Condividi:        

Windows Defender

Hai problemi con i file Zip, vuoi formattare l'HD, non sai come funziona FireFox? O magari ti serve proprio quel programmino di cui non ricordi il nome! Ecco il forum dove poter risolvere i tuoi problemi.

Moderatori: Dylan666, hydra, gahan

Re: Windows Defender

Postdi nikita75 » 13/08/18 09:38

valyfilm ha scritto:Nikita devo analizzare il sistema e generare un report con WhySoSlow?
Sul carico della CPU c'è il punto esclamativo. E' troppo carica.


certamente, il rallentamento del pc è dovuto al sovraccarico della cpu , quale processo la sta impegnando?
fai una analisi dinamica e genera il report! ;)
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Sponsor
 

Re: Windows Defender

Postdi davide72 » 13/08/18 15:06

valyfilm ha scritto:Davide ho fatto un'altra scansione con Malwarebytes questa volta con la ricerca ricerca rootkit attivata e mi ha trovato la stessa cosa! PUP.Optional.Reimage che avevo messo in quarantena. :o


anche senza rootkit attiva , l' avrebbe trovato lo stesso , si tratta di un fastidio nelle preferenze di chrome

adesso disinstalla avast se non l' hai già fatto

poi salva obbligatoriamente sul desktop farbar recovery https://www.bleepingcomputer.com/downlo ... scan-tool/ la versione a 64bit , quindi esegui lo strumento (accettando i termini della licenza) e premi scan
al termine della scansione verranno rilasciati 2 log: FRST.txt e addiction.txt sempre sul desktop , aprili e seleziona tutto , quindi copia incolla il contenuto nel prossimo post
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: Windows Defender

Postdi valyfilm » 13/08/18 15:48

Devo usare WhySoSlow o Farbar?
WhySoSlow 10031229 è compatibile con Windows 10 a 64 bit? Ci doveva impiegare un minuto per fare l'analisi ed invece dopo due ore e mezza la barra di scorrimento era ancora bloccata a un centimetro e otto. Allora l'ho chiuso e l'ho provato in modalità provvisoria, ed è venuto fuori il messaggio che non è compatibile con Windows 10.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 13/08/18 15:53

Ora Avast l'ho reinstallato.
Reimage l'avevo pagato. Serve per mettere a posto Windows.
Conoscete Windows Repair? Potrei utilizzare quello.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 13/08/18 18:02

Ho disinstallato nuovamente Avast, ma mi spiegate la logica? Ora c'è Windows Defender attivo.
Mi sono accorto che avevo già Farbar, aveva il nome di FRST64. L'ho avviato e mi ha dato qualche errore di questo tipo:
Errore saving file
C:\FRST\HIVES\{cd42efe1-f6f1-427c-b004-033192c625a4}{AF015E8B-DA28-4430-B073-577593409BEC}!
Continue with the next file?
[RegCreateKeyEx: 87 - Parametro non corretto]
Poi il programma si è aggiornato e lo ho eseguito.
Ecco i due file di log. Ci capite qualcosa?
FRST.txt
Addition.txt
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 13/08/18 21:22

Vi dico due stranezze:
1) Non trovo più nulla con la rete Kad di eMule;
2) Utilizzando Google Chrome quando cancello una mail su www.hotmail.com spariscono anche tutte le altre e per rivederle devo aggiornare la pagina. Risolvo il problema ripristinando le impostazioni predefinite originali di Chrome, cosa che cancella anche i cookie, ma poco dovo torno a riavere il problema.
Che siano due indizi?
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi nikita75 » 14/08/18 09:46

valyfilm ha scritto:Devo usare WhySoSlow o Farbar?
WhySoSlow 10031229 è compatibile con Windows 10 a 64 bit? Ci doveva impiegare un minuto per fare l'analisi ed invece dopo due ore e mezza la barra di scorrimento era ancora bloccata a un centimetro e otto. Allora l'ho chiuso e l'ho provato in modalità provvisoria, ed è venuto fuori il messaggio che non è compatibile con Windows 10.


perfettamente compatibile con tutti i sistemi operativi

http://www.resplendence.com/whysoslow_os vedi link

Sicuramente , se non riesci ad eseguire un software di diagnostica come whysoslow hai piu' di un problema!
E' molto difficile seguirti sul forum se non focalizzi il problema su un obbiettivo UNO PER VOLTA !! si genera confusione .
si capisce che hai la CPU al 100% con tutte le difficoltà del caso ad eseguire programmi di ogni tipo.
hai un virus a Bordo che impegna la CPU al 100%% ?? qui siamo in software di windows :mmmh: :mmmh: :neutral:

WhySoSlow runs on the following operating systems:

Windows 10 32-bit editions
Windows 10 x64 editions
Windows 8.1 32-bit editions
Windows 8.1 x64 editions
Windows 8 32-bit editions
Windows 8 x64 editions
Windows 2012 Server 32-bit editions
Windows 2012 Server x64 editions
Windows 7 32-bit editions
Windows 7 x64 editions


NOTE: WhySoSlow requires Internet Explorer to be installed on your system.



il log di FARBAR deve essere analizzato da un nostro specialista in sicurezza e privacy
viewforum.php?f=7
https://turbolab.it/sicurezza-13/come-u ... ativo-1348
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Windows Defender

Postdi nikita75 » 14/08/18 11:58

OT
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/33 ... scan-tool/
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Windows Defender

Postdi davide72 » 14/08/18 14:31

valyfilm ha scritto:Ho disinstallato nuovamente Avast, ma mi spiegate la logica? Ora c'è Windows Defender attivo.
Mi sono accorto che avevo già Farbar, aveva il nome di FRST64. L'ho avviato e mi ha dato qualche errore di questo tipo:
Errore saving file
C:\FRST\HIVES\{cd42efe1-f6f1-427c-b004-033192c625a4}{AF015E8B-DA28-4430-B073-577593409BEC}!
Continue with the next file?
[RegCreateKeyEx: 87 - Parametro non corretto]
Poi il programma si è aggiornato e lo ho eseguito.
Ecco i due file di log. Ci capite qualcosa?
FRST.txt
Addition.txt


dalla mia posizione non posso aprire i 2 link , il pc non è mio , per questo ti avevo chiesto copia incollare tutto (anche se lungo) in un post
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: Windows Defender

