Jump to content

Adware.Elex.ShrtCln keeps returning - joemcgal


Recommended Posts

I started a new thread with your post as it'll make it easier to assist you. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Hi

******************** this is yesterday report

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 11/11/17
Ora scansione: 14:12
File di log: ef4fc6a5-c6e1-11e7-91f1-001999f013bd.json
Amministratore: Sì

-Informazioni software-
Versione: 3.3.1.2183
Versione componenti: 1.0.236
Aggiorna versione pacchetto: 1.0.3230
Licenza: Free

-Informazioni sistema-
SO: Windows 8.1
CPU: x64
File system: NTFS
Utente: FUJITSU-PC\FUJITSU

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 359586
Minacce rilevate: 2
Minacce messe in quarantena: 2
Tempo impiegato: 2 min, 58 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 2
PUP.Optional.Funmoods, C:\USERS\FUJITSU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 3\Web Data, Sostituito, [801], [455240],1.0.3230
PUP.Optional.Funmoods, C:\USERS\FUJITSU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sostituito, [801], [455240],1.0.3230

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)

 

and now 

******************   FRST.txt 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017
Ran by FUJITSU (administrator) on FUJITSU-PC (12-11-2017 09:50:38)
Running from C:\Users\FUJITSU\Desktop
Loaded Profiles: FUJITSU (Available Profiles: FUJITSU)
Platform: Windows 8.1 (Update) (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware1\SASCORE64.EXE
() C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 10\cbService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware1\SUPERANTISPYWARE.EXE
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMSpeed.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bit4id csp store register (M x64)] => "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102528 2012-09-25] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Cobian Backup 10 Interface] => C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe [3150336 2010-05-14] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [bit4id csp store register (M)] => "C:\WINDOWS\SysWOW64\RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\Run: [Google Update] => C:\Users\FUJITSU\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-03] (Google Inc.)
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware1\SUPERAntiSpyware.exe [7964576 2017-10-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\MountPoints2: {56b70cbb-c767-11e2-bea7-001999f013bd} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5B0FBE26-8A6D-4620-A033-30751BFDDCFD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5B0FBE26-8A6D-4620-A033-30751BFDDCFD}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fujitsu13.msn.com
HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.fujitsu.com/fts
SearchScopes: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001 -> {60DF56D3-A8DE-4F09-8B93-2507DDAF4E12} URL = hxxp://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
SearchScopes: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001 -> {DCFCD32D-613B-4960-8F17-1109CDAA211E} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001 -> {EF68EE76-2339-4102-9E0F-026E3AD525EB} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-05] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-05] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-12-27] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2617600925-1017228353-1255779563-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\FUJITSU\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2617600925-1017228353-1255779563-1001: @talk.google.com/O1DPlugin -> C:\Users\FUJITSU\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2617600925-1017228353-1255779563-1001: @tools.google.com/Google Update;version=3 -> C:\Users\FUJITSU\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2617600925-1017228353-1255779563-1001: @tools.google.com/Google Update;version=9 -> C:\Users\FUJITSU\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\FUJITSU\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\FUJITSU\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR DefaultSearchURL: Profile 2 -> hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 2 -> Yahoo
CHR DefaultSuggestURL: Profile 2 -> hxxps://it.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-11]
CHR Profile: C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-12]
CHR Extension: (Presentazioni) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Documenti) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-26]
CHR Extension: (YouTube) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-26]
CHR Extension: (Google Search) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-01]
CHR Extension: (Fogli) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Documenti offline) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-26]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-11]
CHR Extension: (Gmail) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-11]
