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000060888 _____ () C:\Program Files
(x86)\Dropbox\Client\win32print.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000054616 _____ () C:\Program Files
(x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000024024 _____ () C:\Program Files
(x86)\Dropbox\Client\win32profile.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022880 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-21 21:54 - 2018-02-08 21:12 - 000100704 _____ () C:\Program Files
(x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000028632 _____ () C:\Program Files
(x86)\Dropbox\Client\win32ts.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022368 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000022368 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000027496 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-21 21:54 - 2018-02-08 21:10 - 000349144 _____ () C:\Program Files
(x86)\Dropbox\Client\winxpgui.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000101704 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-21 21:54 - 2018-02-08 21:13 - 000023904 _____ () C:\Program Files
(x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000025432 _____ () C:\Program Files
(x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000036312 _____ () C:\Program Files
(x86)\Dropbox\Client\librsync.dll
2018-02-10 11:30 - 2018-02-08 21:12 - 000032608 _____ () C:\Program Files
(x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-02-10 11:30 - 2018-02-08 21:10 - 000293392 _____ () C:\Program Files
(x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 21:14 - 2018-02-08 21:13 - 000021856 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000181064 _____ () C:\Program Files
(x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-21 21:54 - 2018-02-08 21:12 - 000030544 _____ () C:\Program Files
(x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000024384 _____ () C:\Program Files
(x86)\Dropbox\Client\libEGL.DLL
2018-02-10 11:30 - 2018-02-08 21:12 - 001638208 _____ () C:\Program Files
(x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 21:54 - 2018-02-08 21:13 - 000026464 _____ () C:\Program Files
(x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000545096 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000359232 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-02-10 11:30 - 2018-02-08 21:12 - 000038216 _____ () C:\Program Files
(x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-01-08 22:21 - 2018-02-02 21:48 - 002559616 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-08 22:21 - 2018-02-02 21:48 - 000031872 _____ () C:\Program Files
(x86)\Microsoft\Skype for Desktop\libegl.dll
2018-02-10 11:28 - 2018-02-02 21:48 - 000208384 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\electron-
ssid\build\Release\electron-ssid.node
2018-01-08 22:21 - 2018-02-02 21:48 - 000400384 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Rel
ease\spellchecker.node
2018-01-08 22:21 - 2018-02-02 21:48 - 000129536 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\keyboard-
layout\build\Release\keyboard-layout-manager.node
2018-01-08 22:21 - 2018-02-02 21:48 - 002167808 _____ () \\?\C:\Program Files
(x86)\Microsoft\Skype for
Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2016-11-06 12:21 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files
(x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-28 08:48 - 2018-01-20 04:55 - 008928968 _____ () C:\Program Files
(x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
"AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to
default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____

C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2930207519-6125519-2372475533-1001\Control Panel\Desktop\\Wallpaper ->

C:\Users\Luca
Atzori\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\46
924.jpg
DNS Servers: 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2930207519-6125519-2372475533-1001\...\StartupApproved\StartupFolder:
=> "Facebook Gameroom.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