Postdi davide72 » 14/08/18 14:36

valyfilm ha scritto:Ora Avast l'ho reinstallato.
Reimage l'avevo pagato. Serve per mettere a posto Windows.
Conoscete Windows Repair? Potrei utilizzare quello.


windows repair ne ho sentito parlare (nella versione free con delle limitazioni) ma no lo so usare
mentre reimage è un programma fasullo https://www.aranzulla.it/come-eliminare ... 21506.html

cmq puoi farlo anche tu con un pò di logica , apri il log frst.txt e controlla le categorie run /startup (che sono le voci in avvio automatico) e poi la categoria dei browser , IE11 , EDGE , chrome , firefox , ecc... e infine nei servizi
quindi cerca di individuare tutte quelle voci sospette che hanno a che fare col reimage , le selezioni una per volta e le copi incolli in un file di testo che dovrai salvare sul desktop col nome di fixlist.txt , a questo punto riesegui FRST64 e clicca su fix , attendi la pulizia e riavvia il pc
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: Windows Defender

Postdi nikita75 » 14/08/18 14:51

valyfilm puoi incollare tutto il file txt usando il " quote " della barra del forum .
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Windows Defender

Postdi davide72 » 14/08/18 14:52

valyfilm ha scritto:Vi dico due stranezze:
1) Non trovo più nulla con la rete Kad di eMule;
2) Utilizzando Google Chrome quando cancello una mail su http://www.hotmail.com spariscono anche tutte le altre e per rivederle devo aggiornare la pagina. Risolvo il problema ripristinando le impostazioni predefinite originali di Chrome, cosa che cancella anche i cookie, ma poco dovo torno a riavere il problema.
Che siano due indizi?



questo è un altro problema , cerca di non intrecciare troppo... sennò andiamo tutti fuori di testa
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: Windows Defender