CHR Profile: C:\Users\FUJITSU\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware1\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 AK910SwitchService; C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe [98304 2013-06-28] () [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2012-12-29] (Autodesk)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-10] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [333488 2017-11-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-10] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [67584 2010-05-14] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup10; C:\Program Files (x86)\Cobian Backup 10\cbService.exe [1125376 2010-05-14] (Luis Cobian, CobianSoft) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-07] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4574520 2017-02-10] (SafeNet, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-11-20] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SAService; C:\WINDOWS\SysWOW64\SAsrv.exe [440320 2011-09-01] (Conexant Systems, Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [87864 2017-02-10] (SafeNet, Inc.)
S3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [86328 2017-02-10] (SafeNet, Inc.)
S3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [332088 2017-02-10] (SafeNet, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [562568 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-10] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-10] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-10] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1287496 2017-02-10] (SafeNet, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-11] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware1\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware1\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 09:50 - 2017-11-12 09:51 - 000024669 _____ C:\Users\FUJITSU\Desktop\FRST.txt
2017-11-12 09:50 - 2017-11-12 09:50 - 000000000 ____D C:\FRST
2017-11-12 09:49 - 2017-11-12 09:48 - 002392576 _____ (Farbar) C:\Users\FUJITSU\Desktop\FRST64.exe
2017-11-12 09:48 - 2017-11-12 09:48 - 002392576 _____ (Farbar) C:\Users\FUJITSU\Downloads\FRST64.exe
2017-11-11 15:25 - 2017-11-11 18:36 - 000000000 ____D C:\AdwCleaner
2017-11-11 15:23 - 2017-11-11 15:28 - 000155186 _____ C:\WINDOWS\ntbtlog.txt
2017-11-11 15:22 - 2017-11-11 15:22 - 011584088 _____ (SurfRight B.V.) C:\Users\FUJITSU\Downloads\HitmanPro_x64.exe
2017-11-11 15:17 - 2017-11-11 15:17 - 008261584 _____ (Malwarebytes) C:\Users\FUJITSU\Downloads\adwcleaner_7.0.4.0.exe
2017-11-11 15:07 - 2017-11-11 18:41 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-11 14:15 - 2017-11-11 14:15 - 000001580 ____N C:\Users\FUJITSU\Desktop\report mb.txt
2017-11-11 11:48 - 2017-11-11 11:48 - 000004913 _____ C:\Users\FUJITSU\Downloads\ITGLLGLI60R53F205C_LI_73001.xml
2017-11-11 11:36 - 2017-11-11 11:36 - 000004921 _____ C:\Users\FUJITSU\Downloads\ITGLLGPP56D28F205U_LI_73001.xml
2017-11-10 17:13 - 2017-11-10 17:13 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-11-10 17:13 - 2017-11-10 17:13 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-11-10 17:13 - 2017-11-10 17:13 - 000001991 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
2017-11-10 16:22 - 2017-11-10 16:22 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-10 16:22 - 2017-11-10 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-10 16:22 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-10 16:16 - 2017-11-10 16:16 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-10 16:08 - 2017-11-10 16:09 - 078346672 _____ (Malwarebytes ) C:\Users\FUJITSU\Downloads\mb3-setup-35891.35891-3.3.1.2183.exe
2017-11-10 16:06 - 2017-11-10 16:06 - 022851472 _____ (Malwarebytes ) C:\Users\FUJITSU\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2017-11-10 08:17 - 2017-11-10 08:17 - 001649450 _____ C:\Users\FUJITSU\Downloads\5.-Teoria-e-Progetto-dei-Pont-Norme-Ponti-stradali-2008.pdf
2017-11-09 12:06 - 2017-11-09 12:07 - 000000000 ____D C:\Users\FUJITSU\Desktop\Moneglia 2017
2017-11-09 09:08 - 2017-11-09 09:09 - 000000000 ____D C:\Users\FUJITSU\Desktop\macevi
2017-11-08 14:35 - 2017-11-08 14:35 - 000094537 _____ C:\Users\FUJITSU\Downloads\CartaSi_171031.pdf
2017-11-08 11:06 - 2017-11-08 11:06 - 000761829 _____ C:\Users\FUJITSU\Downloads\Guida_alla_Compilazione_del_Questionario_di_Qualifica.pdf
2017-11-06 19:57 - 2017-11-06 19:57 - 000178343 _____ C:\Users\FUJITSU\Downloads\20171106144232766_Attivazione albo fornitori.pdf
2017-11-05 19:38 - 2017-11-05 19:38 - 019623811 _____ C:\Users\FUJITSU\Downloads\OPUSCOLI DIDATTICI.zip
2017-11-05 19:18 - 2017-11-05 19:18 - 000000000 ____D C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gerico2017
2017-11-05 18:55 - 2017-11-05 18:55 - 001852992 _____ (Oracle Corporation) C:\Users\FUJITSU\Downloads\chromeinstall-8u151.exe
2017-11-04 14:38 - 2017-11-04 14:38 - 006783507 _____ C:\Users\FUJITSU\Downloads\GIORNALE ING OTTOBRE digit.pdf
2017-11-03 15:49 - 2017-11-03 15:53 - 055386586 _____ C:\Users\FUJITSU\Downloads\nhi16009_v1 driven pile foundations.pdf
2017-11-03 11:57 - 2017-11-03 11:57 - 000049541 _____ C:\Users\FUJITSU\Documents\Cerruto - Galloni contabile maggio 2017.pdf
2017-11-03 11:56 - 2017-11-03 11:57 - 000049049 _____ C:\Users\FUJITSU\Documents\Cerruto - Galloni contabile aprile 2017.pdf
2017-11-02 17:17 - 2017-11-02 17:17 - 013842255 _____ C:\Users\FUJITSU\Downloads\IstruzioniCNR_DT210_2013.pdf
2017-11-02 17:09 - 2017-11-02 17:09 - 000309794 _____ C:\Users\FUJITSU\Downloads\Modulo 13.pdf
2017-11-02 10:00 - 2017-11-06 19:52 - 000000000 ____D C:\Users\FUJITSU\Desktop\doc ricevuta strutture