FirewallRules: [{6D081B0C-5159-4399-BDED-A2EF267AAEBB}] => (Allow) C:\Program

Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{76278E2D-1C93-4441-8491-1988B91018C6}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7C577AE5-9BE6-4BA5-A6B6-9E1A816AFBCA}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{47ED8C62-19C8-4E53-B3A9-EFC4F15F9C45}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4AC005A1-74DB-46A6-802A-06616657EF6D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B11514B9-AE5F-4BCB-90F9-2BCA0DEE6183}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{120AB57A-D068-4867-AA4D-E1CA26C40DFD}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{DF2C8E69-4B88-4EE4-AFA1-4902CA28F4DA}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{C900221A-CD4E-4AF5-A6FE-4128AD518711}] => (Allow) C:\Program Files
(x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{3CB43FF0-6BCA-489D-BD5E-357054F9CBA9}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{B8DBCA87-6356-4C67-9512-3A0B2692D0D6}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [UDP Query User{CE5963B5-EC9A-4BD7-9514-7A6CACF20AC5}C:\program
files\factorio\bin\x64\factorio.exe] => (Allow) C:\program
files\factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{466B6369-95B9-4885-ABF5-0209DA0DF83B}C:\program
files\factorio\bin\x64\factorio.exe] => (Allow) C:\program
files\factorio\bin\x64\factorio.exe
FirewallRules: [{34BA2BF6-BF32-4281-98C4-281B4A83436C}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{6E4278C1-9F83-4E47-9341-ED44FEA19ADF}] => (Allow) C:\Program Files
(x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{CF8B7ABD-9669-4230-95CA-CC76636224F5}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe
FirewallRules: [{678D7F16-CB84-49AB-B2CE-A8D967BBC2FD}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe
FirewallRules: [{FCDA19E7-98EF-4B47-98D5-ADC18E5A2C8F}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginDmControlPoint.exe
FirewallRules: [{A10F9A1A-945E-4D58-9EB1-A084E5028158}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\PluginDmControlPoint.exe
FirewallRules: [{4D33BC3E-8AAA-418E-A877-5768E428C96F}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe
FirewallRules: [{D5A60F85-FCAE-4EFA-893A-43952E03D53B}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe
FirewallRules: [{C089849E-EFCC-45BC-BA9E-4D9162967707}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
FirewallRules: [{FFB5D48B-9D14-42A0-B835-488703F77BB1}] => (Allow) C:\Program Files
(x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
FirewallRules: [{B292FD60-2E17-4187-84F4-A21BF438BD31}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DE86B99-03DA-4100-A4D3-B68FBDF12625}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F86C6A1-B85A-46F1-8DF1-A9891AA778B9}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CC0F06D-FA54-46EA-90E9-164A5785EAA7}] => (Allow) C:\Program Files
(x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5ECFA3EE-602A-479B-8484-800953D21524}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [{141A6CF5-11CA-4853-8AF9-DAD89B42E5C8}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F80595D5-E4DC-4735-8C9F-38754EE93530}C:\program
files (x86)\hearthstonetracker\hearthcap.exe] => (Allow) C:\program files
(x86)\hearthstonetracker\hearthcap.exe
FirewallRules: [TCP Query User{3CC94EF7-CB5C-4774-95E4-6C4A4D92D80A}C:\program
files (x86)\hearthstonetracker\hearthcap.exe] => (Allow) C:\program files
(x86)\hearthstonetracker\hearthcap.exe
FirewallRules: [{0D7A19F7-8D20-4866-A25E-B4699D9EDF6A}] => (Allow) C:\Program Files
(x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{C715B22A-38A6-4BB6-ABCB-215253DD39BF}] => (Allow) C:\Program Files
(x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [UDP Query User{DBC06861-CBBF-4D9A-A5A4-C1CB1C6C91DC}C:\program
files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files
(x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{A8270586-924F-41C8-8810-6609C4072054}C:\program
files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files
(x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6EB64205-1F2B-4263-9920-7D48C4B19710}C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4AF5348C-3256-4882-9B01-290B7EA23F31}C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luca
atzori\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DDEFACAF-ACCF-4739-9B3D-09D948B8D086}] => (Allow) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B663208-692A-4F10-84E7-2B66A4F896C5}] => (Allow) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DAC101D-C97F-494D-A517-42F2770997F1}] => (Allow) C:\Program Files
(x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{9E41FEC2-E465-426E-954E-4BCDE8078D1E}] => (Allow) C:\Program Files
(x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F67FEAE5-29A4-4D4C-A0DE-9EF9807E19F3}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{116D74F6-E240-482D-A1DC-2C8FBA354C97}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3F8BE1F7-B39B-4A88-8598-0F56D1CB1FFB}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CB72F66-49ED-46F3-952A-71A495A208A4}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0786BBE2-6D67-462F-BF30-AFE878134801}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7A38EE66-C5F7-4A9E-B513-65F65D619910}C:\program
files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files
(x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{CFE53F86-305F-4B9C-9DB5-E3A9E53FBAB0}C:\program
files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files
(x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{627AE6D9-EA28-40B2-B619-0C515ADCE7CC}C:\program
files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E994E48C-2D24-4342-9AF4-E4068D95555E}C:\program
files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{E2ABA18E-3EA9-477F-A983-73BE75E42453}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{2A37C064-40AD-49B3-A633-C38EE8A07A93}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{9F7E395C-4C4E-4CB1-AD6C-C7743ED26695}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{4DF068C9-E21C-4205-B208-A3E83028A5CB}] => (Allow) C:\Program Files
(x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [TCP Query User{D4692798-786F-42F4-B512-0A19CEC2DCE7}C:\program
files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files
(x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D4F2653B-AE7B-4EB3-9286-099F5B1A9807}C:\program
files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files
(x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{6940E482-F544-4031-A208-7CB65922D700}C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
] => (Allow) C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [UDP Query User{8A785802-B33A-4393-B628-922227457E2F}C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
] => (Allow) C:\users\luca
atzori\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [{98BAC98F-AAFE-4E92-B231-EAF5F2E1B735}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BC4895B2-4016-4171-AB51-213405B4B6FC}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{96F42307-0936-4147-9D15-ABD9599D63C5}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FB448C3A-4D5A-44AA-A08A-81E69CB75501}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{997F83DF-FD45-4B20-BB93-6CF0BC01B223}] => (Allow) C:\Program
Files\Plex\Plex Media Player\PlexMediaPlayer.exe
FirewallRules: [{D347DE5A-3CD8-49B5-803D-95E0E5EB1A1B}] => (Allow) C:\Program
Files\Plex\Plex Media Player\PMPHelper.exe
FirewallRules: [{C603FEE6-3B19-4DF2-8E9F-073FB0170CD6}] => (Allow) C:\Program Files
(x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{541A3945-7694-4A2F-9CF6-3D7F0E2F6CD3}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C08111B0-2EA3-4A52-B766-260369C5298D}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B38EE73D-5520-40CC-9093-79FA58EBE4CA}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{70B34FDE-9906-49F1-9B86-12F1D6D2750D}] => (Allow) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B17B9BB4-4323-4B44-9041-CBAB77E36D20}] => (Allow) C:\Program Files
(x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{6F1F76F6-006E-4528-B03D-297206600113}] => (Allow) C:\Program Files
(x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{61580D3A-E5DE-488A-ADAF-8C876B792CAD}] => (Allow) C:\Program Files
(x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{104FFCE6-6116-438E-8465-3186CCE4DFAF}] => (Allow) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-02-2018 08:53:30 Windows Update