Postdi valyfilm » 14/08/18 15:13

Davide questo è Addition.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by user (13-08-2018 17:28:42)
Running from C:\Users\user\Desktop
Windows 10 Home Version 1709 16299.547 (X64) (2017-12-24 22:47:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1097068128-1086043455-2594096886-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1097068128-1086043455-2594096886-503 - Limited - Disabled)
Guest (S-1-5-21-1097068128-1086043455-2594096886-501 - Limited - Disabled)
user (S-1-5-21-1097068128-1086043455-2594096886-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1097068128-1086043455-2594096886-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: SecureAPlus (Disabled - Up to date) {2D6B21EC-E770-FC0D-2ACE-E56149F1814C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.4 (HKLM\...\{886181D0-7FC7-497E-97F4-60E2EA635723}) (Version: 4.4.10.2342 - Open Media LLC)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D68901B1-1873-3073-5D2F-94D119972442}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Driver Updater (HKLM-x32\...\{3A394C12-5761-4E85-AF71-464784529B8E}) (Version: 2.3.1 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.3.1 - AVAST Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.14.160917 - )
AVS Image Converter 3.0.2.270 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.0.2.270 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
Bejeweled 3 (HKLM-x32\...\WTA-e855e872-8dd1-4cd4-9e6b-31e2983c23af) (Version: 2.2.0.98 - WildTangent) Hidden
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 26 - Convivea Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Free 11.4 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
Canali di giochi (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
CdCoverCreator 2.5.3 (HKLM-x32\...\CdCoverCreator) (Version: 2.5.3 - thyanté Software)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - ) <==== ATTENTION
Cracklock 3.9.44 (HKLM-x32\...\Cracklock_is1) (Version: 3.9.44 - William Blum)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-56bd3e21-182d-4e9b-8fd3-269001d12484) (Version: 3.0.2.32 - WildTangent) Hidden
Drive Manager (HKLM-x32\...\{7AE0C124-77B6-4111-8BD1-26D218CE231B}) (Version: 1.0.179 - Clarus, Inc.)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.58.0.1130 - Innovative Solutions)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
eMule (HKLM-x32\...\eMule) (Version: - )
File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair)
Files Terminator Free 2.5.0.14 (HKLM-x32\...\{05DD01C7-8776-4204-AFCD-F05E482C26F7}_is1) (Version: 2.5.0.14 - Marcello Pietrelli & Gianni Baini)
Freemake Video Converter versione 4.1.10.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b392f27c-3529-4493-a218-cf30acd5bece) (Version: 2.2.0.110 - WildTangent) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.9.0 - Alexander Shaduri)
Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34117 (CD 4.6 SD) - Hauppauge Computer Works)
HDD Raw Copy Tool v1.10 (HKLM-x32\...\HDD Raw Copy Tool_is1) (Version: - HDDGURU)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Acer Incorporated)
HP Deskjet 1510 series Aiuto (HKLM-x32\...\{B8618B3D-04AC-4BED-BB96-E156DE7AFC4B}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 1510 series Software di base dispositivo (HKLM\...\{EEFF7E19-A4C1-48D4-88D5-2E1DB42040E6}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HWiNFO64 Version 5.00 (HKLM\...\HWiNFO64_is1) (Version: 5.00 - Martin Malík - REALiX)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
ImageMixer 3 SE Ver.6 Transfer Utility (HKLM-x32\...\{3A2AD071-AABD-4712-A43E-11D06BAA661D}) (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (HKLM-x32\...\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}) (Version: 6.00.018 - PIXELA)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.5.0.7 - IObit)
iTunes (HKLM\...\{F017D4C2-B53C-4DCF-BF62-F5945864202F}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-2f813812-9d07-4840-9eea-47925bfd8ec6) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-bc95e51c-96a9-4a71-b2b8-cb19461af827) (Version: 2.2.0.95 - WildTangent) Hidden
LibreOffice 6.1.0.3 (HKLM\...\{DD50CAE9-27C5-452F-A910-1E7A00D8EEE2}) (Version: 6.1.0.3 - The Document Foundation)
Light Image Resizer 4.1.0.2 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.1.0.2 - ObviousIdea)
Light Image Resizer 5.0.9.0 (HKLM-x32\...\{D5C093E0-D3DF-42D3-AFD6-CAAFB6985CBC}_is1) (Version: 5.0.9.0 - ObviousIdea)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated)
Magic Academy (HKLM-x32\...\WTA-b9aefcde-b48d-4e16-a298-f09c1fa918ff) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Manager (HKLM-x32\...\{7C2AA78F-C065-4CA2-8FD2-04320B2457E6}) (Version: 6.0.7.371 - pdfforge GmbH) Hidden
MediaInfo 17.10 (HKLM\...\MediaInfo) (Version: 17.10 - MediaArea.net)
Microsoft OneDrive (HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA Driver 3D Vision 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Driver grafico 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
oCam versione 453.0 (HKLM-x32\...\oCam_is1) (Version: 453.0 - hxxp://ohsoft.net/)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Pacchetto di compatibilità per Office System 2007 (HKLM-x32\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Pannello di controllo NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden
PDF Architect 6 Create Module (HKLM\...\{342D6B4A-E627-4B08-B6CB-D25EE260D0A7}) (Version: 6.0.27.37336 - pdfforge GmbH) Hidden
PDF Architect 6 Edit Module (HKLM\...\{B321702A-7AC1-419F-A8C0-9B5C935C80ED}) (Version: 6.0.27.37336 - pdfforge GmbH) Hidden
PDF Architect 6 View Module (HKLM\...\{7DD646E5-A846-4E9D-BD19-215A98832D27}) (Version: 6.0.27.37336 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-a857f28b-f5cf-4e24-896b-895b6a1ffe45) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 4.1.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.1 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{85584A8B-8989-42AA-81A0-80ABF61EFAF1}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RogueKiller version 12.12.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.16.0 - Adlice Software)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SecureAPlus v4.6.4 (HKLM\...\SecureAPlus) (Version: 4.6.4 - SecureAge Technology)
Security Task Manager 2.1h (HKLM-x32\...\Security Task Manager) (Version: 2.1h - Neuber Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
Stampa Copertine Vers. 3.0.9 (HKLM-x32\...\{DFDCD270-A4DF-4AFF-8EBF-C1D2AB778EFF}_is1) (Version: - Francesco Passini)
Studio per il miglioramento dei prodotti HP Deskjet 1510 series (HKLM\...\{BE310B11-2FFD-4C24-B4C8-1348EBC877D4}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Surf Anonymous Free (HKLM-x32\...\SurfAnonymousFree) (Version: 2.5.3.8 - )
Tales of Lagoona (HKLM-x32\...\WTA-ad905624-eea3-4eff-8155-431d05267c6f) (Version: 2.2.0.110 - WildTangent) Hidden
TMPGEnc 4.0 XPress (HKLM-x32\...\{AB212B59-FF45-4C18-B369-F630CB268DAF}) (Version: 4.2.3.193 - Pegasys, Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.14 - Tweaking.com)
Ulead VideoStudio 11 SE DVD (HKLM-x32\...\InstallShield_{ABC887FA-1BAC-411B-9F0F-21BA16702F15}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
Unchecky v1.1 (HKLM-x32\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
Unity Web Player (HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Updater By SweetPacks 2.0.0.616 (HKLM\...\{8E9E3331-D360-4f87-8803-52DE43566502}_is1) (Version: 2.0.0.616 - SweetPacks) <==== ATTENTION
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vegas Movie Studio HD 11.0 (HKLM-x32\...\{6DC79411-858B-11E1-8E7A-F04DA23A5C58}) (Version: 11.0.75 - Sony)
Video Downloader (HKLM-x32\...\{4C68AE5C-915A-492A-AFCD-B630ECB9522D}) (Version: 18.1.9 - RealNetworks) Hidden
VideoStudio (HKLM-x32\...\{ABC887FA-1BAC-411B-9F0F-21BA16702F15}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
Visual Studio 2005 Tools per Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0b925b5c-ab9e-47d4-ab92-e570d8b59a5b}) (Version: 1.3.0.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{9B9E11C6-0F55-4D8F-BEBC-F49CA9645A9E}) (Version: 1.3.0.16 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{22A51951-1F45-4C8A-B888-306527F9C45F}) (Version: 1.6.2.6 - Western Digital)
WhoCrashed 5.53 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2017-05-22] (SecureAge Technology)
ContextMenuHandlers1: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2017-03-27] (SecureAge Technology Pte. Ltd.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2013-05-27] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-06-14] (Western Digital)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-06-14] (Western Digital)
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2007-03-03] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-30] (RealNetworks, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2017-05-22] (SecureAge Technology)