2017-11-02 08:44 - 2017-11-02 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-01 12:58 - 2017-11-01 12:58 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-01 12:58 - 2017-11-01 12:58 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-01 12:58 - 2017-11-01 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-31 17:18 - 2017-10-31 17:18 - 000290223 _____ C:\Users\FUJITSU\Documents\AREXPO_AREXPOAOO_2017_1426.pdf (1).p7m.pdf
2017-10-31 15:07 - 2017-10-31 15:07 - 001046213 _____ C:\Users\FUJITSU\Downloads\carico punta Belluzzi.pdf
2017-10-31 09:17 - 2017-10-31 09:17 - 000137623 _____ C:\Users\FUJITSU\Downloads\plinto_quadrato esempio di calcolo.pdf
2017-10-29 16:15 - 2017-11-10 14:22 - 000000000 ____D C:\Users\FUJITSU\Desktop\Papa G.XXIII 5
2017-10-29 11:00 - 2017-10-29 11:00 - 000910626 ____N C:\Users\FUJITSU\Desktop\villasanta concorso 2017.zip
2017-10-27 15:08 - 2017-10-27 15:08 - 005043983 ____N C:\Users\FUJITSU\Desktop\20171027 trasmissione a 4 emme prove di Lavoratorio firmato.pdf
2017-10-27 06:33 - 2017-11-09 15:49 - 000000000 ____D C:\Users\FUJITSU\Desktop\171026 foto palazzo italia
2017-10-26 15:38 - 2017-10-26 15:38 - 000217431 _____ C:\Users\FUJITSU\Downloads\sentenza n. 24585  obbligo denuncia  opere  strutturali.pdf
2017-10-25 10:42 - 2017-11-03 09:55 - 000000000 ____D C:\Users\FUJITSU\Desktop\ponte di via Caravaggio
2017-10-25 07:39 - 2017-10-25 07:39 - 001649544 _____ C:\Users\FUJITSU\Downloads\ponti seieditrice.pdf
2017-10-22 14:52 - 2017-10-22 14:52 - 000498124 _____ C:\Users\FUJITSU\Downloads\6 - Circolare finalissima Appendici.pdf
2017-10-22 14:52 - 2017-10-22 14:52 - 000041086 _____ C:\Users\FUJITSU\Downloads\Q_ALLEGATO_ A_B_PERICOLOSITA_CONCERTO.pdf
2017-10-21 16:02 - 2017-10-21 16:02 - 000224565 _____ C:\Users\FUJITSU\Downloads\CassettoFiscaleServlet.pdf
2017-10-21 14:30 - 2017-10-21 14:30 - 000460204 _____ C:\Users\FUJITSU\Downloads\20171021151010746_doc_identita (1).pdf
2017-10-21 14:26 - 2017-10-21 14:28 - 000615915 _____ C:\Users\FUJITSU\Downloads\20170720163251368_Mod08LG02-03DichiarazioneSostitutivaConsulenzeRev00  galloni 171021.pdf
2017-10-21 14:15 - 2017-10-21 14:15 - 000460204 _____ C:\Users\FUJITSU\Downloads\20171021151010746_doc_identita.pdf
2017-10-21 13:47 - 2017-10-21 13:47 - 000385952 _____ C:\Users\FUJITSU\Downloads\185027_2329495 170803 DICH. ANNO 2016.pdf
2017-10-21 08:58 - 2017-10-21 08:58 - 001418836 _____ C:\Users\FUJITSU\Downloads\DELIBERA-N.-23-1-DELIBERA-ALIQUOTE2017.pdf
2017-10-21 08:58 - 2017-10-21 08:58 - 000058236 _____ C:\Users\FUJITSU\Downloads\INFORMAZIONI_-IMU_2017.pdf
2017-10-19 10:06 - 2017-10-19 11:31 - 000609400 _____ C:\Users\FUJITSU\Downloads\SOLUZIONEPROVA IN ITINERE 171016 a.zip
2017-10-19 09:20 - 2017-10-19 09:20 - 000291328 _____ C:\Users\FUJITSU\Downloads\in situ core compressive strength XLS pisanel e reversi.xls
2017-10-17 17:36 - 2017-10-17 17:36 - 000653175 _____ C:\Users\FUJITSU\Downloads\Curriculum.pdf
2017-10-17 15:09 - 2017-10-17 15:09 - 000088986 _____ C:\Users\FUJITSU\Downloads\DDUO-2456-2017-Testo REGIONE LOMBARDIA.pdf
2017-10-17 15:08 - 2017-10-17 15:08 - 000703828 _____ C:\Users\FUJITSU\Downloads\DDUO-2456-2017-Allegato REGIONE LOMBARDIA.pdf
2017-10-17 14:12 - 2017-10-17 14:12 - 003575531 _____ C:\Users\FUJITSU\Downloads\Prospetto calcolo spesa.pdf
2017-10-17 14:11 - 2017-10-17 14:11 - 000359818 _____ C:\Users\FUJITSU\Downloads\1-Avviso manifestazione interesse collaudo.pdf.p7m
2017-10-17 11:34 - 2017-10-17 11:34 - 000001048 ____N C:\Users\FUJITSU\Desktop\GALIMBERTI CARROZZERIA - collegamento.lnk
2017-10-17 10:38 - 2017-10-17 10:38 - 000436577 ____N C:\Users\FUJITSU\Desktop\170606 EMauri Definizione Prova di Carico.pdf
2017-10-15 14:26 - 2017-10-15 14:26 - 001724017 _____ C:\Users\FUJITSU\Downloads\Locandina Seminario 23-10-2017.pdf
2017-10-13 15:57 - 2017-10-13 15:57 - 000510884 _____ C:\Users\FUJITSU\Downloads\OdS_PresentazioneProgramma_R0.pdf
2017-10-13 15:29 - 2017-10-13 15:29 - 000079286 _____ C:\Users\FUJITSU\Downloads\OdS_PresentazioneProgramma_R0.pptx
2017-10-13 14:50 - 2017-10-13 14:50 - 000149104 _____ C:\Users\FUJITSU\Downloads\Documenti di gara.zip
2017-10-13 10:21 - 2017-10-13 10:31 - 000490496 ____N C:\Users\FUJITSU\Desktop\prova in itinere 171016a.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 09:47 - 2017-04-24 16:55 - 000000000 ____D C:\Users\FUJITSU\AppData\LocalLow\Mozilla
2017-11-12 09:46 - 2014-12-03 19:02 - 000000000 ____D C:\Users\FUJITSU\Desktop\acciaio
2017-11-12 09:26 - 2017-07-05 08:33 - 001805768 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 09:26 - 2017-04-07 18:21 - 000001132 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-12 09:26 - 2014-11-21 03:26 - 000796516 _____ C:\WINDOWS\system32\perfh010.dat
2017-11-12 09:26 - 2014-11-21 03:26 - 000153732 _____ C:\WINDOWS\system32\perfc010.dat
2017-11-12 09:26 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-12 09:19 - 2015-07-25 14:22 - 000003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CB99AB4D-F55E-45F0-ADE9-84CF6CC1D73F}
2017-11-12 09:15 - 2013-01-28 18:57 - 000000000 ____D C:\Users\FUJITSU\AppData\Roaming\.oit
2017-11-12 09:14 - 2017-04-07 18:21 - 000001128 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-11 18:40 - 2017-03-16 20:08 - 000000000 ____D C:\Users\FUJITSU\AppData\Local\ClassicShell
2017-11-11 18:37 - 2015-07-02 12:41 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 18:37 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 15:28 - 2016-10-26 09:56 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-11 13:03 - 2012-12-28 11:17 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2617600925-1017228353-1255779563-1001