15-02-2018 18:11:51 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2018 02:43:55 AM) (Source: Microsoft-Windows-Spell-Checking)
(EventID: 31) (User: DESKTOP-TIOPBP2)
Description: Impossibile aggiornare l'elenco di parole 1 dell'utente: -2147024864.
Il controllo ortografia rimarrà disponibile, ma l'elenco di parole dell'utente non
verrà aggiornato.

Error: (02/17/2018 11:59:07 PM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/17/2018 11:04:44 AM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/17/2018 10:54:43 AM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/16/2018 11:59:10 PM) (Source: Software Protection Platform Service)

(EventID: 1017) (User: )
Description: Impossibile installare la prova di acquisto. 0xC004E016
Pkey parziale=FJMQ6
ACID=?
Errore dettagliato[?]

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5265

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5265

Error: (02/16/2018 01:36:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/18/2018 10:45:47 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: È stato individuato un danneggiamento nella struttura del file system
nel volume E:.

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

riferimento del file è 0x1000000000497. Il nome del file è
"\Personal\tesi_titanic\atzori". L'attributo dell'indice danneggiato è ":
$I30:$INDEX_ROOT". Il blocco dell'indice danneggiato si trova nella posizione
seguente: VCN 0xffffffffffffffff, LCN 0xffffffffffffffff. Il danneggiamento inizia
all'offset 128 all'interno del blocco dell'indice.

Error: (02/18/2018 10:45:47 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: È stato individuato un danneggiamento nella struttura del file system
nel volume E:.

Rilevato danneggiamento in una struttura dell'indice del file system. Il numero di

riferimento del file è 0x1000000000f36. Il nome del file è "\Personal\taxes".
L'attributo dell'indice danneggiato è ":$I30:$INDEX_ALLOCATION".

Error: (02/18/2018 04:15:56 AM) (Source: DCOM) (EventID: 10016) (User: NT

AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost
(tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non
disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è
possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (02/18/2018 03:10:44 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/18/2018 01:00:15 AM) (Source: DCOM) (EventID: 10016) (User: NT

Error: (02/17/2018 06:42:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-
TIOPBP2)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente DESKTOP-TIOPBP2\SID Luca Atzori (S-1-5-21-2930207519-6125519-
2372475533-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del
contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale
autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo
Servizi componenti.