ContextMenuHandlers6: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2017-03-27] (SecureAge Technology Pte. Ltd.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-06-14] (Western Digital)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078EFA80-AD26-4EB7-9FBC-61BABE380F92} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {091CE9F2-B511-4170-ACDF-129945FE204C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {123E2728-9366-47FE-A8A7-B24E1E50FEA4} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {14C21795-8A75-46F0-8172-2788A3C08826} - \PC-Mechanic Maintenance -> No File <==== ATTENTION
Task: {26AC71A8-6011-48F3-9329-99117EF4E9ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {26BBEE3B-8BBB-4B1C-ADDB-7663AF0749F1} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [2018-07-13] (oh!soft)
Task: {26E317C4-83E6-43E4-BF9D-C1C3C5101B06} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {2CBDB6E8-61B4-4AE8-818C-7F2CAA1A7523} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {34116E3B-D62F-4516-822A-F2F3B7A7A545} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4F88C4C2-F3EF-412A-BEB8-BB71BAE5A9B5} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe [2018-08-03] (Microsoft Corporation)
Task: {502FFBC6-3532-4DFC-BD4F-69FE547318A1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {5301CF10-8D5D-4600-BC68-E2A89C4A6A8D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {557C5933-6A5F-4856-A757-44FE0B8733ED} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6A5155EF-F30E-4DD6-951D-5232B062CD3D} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-11-29] (Hewlett-Packard Co.)
Task: {6BDB16FD-BD13-44CB-ADF6-A65E825D50F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {70757F8A-06E9-4D16-8E94-3B998EAD6F7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {71908907-0391-475F-8CF7-487FE0A35311} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1097068128-1086043455-2594096886-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {7781BCD3-0A44-4DD9-9C91-732111F2B300} - System32\Tasks\{C3FAC325-0392-439B-88B6-2BC831A45F35} => C:\WINDOWS\system32\pcalua.exe -a "F:\WD SmartWare.swstor\PC-VALERIO\Volume.b0dbe75b.f1a9.11df.bfd6.806e6f6e6963\Program Files (x86)\Microsoft Office\Office12\MSACCESS.EXE" -d C:\WINDOWS\system32
Task: {81D08242-E88C-4C0B-A155-0CBFC445EFE4} - \PC-Mechanic Startup -> No File <==== ATTENTION
Task: {9306ECBA-163A-4850-BDAE-14D8EB46A511} - System32\Tasks\S-1-5-21-1097068128-1086043455-2594096886-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {937BF4DD-9DB1-4D3E-A221-FE57E3C1C4D7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {98419FF6-2B9C-4215-AA1B-2EB7680DA1B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-11] (Microsoft Corporation)
Task: {9AB5064C-A7BD-4054-8462-6EB3A2DCE650} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {9D6179FA-E675-409A-B1E4-31BB9D999854} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9F2AD617-97B4-4F2E-A5C2-7D07B24A1FF9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A8BFFC00-A200-4AF1-B217-5DF6247F7EAA} - System32\Tasks\{7E8F615C-059F-4701-A0CF-0B65D9DF7821} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\user\Desktop\TMPGEnc\TMPGEnc 4.0 XPress 4.4.2.238 主程式+繁體中文化程序與核心更新程序\TE4XP_Retail_4.4.2.238_setup_en.exe" -d "C:\Users\user\Desktop\TMPGEnc\TMPGEnc 4.0 XPress 4.4.2.238 主程式+繁體中文化程序與核心更新程序"
Task: {AA60EB68-D619-4F5A-80D9-F019128499F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-18] (Adobe Systems Incorporated)
Task: {AB7EE1D0-9E2A-4F94-8CF0-D816A14ACA04} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B02715F8-5CB5-4EEF-8B7E-9F7A8CFB6E2E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B621EA82-9F9D-48DC-B45C-B599B2F5F1D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B9D5439E-6872-4840-BE3A-C0233AB7384B} - System32\Tasks\HP AR Program Upload - 0b6b8741f0e54506a382343b38883867f36f950c9c034b1f93f2504b2d2e0a4d => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-11-29] (TODO: <Company name>)
Task: {BA32F41F-CD62-44AF-B7C2-9D3B165A0F72} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {C2CCDA74-02D4-49AA-8EE6-3C30BF627CDD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C49FE209-357C-4A26-9CAF-3F8B04B92555} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CBAFD2DB-F8FF-4FC1-A145-021429EB11F4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1097068128-1086043455-2594096886-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {CF34EAA9-B75B-4ECF-94F2-B33FCFD72D21} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\RealDownloader\downloader2.exe [2017-08-17] ()
Task: {D4573EDD-470E-4900-B5F8-35A26F806619} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7D0F60B-101E-4830-A790-7CD3268C6558} - System32\Tasks\DRIVE_MANAGER\Drive_Manager => C:\Program Files (x86)\Clarus\Drive Manager\Drive Manager.exe [2016-05-12] (Clarus, Inc.)
Task: {DAC20E23-B70C-4CAF-8E82-EEC501EE3F63} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DDBDC506-890F-4387-8611-B0B351685815} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: {DFCDC6CD-F38F-4508-9417-27921234E178} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E68965FE-1FEC-4529-B6CA-E5F5E4E9567D} - System32\Tasks\HP AR Program Upload - 28fe5f36a43d4b44b27d422e287aaa7320a2486262614a1ea8883eeb195a5a20 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-11-29] (TODO: <Company name>)
Task: {E6E4EF86-B9BA-40BF-90BF-6F3D4B6F4EFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {EF65B0D2-A052-423C-96F7-BC1B4A65D07C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-16] (Adobe Systems Incorporated)
Task: {F2F84800-22BE-4F9D-9D85-43D6BDC89C8F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-16] (Adobe Systems Incorporated)
Task: {F72E54ED-8CA1-47BD-9369-6A5EE496944A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F76CDBD4-6928-48D3-A710-A5D0904C2090} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {F77F11B2-EDFB-4A81-AB08-99C5426661F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F85853CF-4E3A-47C3-8302-1E347C472DB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FD721905-7006-4800-B10D-7A9760FD0DED} - System32\Tasks\{6B93CCA8-4008-49A1-860D-368CA349D439} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\user\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\user\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-07-11 09:37 - 2018-06-29 10:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-07-11 09:38 - 2018-06-29 09:57 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-08 22:36 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 22:36 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-06-22 21:51 - 2018-06-08 09:24 - 003657632 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-22 21:51 - 2018-06-08 09:26 - 002470304 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-06-14 21:18 - 2011-08-23 13:04 - 000057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2016-06-14 21:18 - 2016-04-14 14:20 - 000025600 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2018-07-09 21:43 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-07-09 21:43 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-07-09 21:43 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-07-09 21:44 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-07-09 21:44 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-07-09 21:44 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-03-01 15:56 - 2018-07-29 22:24 - 000002156 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Capture Device Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: Freemake Improver => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: PDF Architect 3 => 3
MSCONFIG\Services: PDF Architect 3 CrashHandler => 3
MSCONFIG\Services: PDF Architect 3 Creator => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: saappsvc => 2
MSCONFIG\Services: SAEverythingServer => 2
MSCONFIG\Services: sascansvc => 2
MSCONFIG\Services: SAUAVSvc => 2
MSCONFIG\Services: SecureAPlusService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SZDrvSvc_General => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
HKLM\...\StartupApproved\StartupFolder: => "Drive Manager Real-Time.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ImageMixer 3 SE Camera Monitor Ver.6.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "SAAppWhitelistingNotifier"
HKLM\...\StartupApproved\Run: => "SecureAPlus"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "UVS11 Preload"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\StartupFolder: => "WindowsUpdateServic.lnk"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\StartupFolder: => "Monitora avvisi inchiostro - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{26CEE449-C123-45D8-8816-0BD470465F32}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{EA21CE0D-3931-485F-A411-44B4FF8A0010}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe

==================== Restore Points =========================

10-08-2018 18:15:12 Installed LibreOffice 6.1.0.3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2018 05:09:18 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Impossibile ottenere le informazioni del Registro di sistema per i contatori delle prestazioni per WSearchIdxPi per l'istanza a causa del seguente errore: Operazione completata. 0x0.

Error: (08/13/2018 05:09:15 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Impossibile inizializzare il monitoraggio delle prestazioni per l'oggetto Gatherer. I contatori non sono stati caricati oppure non è possibile aprire l'oggetto memoria condivisa. Questo problema influisce solo sulla disponibilità dei contatori delle prestazioni. Riavviare il computer.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 14/08/18 15:44

Contesto: applicazione , catalogo SystemIndex

Error: (08/13/2018 05:09:10 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Impossibile inizializzare il monitoraggio delle prestazioni per il servizio Gatherer. I contatori non sono stati caricati oppure non è possibile aprire l'oggetto memoria condivisa. Questo problema influisce solo sulla disponibilità dei contatori delle prestazioni. Riavviare il computer.

Error: (08/13/2018 04:54:03 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (3376,D,27) SRUJet: Non è stato possibile verificare la pagina del database letta dal file "C:\WINDOWS\system32\SRU\SRUDB.dat" all'offset 10420224 (0x00000000009f0000) (pagina database 2543 (0x9EF)) per 4096 (0x00001000) byte a causa di una mancata corrispondenza del checksum della pagina. Checksum archiviato: [10cb24114a9927e7]. Checksum calcolato: [221722172aebea25]. L'operazione di lettura non verrà effettuata a causa dell'errore -1018 (0xfffffc06). Se tale condizione persiste, ripristinare il database da un backup precedente. Il problema è probabilmente dovuto a un guasto hardware. Rivolgersi al fornitore dell'hardware per assistenza nella diagnosi del problema.

Error: (08/13/2018 04:04:38 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Impossibile ottenere le informazioni del Registro di sistema per i contatori delle prestazioni per WSearchIdxPi per l'istanza a causa del seguente errore: Operazione completata. 0x0.

Error: (08/13/2018 04:04:27 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Impossibile inizializzare il monitoraggio delle prestazioni per l'oggetto Gatherer. I contatori non sono stati caricati oppure non è possibile aprire l'oggetto memoria condivisa. Questo problema influisce solo sulla disponibilità dei contatori delle prestazioni. Riavviare il computer.

Contesto: applicazione , catalogo SystemIndex

Error: (08/13/2018 04:00:56 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Impossibile leggere il valore "First Counter" della chiave usbperf\Performance. I codici di stato sono restituiti nei dati.

Error: (08/13/2018 03:56:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: La procedura Open per il servizio "usbhub" nella DLL "C:\WINDOWS\system32\usbperf.dll" non è riuscita. I dati delle prestazioni per questo servizio non saranno disponibili. I primi quattro byte (DWORD) della sezione Data contengono il codice di errore.


System errors:
=============
Error: (08/13/2018 05:11:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Centro sicurezza PC bloccato in partenza.

Error: (08/13/2018 05:10:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Il server {784E29F4-5EBE-4279-9948-1E8FE941646D} non ha effettuato la registrazione con DCOM nel tempo richiesto.

Error: (08/13/2018 05:08:39 PM) (Source: DCOM) (EventID: 10016) (User: PC)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
all'utente pc\SID user (S-1-5-21-1097068128-1086043455-2594096886-1001) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (08/13/2018 05:07:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (08/13/2018 05:07:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (08/13/2018 05:07:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (08/13/2018 05:07:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (08/13/2018 05:06:00 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume42


Windows Defender:
===================================
Date: 2018-08-12 15:05:23.241
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {59904886-333D-458D-9C86-78A2518F6BE5}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2018-08-11 01:35:00.897
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {DDBEB23B-2DB8-453F-AD95-2E75BAB495F4}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2018-08-07 13:13:27.871
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {96F32D6B-9536-4FF6-97C8-3A54074037C5}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2018-08-07 12:31:33.609
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {45546DC2-46D2-40D4-B736-7216648E80F0}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2018-08-05 20:24:33.678
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {16C61D0B-A048-4EA1-88C3-9E1FF9D9BE59}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2018-08-13 16:59:30.617
Description:
Windows Defender Antivirus: errore della funzionalità di protezione in tempo reale. Operazione non riuscita.
Funzionalità: All'accesso
Codice errore: 0x8007043c
Descrizione errore: Questo servizio non può essere avviato in modalità provvisoria
Motivo: La protezione antimalware ha smesso di funzionare per un motivo sconosciuto. In alcuni casi, è possibile risolvere il problema riavviando il servizio.

Date: 2018-08-13 15:50:18.126
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:
Versione firma precedente: 1.273.1311.0
Origine aggiornamento: Server Microsoft Update
Tipo firma: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente:
Versione motore precedente: 1.1.15100.1
Codice errore: 0x8007043c
Descrizione errore: Questo servizio non può essere avviato in modalità provvisoria

Date: 2018-08-13 15:40:15.171
Description:
Windows Defender Antivirus: errore della funzionalità di protezione in tempo reale. Operazione non riuscita.
Funzionalità: All'accesso
Codice errore: 0x8007043c
Descrizione errore: Questo servizio non può essere avviato in modalità provvisoria
Motivo: La protezione antimalware ha smesso di funzionare per un motivo sconosciuto. In alcuni casi, è possibile risolvere il problema riavviando il servizio.