2017-11-11 12:40 - 2017-08-02 14:32 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-11-11 12:32 - 2013-02-08 15:30 - 000000000 ____D C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unico On Line
2017-11-11 12:32 - 2013-02-08 15:11 - 000000000 ____D C:\UnicoOnLine
2017-11-11 11:12 - 2013-07-12 11:06 - 000313104 _____ C:\WINDOWS\system32\C
2017-11-11 10:55 - 2015-07-02 14:12 - 004190720 ___SH C:\Users\FUJITSU\Desktop\Thumbs.db
2017-11-11 10:51 - 2017-02-28 09:36 - 000000000 ____D C:\Users\FUJITSU\AppData\Local\CrashDumps
2017-11-10 17:13 - 2017-08-02 14:34 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000562568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-11-10 17:13 - 2017-08-02 14:34 - 000003920 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-11-10 17:12 - 2017-08-02 14:34 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-11-10 17:12 - 2017-08-02 14:34 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-11-10 17:12 - 2017-08-02 14:34 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-11-10 17:12 - 2017-08-02 14:34 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-11-10 17:12 - 2017-08-02 14:34 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-11-10 16:40 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-11-10 16:35 - 2017-10-05 15:35 - 000002215 ____N C:\Users\FUJITSU\Desktop\F24 On Line.lnk
2017-11-10 16:35 - 2013-03-30 11:32 - 000002328 ____N C:\Users\FUJITSU\Desktop\Giuseppe - Chrome.lnk
2017-11-10 16:22 - 2013-12-09 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-09 18:21 - 2015-07-09 08:30 - 000000000 ____D C:\Program Files\SUPERAntiSpyware1
2017-11-09 17:16 - 2017-10-02 08:38 - 000000000 ____D C:\Users\FUJITSU\Desktop\HSH memo CAECONFERENCE 2017
2017-11-09 15:44 - 2012-12-29 14:38 - 000000000 ____D C:\Users\FUJITSU\Documents\File di Outlook
2017-11-09 15:40 - 2016-02-29 19:53 - 000000000 ____D C:\Users\FUJITSU\AppData\Local\Deployment
2017-11-09 08:58 - 2017-09-06 08:24 - 000001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-11-09 08:58 - 2017-08-02 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-08 16:57 - 2017-10-04 14:26 - 000000000 ____D C:\Users\FUJITSU\Desktop\Caslino d'erba
2017-11-07 19:52 - 2012-12-28 11:52 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-05 18:57 - 2016-04-09 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-05 18:56 - 2016-04-09 17:37 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-05 18:56 - 2014-08-12 11:38 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-04 17:42 - 2015-07-02 12:49 - 000000000 ____D C:\Users\FUJITSU
2017-11-03 09:55 - 2017-06-03 13:46 - 000000000 ____D C:\Users\FUJITSU\Desktop\Foto
2017-11-03 09:38 - 2016-07-16 14:11 - 000000000 ____D C:\Users\FUJITSU\Desktop\carate 2016 la mattina
2017-11-02 17:07 - 2016-04-14 14:31 - 000000000 ____D C:\Users\FUJITSU\Desktop\X-5001 RL
2017-11-02 08:58 - 2016-07-22 14:55 - 000000000 ____D C:\Users\FUJITSU\Desktop\bagno moneglia 2016
2017-11-02 08:45 - 2017-04-07 18:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-31 17:21 - 2015-11-26 17:40 - 000467456 ___SH C:\Users\FUJITSU\Downloads\Thumbs.db
2017-10-29 11:37 - 2012-09-25 09:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Fujitsu
2017-10-26 10:19 - 2014-01-11 11:17 - 000000000 ____D C:\Users\FUJITSU\Desktop\Running gg
2017-10-25 14:37 - 2016-12-23 12:01 - 000000000 ____D C:\Users\FUJITSU\Desktop\fotocell 170103
2017-10-22 07:59 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-21 16:10 - 2014-04-14 13:03 - 000000000 ____D C:\Users\FUJITSU\Desktop\commissione strutture
2017-10-19 09:18 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-18 11:33 - 2017-07-20 14:07 - 000000000 ____D C:\Users\FUJITSU\Desktop\ca granda bis
2017-10-17 17:38 - 2017-04-24 16:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-17 17:38 - 2017-04-24 16:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-13 14:42 - 2017-09-18 15:18 - 000000000 ____D C:\Users\FUJITSU\Desktop\scuola muraria
2017-10-13 12:00 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2014-05-02 17:47 - 2014-05-04 14:25 - 000026687 _____ () C:\Users\FUJITSU\AppData\Roaming\Valori separati da virgola (Windows).ADR
2013-09-27 10:50 - 2016-02-15 10:45 - 000007608 _____ () C:\Users\FUJITSU\AppData\Local\resmon.resmoncfg
2017-09-27 15:17 - 2017-09-27 15:17 - 000048383 _____ () C:\ProgramData\agent.1506521874.bdinstall.bin
2017-09-29 07:47 - 2017-09-29 07:47 - 000030406 _____ () C:\ProgramData\agent.uninstall.1506667622.bdinstall.bin
2017-09-27 15:19 - 2017-09-27 15:19 - 000021240 _____ () C:\ProgramData\hva.1506521956.bdinstall.bin
2012-09-25 09:55 - 2012-09-25 09:55 - 000000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-09-25 09:51 - 2012-09-25 09:51 - 000000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-09-25 09:54 - 2012-09-25 09:55 - 000000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2012-09-25 09:49 - 2012-09-25 09:50 - 000000107 _____ () C:\ProgramData\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}.log
2012-09-25 09:51 - 2012-09-25 09:54 - 000000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-09-25 09:50 - 2012-09-25 09:51 - 000000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Files to move or delete:
====================
C:\Users\Public\rescue-system.exe