Error: (02/17/2018 06:40:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-
TIOPBP2)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche
dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per
l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente DESKTOP-TIOPBP2\SID Luca Atzori (S-1-5-21-2930207519-6125519-
2372475533-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del
contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale
autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo
Servizi componenti.

Error: (02/17/2018 01:00:11 PM) (Source: DCOM) (EventID: 10016) (User: NT

Windows Defender:
===================================
Date: 2018-02-13 19:05:50.863
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {85832C16-6303-4DF9-954F-E8BCBB2D80DD}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2017-12-18 19:43:13.748

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:3608,ProcessStart:131580958034842169;regkey:_HKLM\SOFTWARE\Mic
rosoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico
Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\Service_KMS.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:03.409

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:100,ProcessStart:131580251427213040;process:_pid:11504,Process
Start:131579387428215040;process:_pid:3588,ProcessStart:131579029059761587;regkey:_
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{C6F7D2C0-E9B8-4680-BA53-4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;star
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\AutoPico.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:03.059

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:11504,ProcessStart:131579387428215040;process:_pid:3588,Proces
sStart:131579029059761587;regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Program Files\KMSpico\AutoPico.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2017-12-17 23:59:02.896

Description:
Windows Defender Antivirus ha rilevato malware o altro software potenzialmente
indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?
linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Gravità: Medio
Categoria: Strumento
Percorso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program
Files\KMSpico\KMSELDI.exe;file:_C:\Program
Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico Portable\AutoPico.exe;file:_C:\Users\Luca
Atzori\Dropbox\KMSpico_v10.2.0\KMSpico
Portable\KMSELDI.exe;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily
Restart;process:_pid:11504,ProcessStart:131579387428215040;process:_pid:3588,Proces
sStart:131579029059761587;regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F7D2C0-E9B8-4680-BA53-
4017671681A5};regkey:_HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily
Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-
92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service
KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Sistema
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Windows\System32\svchost.exe
Versione firma: AV: 1.259.437.0, AS: 1.259.437.0, NIS: 118.2.0.0
Versione motore: AM: 1.1.14405.2, NIS: 2.1.14202.0

Date: 2018-01-30 19:14:08.845

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.520.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-30 19:14:08.844

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 118.2.0.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Network Inspection System
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 2.1.14202.0
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.336

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.364.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.336

Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.261.364.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo firma: Antispyware
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.14500.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione

Date: 2018-01-28 00:09:02.335

CodeIntegrity:
===================================

Date: 2018-02-18 10:21:55.946

Description:
Code Integrity determined that a process
(\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Microsoft signing level requirements.

Date: 2018-02-18 10:21:55.945

Date: 2018-02-18 10:09:28.327

Date: 2018-02-18 10:09:28.326

Date: 2018-02-18 10:09:11.283

Date: 2018-02-18 10:09:11.282

Date: 2018-02-18 09:51:55.946

Date: 2018-02-18 09:51:55.945

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz

Percentage of memory in use: 58%
Total physical RAM: 8047.52 MB
Available physical RAM: 3338.21 MB
Total Virtual: 9327.52 MB
Available Virtual: 3074.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:798.64 GB) NTFS

Drive e: () (Removable) (Total:60.53 GB) (Free:52.24 GB) NTFS

\\?\Volume{9798cba0-d02c-420f-9550-96aa24439ca9}\ (Ripristino) (Fixed) (Total:0.44

GB) (Free:0.42 GB) NTFS
\\?\Volume{9a9fc904-522c-4631-8a38-ecc13e1039e6}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
\\?\Volume{b4edb79d-5d2e-4ffc-9520-d6be929c8689}\ () (Fixed) (Total:0.49 GB)
(Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.