Date: 2018-08-12 00:27:47.026
Description:
Windows Defender Antivirus: errore della funzionalità di protezione in tempo reale. Operazione non riuscita.
Funzionalità: All'accesso
Codice errore: 0x8007043c
Descrizione errore: Questo servizio non può essere avviato in modalità provvisoria
Motivo: La protezione antimalware ha smesso di funzionare per un motivo sconosciuto. In alcuni casi, è possibile risolvere il problema riavviando il servizio.

Date: 2018-08-11 22:12:07.232
Description:
Windows Defender Antivirus: errore della funzionalità di protezione in tempo reale. Operazione non riuscita.
Funzionalità: Monitoraggio comportamento
Codice errore: 0x80508023
Descrizione errore: Impossibile trovare malware e altro software potenzialmente indesiderato nel dispositivo.
Motivo: La protezione antimalware ha smesso di funzionare per un motivo sconosciuto. In alcuni casi, è possibile risolvere il problema riavviando il servizio.

CodeIntegrity:
===================================

Date: 2018-07-16 13:11:10.620
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-16 12:28:22.521
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-21 01:13:42.480
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-21 01:13:25.345
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-21 01:13:25.152
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-01 15:33:29.987
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-01 15:33:29.985
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-01 15:26:24.562
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 37%
Total physical RAM: 8138.12 MB
Available physical RAM: 5114.09 MB
Total Virtual: 16330.12 MB
Available Virtual: 12976.94 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:457.44 GB) (Free:33.44 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.78 GB) (Free:7.06 GB) NTFS
Drive f: (Maxtor) (Fixed) (Total:931.51 GB) (Free:80.05 GB) NTFS

\\?\Volume{7a0d8bb8-52e7-4faf-9fc8-cf93d2904434}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{0b10258d-e8e3-43a4-bc76-63415f6a6308}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
\\?\Volume{bd97dfae-a81d-49fc-a274-1e2bec831252}\ () (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{46e787ec-cc5c-413c-b2b3-65dc0571e11c}\ (Push Button Reset) (Fixed) (Total:15.14 GB) (Free:1.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 035988C9)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 3D0CF1EB)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 14/08/18 15:47

E questo è il file FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by user (administrator) on PC (13-08-2018 17:24:19)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Windows 10 Home Version 1709 16299.547 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Drive Manager\Drive Manager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Drive Manager\SZDrvMonM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [4253672 2017-08-21] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [7248912 2017-08-22] (SecureAge Technology)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [UVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE\uvPL.exe [341488 2007-04-12] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-05-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\RealDownloader\downloader2.exe [1259704 2017-08-17] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-02-27] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk [2014-05-16]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2016-06-14]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Drive Manager Real-Time.lnk [2017-07-22]
ShortcutTarget: Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Drive Manager\ABRTMonM.exe (Clarus, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk [2013-11-04]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2016-06-14]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Deskjet 1510 series.lnk [2014-02-16]
ShortcutTarget: Monitora avvisi inchiostro - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b3caeebf-3743-4152-a0f7-ccf641e2a859}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db7a054f-1c68-403d-a191-bd63bec47ab5}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e5bd8693-02d6-4653-9634-69a1f49a166b}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.libero.it/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {8C9638F5-D2D1-4BFD-9AC1-4BF407052A00} URL =
SearchScopes: HKU\S-1-5-21-1097068128-1086043455-2594096886-1001 -> {8C9638F5-D2D1-4BFD-9AC1-4BF407052A00} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-03] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-08-03] (Oracle Corporation)
BHO-x32: PDF Architect 6 Helper -> {9FD094B1-A4BF-415A-82AE-8C2845D0B769} -> C:\Program Files (x86)\PDF Architect 6\creator\plugins\IEAddin\creator-ie-helper.dll [2018-03-12] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-03] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - PDF Architect 6 Toolbar - {E8536605-CA24-4DFF-B1BC-316EE27F6DF7} - C:\Program Files (x86)\PDF Architect 6\creator\plugins\IEAddin\creator-ie-plugin.dll [2018-03-12] (pdfforge GmbH)