Some files in TEMP:
====================
2017-11-10 16:19 - 2017-11-10 16:09 - 078346672 _____ (Malwarebytes                                                ) C:\Users\FUJITSU\AppData\Local\Temp\mb3-setup-35891.35891-3.3.1.2183.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-12 09:38

==================== End of FRST.txt ============================

 

and 

**************************Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2017
Ran by FUJITSU (12-11-2017 09:51:29)
Running from C:\Users\FUJITSU\Desktop
Windows 8.1 (Update) (X64) (2015-07-02 13:01:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2617600925-1017228353-1255779563-500 - Administrator - Disabled)
FUJITSU (S-1-5-21-2617600925-1017228353-1255779563-1001 - Administrator - Enabled) => C:\Users\FUJITSU
Guest (S-1-5-21-2617600925-1017228353-1255779563-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2617600925-1017228353-1255779563-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1CAMP (HKLM-x32\...\ST6UNST #2) (Version:  - )
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aggiornamenti NVIDIA 12.4.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 12.4.67 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
ArubaSign versione 2.8.3 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\ArubaSign_is1) (Version: 2.8.3 - ArubaPEC S.p.A.)
AutoCAD LT 2009 - Italiano (HKLM\...\{5783F2D7-7009-0410-0102-0060B0CE6BBA}) (Version: 17.2.56.0 - Autodesk) Hidden
AutoCAD LT 2009 - Italiano (HKLM\...\AutoCAD LT 2009 - Italiano) (Version: 17.2.56.0 - Autodesk)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Bit4id - CSP PKCS11 Oberthur (HKLM-x32\...\Bit4id - CSP PKCS11 Oberthur (o)) (Version: 1.3.2.3 - Bit4id)
Bit4id - Universal MW 1.3.6.9 (HKLM-x32\...\Bit4id - Universal MW (x)) (Version: 1.3.6.9 - Bit4id)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Cobian Backup 10 (HKLM-x32\...\CobBackup10) (Version:  - )
COMPINT (HKLM-x32\...\{43D9783E-5C34-491A-B7B9-31C6FAA93E0E}) (Version: 1.2.0 - CROIL)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Desktop Telematico 1.0.0 (HKLM\...\Desktop Telematico 1.0.0) (Version: 1.0.0.0 - SOGEI)
DesktopTelematico 1.0.0 (HKLM\...\DesktopTelematico) (Version:  - )
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.13.0116 - Fujitsu Technology Solutions)
Docfa4 (HKLM-x32\...\A9D22611-32B5-40C2-88BF-6A39245A0C76) (Version: 4.00.3 - Sogei)
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FileInternet (HKLM-x32\...\FileInternet) (Version: 3.1.5.0 - SOGEI)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Gerico2015 (HKLM-x32\...\Gerico2015) (Version: 1.0.6.0 - Agenzia delle Entrate - Sogei)
Gerico2016 (HKLM-x32\...\Gerico2016) (Version: 1.0.2.0 - Agenzia delle Entrate - Sogei)
GO Contact Sync Mod (HKLM-x32\...\{A5CF56A8-F9C1-4CFB-97ED-35C947F79D65}) (Version: 3.9.14 - WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Modello 770 Semplificato 2014 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\Modello 770 Semplificato 2014) (Version:  - Agenzia delle Entrate)
Modello IRA 2014 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\Modello IRA 2014) (Version:  - Agenzia delle Entrate)
ModuliControlloStudi2015 (HKLM-x32\...\ModuliControlloStudi2015) (Version: 1.0.3.0 - Agenzia delle Entrate - Sogei)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 it)) (Version: 52.4.0 - Mozilla)
NVIDIA Driver 3D Vision 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Driver grafico 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Outlook4Gmail 3.2.7 (HKLM-x32\...\{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1) (Version:  - Scand Ltd.)
PacchettoComune (HKLM-x32\...\ST6UNST #1) (Version:  - )
Pannello di controllo NVIDIA 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.66 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.6 - Bluefive software)
Presto! PageManager 9.06 Standard (HKLM-x32\...\{357EBD3F-1352-449B-BEDF-8E4F2D9367D1}) (Version: 9.06.00 - Newsoft Technology Corporation)
Profili_v6 (HKLM-x32\...\ST6UNST #6) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30143 - Realtek Semiconductor Corp.)
Redditi PF 2017 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\Redditi PF 2017) (Version:  - Agenzia delle Entrate)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 2.1.108 - NVIDIA Corporation) Hidden
SIMQKE_GR (HKLM-x32\...\ST6UNST #7) (Version:  - )
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
Straus7 Release 2.4.6 (HKLM-x32\...\{57FBB32F-7E7A-4FF0-8CAB-A970C955A004}) (Version: 2.4.6 - Strand7 Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telaio2D (HKLM-x32\...\ST6UNST #4) (Version:  - )
TraveConDwg Ver. 7.4 (HKLM-x32\...\ST6UNST #3) (Version:  - )
TypeA_TypeB DDST (HKLM-x32\...\TypeA_TypeB DDST) (Version:  - )
UnicOnLine PF 2014 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\UnicOnLine PF 2014) (Version:  - Agenzia delle Entrate)
UnicOnLine PF 2015 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\UnicOnLine PF 2015) (Version:  - Agenzia delle Entrate)
UnicOnLine PF 2016 (HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\...\UnicOnLine PF 2016) (Version:  - Agenzia delle Entrate)
UnicoOnLine - File Internet 3.1.5 (HKLM-x32\...\File Internet) (Version: 3.1.5.0 - )