========================================================
Disk: 1 (Size: 60.5 GB) (Disk ID: A028C66D)
Partition 1: (Not Active) - (Size=60.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Addition
No ratings yet
Addition
12 pages
Addition
No ratings yet
Addition
25 pages
Addition
No ratings yet
Addition
43 pages
Addition
No ratings yet
Addition
14 pages
Addition - 21-09-2022 14.25.50
No ratings yet
Addition - 21-09-2022 14.25.50
13 pages
Addition
No ratings yet
Addition
20 pages
Addition
No ratings yet
Addition
15 pages
Addition
No ratings yet
Addition
17 pages
Addition
No ratings yet
Addition
17 pages
Addition_30-07-2018 12.49.18
No ratings yet
Addition_30-07-2018 12.49.18
27 pages
Addition
No ratings yet
Addition
16 pages
Addition
No ratings yet
Addition
16 pages
Addition
No ratings yet
Addition
12 pages
Addition
No ratings yet
Addition
18 pages
Addition
No ratings yet
Addition
5 pages
Addition
No ratings yet
Addition
15 pages
Addition
No ratings yet
Addition
19 pages
ADDITINAL.TXT AND FRST.TXT LOG
No ratings yet
ADDITINAL.TXT AND FRST.TXT LOG
56 pages
Addition
No ratings yet
Addition
25 pages
HHHH
No ratings yet
HHHH
12 pages
Addition
No ratings yet
Addition
23 pages
FRST
No ratings yet
FRST
42 pages
FRST
No ratings yet
FRST
25 pages
ZHP Diag
No ratings yet
ZHP Diag
41 pages
Ellipse 1250 120 Static
No ratings yet
Ellipse 1250 120 Static
4 pages
FRST
No ratings yet
FRST
166 pages
FRST - 21-09-2022 14.25.50
No ratings yet
FRST - 21-09-2022 14.25.50
10 pages
FRST
No ratings yet
FRST
19 pages
information
No ratings yet
information
6 pages
Combo Fix
No ratings yet
Combo Fix
11 pages
Frst
No ratings yet
Frst
24 pages
MSLIBRARY
No ratings yet
MSLIBRARY
10 pages
FRST
No ratings yet
FRST
15 pages
FRST
No ratings yet
FRST
11 pages
System Infoffg
No ratings yet
System Infoffg
7 pages
ZHP Diag
No ratings yet
ZHP Diag
25 pages
Combo Fix
No ratings yet
Combo Fix
7 pages
FRST
No ratings yet
FRST
66 pages
Oracle RAC
No ratings yet
Oracle RAC
118 pages
Install Oracle 11G Release 2 RAC (11.2) On Oracle Linux: Public Private Vip Rac1 Rac2
No ratings yet
Install Oracle 11G Release 2 RAC (11.2) On Oracle Linux: Public Private Vip Rac1 Rac2
111 pages
System Info
No ratings yet
System Info
7 pages
FRST
No ratings yet
FRST
5 pages
FRST_30-07-2018 13.04.42
No ratings yet
FRST_30-07-2018 13.04.42
24 pages
Combo Fix
No ratings yet
Combo Fix
9 pages
Combo Fix
No ratings yet
Combo Fix
8 pages
FRST
No ratings yet
FRST
12 pages
Combo Fix
No ratings yet
Combo Fix
11 pages
Docker Steps
No ratings yet
Docker Steps
16 pages
FRST
No ratings yet
FRST
22 pages
AdwCleaner (C00)
No ratings yet
AdwCleaner (C00)
3 pages
system_info
No ratings yet
system_info
5 pages
Output Log
No ratings yet
Output Log
15 pages
Overwatch 110340 Retailx64 enUS 11272 04-01-23 22.13.26 ErrorLog
No ratings yet
Overwatch 110340 Retailx64 enUS 11272 04-01-23 22.13.26 ErrorLog
32 pages
FRST
No ratings yet
FRST
17 pages
X-Plane Installer Log
No ratings yet
X-Plane Installer Log
6 pages
Winxp Pro Sp3 x86 - Be 2014.8.23 - Readme
No ratings yet
Winxp Pro Sp3 x86 - Be 2014.8.23 - Readme
7 pages
Dreamcast Architecture: Architecture of Consoles: A Practical Analysis, #9
From Everand
Dreamcast Architecture: Architecture of Consoles: A Practical Analysis, #9
Rodrigo Copetti
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Windows Vista Sp2 Install Guide English Edition
From Everand
Windows Vista Sp2 Install Guide English Edition