FireFox:
========
FF DefaultProfile: lwhvw66s.default-1512345111771
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lwhvw66s.default-1512345111771 [2018-08-10]
FF Extension: (Avast SafePrice) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lwhvw66s.default-1512345111771\Extensions\sp@avast.com.xpi [2018-01-23]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lwhvw66s.default-1512345111771\Extensions\wrc@avast.com.xpi [2017-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-30] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1097068128-1086043455-2594096886-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.libero.it/
CHR StartupUrls: Default -> "hxxp://www.libero.it/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Presentazioni) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-23]
CHR Extension: (Documenti) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-23]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-23]
CHR Extension: (Windows Defender Browser Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2018-04-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-23]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-25]
CHR Extension: (Fogli) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-23]
CHR Extension: (Componente aggiuntivo per disattiv. Analytics) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2018-07-22]
CHR Extension: (Google Documenti offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-23]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-02]
CHR HKU\S-1-5-21-1097068128-1086043455-2594096886-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S4 Everything; C:\Program Files\SecureAge\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [97824 2018-02-01] (Freemake)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-04-26] (Hauppauge Computer Works)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation)
S4 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-01-07] (Power Admin LLC)
R2 PDF Architect 6 Creator; C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe [874680 2018-03-12] (pdfforge GmbH)
R2 PDF Architect 6 Manager; C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe [999200 2018-04-20] (© pdfforge GmbH.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-02-27] (Geek Software GmbH)
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-30] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-08-17] (RealNetworks, Inc.)
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-30] (RealNetworks, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S4 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [1045192 2017-08-22] (SecureAge Technology)
S4 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [214000 2017-03-03] (SecureAge Technology)
S4 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1112160 2017-04-18] (SecureAge Technology)
S4 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1223912 2017-08-22] (SecureAge Technology)
S4 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1062720 2017-08-22] (SecureAge Technology)
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [294912 2018-08-03] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SZDrvSvc_General; C:\Program Files (x86)\Clarus\Drive Manager\SZDrvSvcM.exe [24792 2016-05-12] (Clarus, Inc.)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [294168 2017-10-03] (Reason Software Company Inc.)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-20] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
S4 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\drivers\61883.sys [62976 2017-09-29] (Microsoft Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 hcw10bda; C:\WINDOWS\system32\drivers\hcw10bda.sys [886280 2016-03-02] (Hauppauge Computer Works, Inc.)
R2 hcw10cir; C:\WINDOWS\system32\drivers\hcw10cir.sys [64648 2016-03-02] (Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2013-11-23] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-14] (REALiX(tm))
S3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
S3 mvdM23; C:\Program Files (x86)\Clarus\Drive Manager\mvdM23.sys [100912 2015-12-02] ()
R0 MxEFUF; C:\WINDOWS\System32\drivers\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvae.inf_amd64_4f5630adbfb837bb\nvlddmkm.sys [15620208 2017-09-28] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [429568 2017-07-13] (Realsil Semiconductor Corporation)
R0 SAAppCtl; C:\WINDOWS\System32\DRIVERS\saappctl.sys [270760 2017-06-11] (SecureAge Technology)
R0 sascan; C:\WINDOWS\System32\DRIVERS\sascan.sys [95216 2017-08-13] (SecureAge Technology)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-05-11] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-13 17:24 - 2018-08-13 17:28 - 000028026 _____ C:\Users\user\Desktop\FRST.txt
2018-08-13 17:23 - 2018-08-13 17:23 - 002412544 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2018-08-13 17:23 - 2018-08-13 17:23 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2018-08-13 17:15 - 2018-08-13 17:15 - 002412544 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2018-08-13 17:04 - 2018-08-13 17:04 - 007759067 _____ C:\unp306839263836964791i-manual.mdmp
2018-08-13 16:57 - 2018-08-13 16:57 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-08-13 16:45 - 2018-08-13 16:46 - 008286308 _____ C:\unp306839241504859381i-manual.mdmp
2018-08-13 16:31 - 2018-08-13 16:31 - 000000000 ____D C:\Users\user\AppData\Local\Clarus
2018-08-13 11:58 - 2018-08-13 11:58 - 000009339 _____ C:\Users\user\Desktop\WhySoSlow.odt
2018-08-13 11:28 - 2018-08-13 11:28 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1097068128-1086043455-2594096886-1001
2018-08-13 11:28 - 2018-08-13 11:28 - 000002414 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-13 01:55 - 2018-08-13 15:59 - 000000000 ____D C:\Program Files\WhySoSlow
2018-08-13 01:55 - 2018-08-13 01:55 - 000000869 _____ C:\Users\user\Desktop\WhySoSlow.lnk
2018-08-13 01:55 - 2018-08-13 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhySoSlow
2018-08-13 01:55 - 2016-12-17 19:59 - 000028928 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspWhy64.sys
2018-08-12 02:23 - 2018-08-12 02:23 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-12 00:33 - 2018-08-12 00:33 - 007738075 _____ C:\unp306835871402442023i-manual.mdmp
2018-08-12 00:25 - 2018-08-13 15:51 - 000385756 _____ C:\WINDOWS\ntbtlog.txt
2018-08-12 00:07 - 2018-08-12 00:08 - 010015056 _____ (AVAST Software) C:\Program Files (x86)\avastclear.exe
2018-08-12 00:04 - 2018-08-12 00:04 - 008286102 _____ C:\unp306835831105439913i-manual.mdmp
2018-08-11 23:15 - 2018-08-11 23:15 - 000011417 _____ C:\Users\user\Desktop\Registrare.odt
2018-08-11 17:21 - 2018-08-11 17:33 - 000000000 ____D C:\Users\user\Desktop\Nuova cartella
2018-08-11 03:03 - 2018-08-11 03:10 - 000000000 ___HD C:\$WINDOWS.~BT
2018-08-11 02:54 - 2018-08-11 03:03 - 000000036 _____ C:\WINDOWS\progress.ini
2018-08-11 02:54 - 2018-08-11 02:54 - 000000270 __RSH C:\ProgramData\ntuser.pol
2018-08-11 02:39 - 2018-08-11 03:14 - 000000000 ___HD C:\$GetCurrent
2018-08-11 02:39 - 2018-08-11 02:54 - 000000000 ____D C:\Windows10Upgrade
2018-08-11 01:31 - 2018-08-11 01:31 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-08-10 18:19 - 2018-08-10 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1
2018-08-10 18:17 - 2018-08-10 18:18 - 000000000 ____D C:\Program Files\LibreOffice