VcaSlu (HKLM-x32\...\ST6UNST #5) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\FUJITSU\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\AutoCAD LT 2009\acadltficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD LT 2009\acadlt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2617600925-1017228353-1255779563-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\FUJITSU\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2008-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2008-02-10] (Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [PDFArchitectExtension] -> {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9} => C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [2013-04-08] (pdfforge GmbH)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-02-09] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24F46C56-DC6A-4410-AD2D-F6D4ABB72B5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2617600925-1017228353-1255779563-1001Core => C:\Users\FUJITSU\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {27FDD532-572F-4C13-A060-91C135DCBB45} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {2AB0818C-2CF4-47B0-A7E9-8A3BA13D5859} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-07] (Dropbox, Inc.)
Task: {31FCD562-B892-45AE-89CA-35B3AC7797CE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {3732B2EB-2832-4C02-BDC2-9DCCFE142994} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-07] (Dropbox, Inc.)
Task: {382B42B9-142B-4F3D-BC69-E13444DAB5D2} - System32\Tasks\{C7004E33-2782-43B5-AF8A-C40EAABA17DC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe" -d C:\Users\FUJITSU\Desktop -c /O "C:\Users\FUJITSU\Desktop\padiglione_06.02.13.dwg"
Task: {4BBF6012-122D-4E6D-9DF5-A63E8E0500FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {56FCBD44-6558-4F4C-A594-6029D3175B8F} - System32\Tasks\{57020298-8714-4454-8301-17ABA962EB8A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {5AC58B80-2A9A-4957-8A23-16395DF9F0F9} - System32\Tasks\SafeZone scheduled Autoupdate 1458814629 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {6A325A41-268A-418E-B522-D9CFB315D0EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6EC7DDD9-0CC7-4491-B92A-859D21617B0A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2617600925-1017228353-1255779563-1001UA => C:\Users\FUJITSU\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {7FE53BA6-9DA9-4BE5-9654-F30EF70B5DBA} - System32\Tasks\{721CE2C0-C0BB-4510-8927-72DA1B2B9C56} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/it/abandoninstall?page=tsBing
Task: {852171B3-DD0E-4E20-B058-3A9DDA0D6442} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {85A18E95-7901-4CE6-A199-26185E22D691} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {D12D02FE-CFD2-4D24-AD0E-4FB88EF260FD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {D2B54681-03F5-477F-8447-6F601FC2894E} - System32\Tasks\{FEF87F62-1C40-467A-BB37-20284F4D6BF9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe" -d C:\Users\FUJITSU\Desktop -c /O "C:\Users\FUJITSU\Desktop\padiglione_06.02.13.dwg"
Task: {DF708120-1AA5-4D19-BBFA-B2E46BBD80DD} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2012-09-25] (Fujitsu Technology Solutions)
Task: {EA9D5EC2-CD82-40D2-AADD-2F6CA4501C60} - System32\Tasks\{06EAD9FF-40D3-4EF7-A30F-7525BB606B5C} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://jws.agenziaentrate.it/jws/F24/F24OnLine.jnlp"
Task: {F2AFE20E-042F-4233-BDDF-A167D8CE2552} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {FA092FC3-9112-4361-834D-409998B4442A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-10] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-12-22 10:18 - 2014-12-22 10:18 - 000029184 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2011-06-22 07:42 - 2011-06-22 07:42 - 000034304 _____ () C:\WINDOWS\System32\ssp4ml6.dll
2016-09-15 06:19 - 2016-09-15 06:19 - 000031256 _____ () C:\WINDOWS\System32\us005lm.dll
2013-06-28 15:24 - 2013-06-28 15:24 - 000098304 _____ () C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
2017-11-10 16:22 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-07-02 12:41 - 2017-02-09 23:57 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-11-10 17:13 - 2017-11-10 17:13 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2017-11-07 19:52 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-07 19:52 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2012-11-26 14:31 - 2012-06-25 18:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-08-02 14:32 - 2016-06-23 20:07 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2013-01-28 18:55 - 2008-11-17 14:56 - 000102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\nsSign.dll
2013-01-28 18:55 - 2010-05-07 11:46 - 000057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PerformOcr.dll
2013-01-28 18:55 - 2011-03-17 10:43 - 000057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMISM.dll
2013-01-28 18:55 - 2010-12-29 17:52 - 000147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMCommon.dll
2013-01-28 18:55 - 2008-08-25 17:19 - 000069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PHooKDlg.dll
2013-01-28 18:55 - 2007-03-30 10:24 - 000104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\Qem.dll
2013-01-28 18:55 - 2009-11-26 17:49 - 000081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\NetFun2k.dll
2013-01-28 18:55 - 2011-02-18 10:43 - 000151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\ScanModule.dll
2013-01-28 18:55 - 2009-09-09 14:44 - 000151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMANO.dll
2013-01-28 18:55 - 2007-03-30 09:49 - 000104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\ComClass.dll
2013-01-28 18:55 - 2010-11-30 16:42 - 000352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMTree.dll
2013-01-28 18:55 - 2010-10-22 10:01 - 000139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMSet.dll
2013-01-28 18:55 - 2011-02-24 14:21 - 000614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMDB_N.dll
2013-01-28 18:55 - 2010-07-13 10:48 - 000106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMProp.dll
2013-01-28 18:55 - 2010-09-09 18:00 - 000061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMINSO.dll
2013-01-28 18:55 - 2007-08-31 17:51 - 000040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMVoice.dll
2013-01-28 18:55 - 2010-09-08 17:10 - 000073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\OutlookVBA.dll