Cyber Jannah Studio
No ratings yet
PC Engine / TurboGrafx-16 Architecture: Architecture of Consoles: A Practical Analysis, #16
From Everand
PC Engine / TurboGrafx-16 Architecture: Architecture of Consoles: A Practical Analysis, #16
Rodrigo Copetti
No ratings yet
Ug Bioseditor
No ratings yet
Ug Bioseditor
28 pages
COA Tute 0
No ratings yet
COA Tute 0
3 pages
Gd32e230v Start
No ratings yet
Gd32e230v Start
13 pages
217 Creating Extensions For Ios and Os X Part 2 PDF
No ratings yet
217 Creating Extensions For Ios and Os X Part 2 PDF
129 pages
Quick Guide Candy Bianca Smart Fi Dual en 170830
No ratings yet
Quick Guide Candy Bianca Smart Fi Dual en 170830
2 pages
Networking Design and Implementation For Bio Tek Company
No ratings yet
Networking Design and Implementation For Bio Tek Company
24 pages
Brosur 1 Cpu 2022
No ratings yet
Brosur 1 Cpu 2022
1 page
"Pc-To-Pc Communication Using Ir": Beeresha R S, A M Khan. Department of Electronics, Mangalore University
No ratings yet
"Pc-To-Pc Communication Using Ir": Beeresha R S, A M Khan. Department of Electronics, Mangalore University
4 pages
Midi2stylesetup MANUAL PDF
No ratings yet
Midi2stylesetup MANUAL PDF
22 pages
Chapter 4 Central Processing Unit ملخص by Eng Emad Mahdy
No ratings yet
Chapter 4 Central Processing Unit ملخص by Eng Emad Mahdy
15 pages
Awt Lecture: Lecturer: Lott Champuku
No ratings yet
Awt Lecture: Lecturer: Lott Champuku
84 pages
This Atomic Pi Eats Other Pis For Lunch: Hackaday
No ratings yet
This Atomic Pi Eats Other Pis For Lunch: Hackaday
39 pages
12 JavaScript Concepts That Will Level Up Your Development Skills - Hacker Noon
No ratings yet
12 JavaScript Concepts That Will Level Up Your Development Skills - Hacker Noon
33 pages
Practical File: Maharaja Surajmal Institute of Technology
No ratings yet
Practical File: Maharaja Surajmal Institute of Technology
48 pages
18CS44@AzDOCUMENTS in
No ratings yet
18CS44@AzDOCUMENTS in
6 pages
Microsoft SQL Server Interview Questions and Answers
No ratings yet
Microsoft SQL Server Interview Questions and Answers
29 pages
Kubernetes
No ratings yet
Kubernetes
66 pages
Advanced SQL
No ratings yet
Advanced SQL
67 pages
EN SMS Commands List PDF
No ratings yet
EN SMS Commands List PDF
41 pages
Manual Pic18f4550 Microchip
No ratings yet
Manual Pic18f4550 Microchip
438 pages
Recursion Class 3
No ratings yet
Recursion Class 3
3 pages
Temp Scanner-Modbus Details PDF
No ratings yet
Temp Scanner-Modbus Details PDF
35 pages
I184e Cx-Compolet Sysmac Gateway Datasheet en
No ratings yet
I184e Cx-Compolet Sysmac Gateway Datasheet en
2 pages
Book Termux Commands
No ratings yet
Book Termux Commands
6 pages
IWS 2020 Help Manual (A4)
No ratings yet
IWS 2020 Help Manual (A4)
1,300 pages
Understanding Synchronous Fifos: Author: Cypress Associated Part Family
No ratings yet
Understanding Synchronous Fifos: Author: Cypress Associated Part Family
10 pages
CNG140 Programming Assignment 3
No ratings yet
CNG140 Programming Assignment 3
6 pages
Lecture 9 - Universal Synchronous Asynchronous Synchronous Asynchronous Receiver Transmitter (Usart)
No ratings yet
Lecture 9 - Universal Synchronous Asynchronous Synchronous Asynchronous Receiver Transmitter (Usart)
29 pages
C/C Programming: Lecture 1: Introduction To C Programming Lecturer: Phuong L. Vo, PHD
No ratings yet
C/C Programming: Lecture 1: Introduction To C Programming Lecturer: Phuong L. Vo, PHD
28 pages
Co Module1
No ratings yet
Co Module1
22 pages