2013-01-28 18:55 - 2009-08-06 10:22 - 000421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\FT.dll
2013-01-28 18:55 - 2009-11-27 17:38 - 000331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMAppBar.dll
2013-01-28 18:55 - 2010-11-26 10:33 - 004583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMView.dll
2013-01-28 18:55 - 2007-03-30 10:01 - 000038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\NsOEMKey.dll
2013-01-28 18:55 - 2010-10-22 10:22 - 000090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMSave.dll
2013-01-28 18:55 - 2010-08-03 10:44 - 000049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMOffice.dll
2013-01-28 18:55 - 2010-09-26 11:13 - 000430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMPageVW.dll
2013-01-28 18:55 - 2010-03-02 15:09 - 000102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMDocVW.dll
2013-01-28 18:55 - 2010-08-03 10:51 - 001036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\SlideBarDLL.dll
2013-01-28 18:55 - 2010-09-26 11:13 - 000184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMImgVW.dll
2013-01-28 18:55 - 2008-08-25 16:16 - 000040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMIEVW.dll
2013-01-28 18:55 - 2010-09-08 10:52 - 000036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMPDFView.dll
2013-01-28 18:55 - 2009-06-26 09:03 - 000086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMApSet.dll
2013-01-28 18:55 - 2011-02-24 14:25 - 000323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMAnoSet.dll
2013-01-28 18:55 - 2010-04-27 15:20 - 000065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMStatus.dll
2013-01-28 18:55 - 2011-03-24 13:27 - 000397312 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMScnSet.dll
2013-01-28 18:55 - 2007-03-30 09:57 - 000034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\Import.dll
2013-01-28 18:55 - 2010-11-26 10:45 - 000090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.06\PMImageSplitter.dll
2017-11-02 08:43 - 2017-11-01 12:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-02 08:43 - 2017-11-01 12:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-11-02 08:44 - 2017-11-01 12:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-02 08:43 - 2017-11-01 12:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-02 08:43 - 2017-11-01 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-11-02 08:44 - 2017-11-01 12:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-11-02 08:43 - 2017-11-01 12:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-11-02 08:43 - 2017-11-01 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-11-02 08:44 - 2017-11-01 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-11-02 08:44 - 2017-11-01 12:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-11-02 08:44 - 2017-11-01 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-02 08:43 - 2017-11-01 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-02 08:43 - 2017-11-01 13:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-11-02 08:44 - 2017-11-01 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-02 08:43 - 2017-11-01 13:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-11-02 08:44 - 2017-11-01 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-02 08:43 - 2017-11-01 13:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2015-07-02 12:40 - 2012-06-13 12:56 - 000958976 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
2017-11-10 17:13 - 2017-11-10 17:13 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-11-10 17:13 - 2017-11-10 17:13 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-08-02 14:34 - 2017-08-02 14:34 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-11-10 17:13 - 2017-11-10 17:13 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-11-10 17:13 - 2017-11-10 17:13 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\FUJITSU\Desktop\acciaio:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\FUJITSU\Desktop\gerosa 17:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\FUJITSU\Desktop\NTC_MI:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\FUJITSU\Desktop\Parini18:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\FUJITSU\Desktop\PGT osservazioni:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\Software\Classes\.scr: AutoCADLTScriptFile => 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2617600925-1017228353-1255779563-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CB384FBD-70F6-498C-AA10-AC4A2F9B4105}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A3B9793-038C-46EB-97F3-4671EF3032B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C056045B-D641-4FCC-BC12-7CC8CF6D7207}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CDB34512-56C0-4D22-9BE6-B98C7E423CD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3C947B83-2D3C-4CC7-A967-3DBABD65AAD3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BA15D394-353D-4DF4-8A7C-C0305E8A8312}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5E3639B2-0278-465B-BD16-DEB242040562}C:\desktoptelematico\desktoptelematico\desktoptelematico.exe] => (Allow) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [UDP Query User{FB571673-1152-4BA0-B5E8-0F9381766C5A}C:\desktoptelematico\desktoptelematico\desktoptelematico.exe] => (Allow) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [{EDE192C7-6575-477B-AC92-E8A57402D45D}] => (Block) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [{2CC8C174-7D1B-4528-9707-99D983E18F9B}] => (Block) C:\desktoptelematico\desktoptelematico\desktoptelematico.exe
FirewallRules: [{B879B678-8B86-4143-8329-F3D3248B30B4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{408187A2-D017-437D-B4DD-2190F4532C69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-11-2017 13:13:49 Punto di controllo pianificato
08-11-2017 08:20:54 Windows Update
08-11-2017 08:26:53 novembre17

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2017 09:23:11 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato.
.
L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente.


Operazione:
   Raccolta dei dati del processo di scrittura

Contesto:
   ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome del processo di scrittura: System Writer
   ID dell'istanza del processo di scrittura: {eaba98f7-5b59-490c-b01f-5fb5eb4a3f25}

Error: (11/11/2017 06:30:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/11/2017 06:22:19 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/11/2017 03:22:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/11/2017 10:51:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 3.0.0.1247, timestamp: 0x59f37972
Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.6.2.0, timestamp: 0x59a63e00
Codice eccezione: 0xc0000005
Offset errore 0x001aa3b6
ID processo che ha generato l'errore: 0x1120
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d35ad29669a360
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID segnalazione: dda47c39-c6c5-11e7-8122-001999f013bd
Nome completo pacchetto che ha generato l'errore: 
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/11/2017 10:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbamservice.exe, versione: 3.1.0.595, timestamp: 0x59f745cb
Nome del modulo che ha generato l'errore: mbamservice.exe, versione: 3.1.0.595, timestamp: 0x59f745cb
Codice eccezione: 0xc0000005
Offset errore 0x00000000001c6e66
ID processo che ha generato l'errore: 0x18f8
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d35ad2977710a6
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ID segnalazione: d7185044-c6c5-11e7-8122-001999f013bd
Nome completo pacchetto che ha generato l'errore: 
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/11/2017 10:04:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/11/2017 10:04:33 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/11/2017 09:22:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 3.0.0.1247, timestamp: 0x59f37972
Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.6.2.0, timestamp: 0x59a63e00
Codice eccezione: 0xc0000005
Offset errore 0x001aa3b6
ID processo che ha generato l'errore: 0x1048
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d35ac631774040
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID segnalazione: 7341aa4f-c6b9-11e7-811d-001999f013bd
Nome completo pacchetto che ha generato l'errore: 
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (11/11/2017 09:22:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbamservice.exe, versione: 3.1.0.595, timestamp: 0x59f745cb
Nome del modulo che ha generato l'errore: mbamservice.exe, versione: 3.1.0.595, timestamp: 0x59f745cb
Codice eccezione: 0xc0000005
Offset errore 0x00000000001c6e66
ID processo che ha generato l'errore: 0xa18
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d35ac631ba0305
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ID segnalazione: 709ee70d-c6b9-11e7-811d-001999f013bd
Nome completo pacchetto che ha generato l'errore: 
ID applicazione relativo al pacchetto che ha generato l'errore:


System errors:
=============
Error: (11/12/2017 09:39:29 AM) (Source: DCOM) (EventID: 10010) (User: FUJITSU-PC)
Description: Il server {1B1F472E-3221-4826-97DB-2C2324D389AE} non ha effettuato la registrazione con DCOM nel tempo richiesto.

Error: (11/12/2017 09:38:59 AM) (Source: DCOM) (EventID: 10010) (User: FUJITSU-PC)
Description: Il server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} non ha effettuato la registrazione con DCOM nel tempo richiesto.

Error: (11/11/2017 06:42:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Intel(R) Management and Security Application User Notification Service bloccato in partenza.

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio.

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Programma di installazione dei moduli di Windows è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio IconMan_R è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel(R) Management and Security Application User Notification Service. Questo evento si è già verificato 1 volta(e).

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel(R) ME Service. Questo evento si è già verificato 1 volta(e).

Error: (11/11/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio SAS Core Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 1000 millisecondi: Riavvia il servizio.


CodeIntegrity:
===================================
  Date: 2017-10-31 16:01:04.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:04.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:04.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:04.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:04.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:03.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:03.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:03.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:03.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-31 16:01:03.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 6097.39 MB
Available physical RAM: 3792.14 MB
Total Virtual: 7121.39 MB
Available Virtual: 4757.68 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:466.69 GB) (Free:218.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Volume) (Fixed) (Total:444.27 GB) (Free:90.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Thanks

 

 

 

 

 

 

Link to post
Share on other sites

Other tests:

out of sync

i deleted 

Secure preferences

Web Data

clean my pc

and I got my pc clean!

reconnected one of my chrome link 

i had the PUP again

so  if I stay out of sync i get my pc clean

This state coulb be acceptable  for few days

I hope the infection is in my Google identity

any ideas?

thanks

 

 

Edited by joemcgal
Link to post
Share on other sites

In that case, let's try something. These two folders:

C:\Users\Fujistu\AppData\Local\Google\Chrome\User Data\Default
C:\Users\Fujistu\AppData\Local\Google\Chrome\User Data\Profile 3

Rename them to Default_old and Profile 3_old respectively. Once done, open Google Chrome. Are all your settings (extensions, bookmarks, history, etc.) still there?

Link to post
Share on other sites

I got home few minutes ago.

Today i made some test either on my workstation or on my laptop.

I got them without malware.

-now I have just infected my laptop 1)logging to my  google identity ,2) testing one drive where i found files store, 3)opening  my mailing contacts (contatti) stored in google.

This is the report of laptop  

laptop joemcgal 171112 2110 rep.txt

Edited by joemcgal
Link to post
Share on other sites

What do you mean by "laptop clean" and "laptop infected"? Are we talking about the same laptop? This is getting confusing, let's work on only one computer at the time. Cleaning one of them, should clean all of them as the good settings will be sync'd on all devices where you are logged in Google Chrome with your Google account.

Link to post
Share on other sites

Hi Aura,

I'have a workstation i5 and a laptop.

The workstaion in non synced now.

On my laptop i can get two step:

 clean  or infected. It's the same machine.

It seems linked to my Google account. 

Only if non synced Mb can clean it.

I send 3 compressed files:

laptop clean

laptop infected (having put files infected in Quarantine and having deleted them)

laptop infected without any action

so you can see every scenery.

At this moment i keep my workstation (cleaned) out of sync .

thanks

Edited by joemcgal
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.