2018-08-10 17:15 - 2018-08-10 17:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-08-10 17:14 - 2018-08-10 17:15 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-08-10 17:07 - 2018-08-10 17:16 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-08-10 15:22 - 2018-08-10 15:22 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-10 15:22 - 2018-08-10 15:22 - 000002842 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-10 15:22 - 2018-08-10 15:22 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-10 15:22 - 2018-08-10 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-10 15:21 - 2018-08-10 15:22 - 000000000 ____D C:\Program Files\CCleaner
2018-08-10 15:09 - 2018-08-10 15:11 - 015989160 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup544.exe
2018-08-08 22:06 - 2018-08-08 22:06 - 000243347 _____ C:\Users\user\Downloads\giftcard.pdf
2018-08-08 20:21 - 2018-08-08 20:21 - 000000000 ____D C:\Users\user\ansel
2018-08-08 19:14 - 2018-08-08 19:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-08 19:14 - 2017-09-16 19:17 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-08-08 19:14 - 2017-07-20 19:21 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-08-08 19:14 - 2017-07-20 19:21 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-08-08 19:14 - 2017-07-20 19:21 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-08-08 19:14 - 2017-07-20 19:21 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-08-08 19:13 - 2017-09-16 19:34 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-08-08 19:10 - 2018-08-08 19:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-08-08 18:20 - 2018-07-19 19:44 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-08-08 18:19 - 2018-06-08 03:59 - 000069544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-08-08 18:19 - 2018-04-24 19:29 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-08-08 18:10 - 2018-08-08 18:11 - 000009443 _____ C:\Users\user\Desktop\Ipsos i-Say.odt
2018-08-08 00:07 - 2018-08-08 00:07 - 000003016 _____ C:\WINDOWS\System32\Tasks\oCamTask
2018-08-08 00:07 - 2018-08-08 00:07 - 000001028 _____ C:\Users\Public\Desktop\oCam.lnk
2018-08-06 23:00 - 2018-08-06 23:01 - 000009124 _____ C:\Users\user\Desktop\Driver che ho aggiornato.odt
2018-08-04 19:13 - 2018-08-04 19:13 - 000010316 _____ C:\Users\user\Desktop\Everyone.odt
2018-08-03 23:00 - 2018-08-03 23:00 - 000144702 _____ C:\Users\user\Downloads\temp_5b64afc914e82.pdf
2018-08-03 21:39 - 2018-08-03 21:39 - 000069613 _____ C:\Users\user\Desktop\e5c16c45-f715-4a9f-a712-000a93eb5e9e.pdf
2018-08-03 13:26 - 2018-08-03 13:25 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-03 13:26 - 2018-08-03 13:18 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-08-03 11:37 - 2018-08-03 11:37 - 000002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 11:37 - 2018-08-03 11:37 - 000002255 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 11:37 - 2018-08-03 11:37 - 000000000 ____D C:\Program Files\Google
2018-08-01 18:54 - 2018-08-13 17:05 - 117178368 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-08-01 18:44 - 2018-08-01 18:54 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-07-31 17:07 - 2018-07-31 17:07 - 000162113 _____ C:\Users\user\Downloads\52- offerta CTG per Sinergas-Sport Planet di Forli.pdf
2018-07-31 17:07 - 2018-07-31 17:07 - 000162113 _____ C:\Users\user\Downloads\52- offerta CTG per Sinergas-Sport Planet di Forli (1).pdf
2018-07-30 15:28 - 2018-07-30 15:28 - 000000966 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2018-07-30 15:28 - 2018-07-30 15:28 - 000000936 _____ C:\Users\user\Desktop\4K Video Downloader.lnk
2018-07-30 15:28 - 2018-07-30 15:28 - 000000000 ____D C:\Program Files\4KDownload
2018-07-26 01:48 - 2018-07-26 01:49 - 000010195 _____ C:\Users\user\Desktop\Free Youtube Downloader.odt
2018-07-25 23:20 - 2018-07-25 23:25 - 000000000 ____D C:\Users\user\Downloads\[ www.Torrentday.com ] - Interior.Leather.Bar.2013.LIMITED.DVDRip.x264-AN0NYM0US
2018-07-25 21:20 - 2018-07-25 21:20 - 000177519 _____ C:\Users\user\Downloads\Villapana SpA_108_2008.pdf
2018-07-25 21:19 - 2018-07-25 21:19 - 000213760 _____ C:\Users\user\Desktop\Elenco_Biogas_2015_giugno.pdf
2018-07-25 21:14 - 2018-07-25 21:14 - 000238972 _____ C:\Users\user\Downloads\Elenco_Biogas_2015_giugno.pdf
2018-07-24 21:39 - 2018-07-24 21:39 - 002537160 _____ C:\Users\user\Downloads\Malwarebytes-User-Guide.pdf
2018-07-23 11:21 - 2018-07-23 11:21 - 001566930 _____ C:\Users\user\Downloads\Manifestazione di Interesse.pdf
2018-07-22 16:45 - 2018-07-22 16:45 - 000030182 _____ C:\Users\user\Downloads\Statement_Jul 2018 (1).pdf
2018-07-16 19:34 - 2018-07-16 19:34 - 007402192 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.2.1 (1).exe
2018-07-16 12:27 - 2018-07-16 13:10 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-16 12:27 - 2018-07-16 12:27 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-16 12:27 - 2018-07-16 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-16 09:43 - 2018-07-16 09:43 - 000004560 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-07-16 09:42 - 2018-07-16 09:42 - 000001147 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-07-15 15:01 - 2018-07-15 15:01 - 000030183 _____ C:\Users\user\Downloads\Statement_Jul 2018.pdf
2018-07-14 22:46 - 2018-07-14 22:46 - 000001095 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-13 17:24 - 2018-04-28 16:20 - 000000000 ____D C:\FRST
2018-08-13 17:23 - 2018-03-21 10:51 - 061391761 _____ C:\WINDOWS\system32\Drivers\whitelist2.sa
2018-08-13 17:19 - 2018-05-03 02:11 - 003233918 _____ C:\WINDOWS\system32\Drivers\whitelist_observation.sa
2018-08-13 17:17 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-08-13 17:06 - 2017-12-25 00:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-13 17:06 - 2017-01-29 18:54 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-13 17:06 - 2015-09-13 15:13 - 000000000 ____D C:\ProgramData\Hauppauge
2018-08-13 17:06 - 2013-12-28 17:10 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-13 17:05 - 2017-09-29 10:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-13 17:04 - 2017-12-06 17:33 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-08-13 16:57 - 2016-06-06 19:54 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2018-08-13 14:33 - 2017-12-25 00:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-13 11:28 - 2013-11-20 10:46 - 000000000 __RDO C:\Users\user\SkyDrive
2018-08-13 11:24 - 2017-09-02 14:59 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-08-13 01:23 - 2013-10-19 18:15 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2018-08-12 22:07 - 2017-09-29 15:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-11 22:54 - 2015-08-02 16:35 - 000000000 ____D C:\Users\user\Documents\oCam
2018-08-11 22:11 - 2017-09-29 10:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-11 12:56 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-11 12:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-11 03:14 - 2017-12-25 00:39 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-08-11 03:14 - 2017-12-25 00:39 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-08-11 03:09 - 2018-05-21 01:25 - 000000000 ____D C:\WINDOWS\Panther
2018-08-11 02:31 - 2018-05-08 09:06 - 000588288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-11 02:13 - 2017-01-06 02:58 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-08-10 17:32 - 2013-10-05 15:14 - 000000000 ____D C:\Users\user\Desktop\Stars Services
2018-08-10 16:50 - 2018-07-11 09:53 - 000000000 ____D C:\Program Files\rempl
2018-08-09 02:22 - 2013-10-05 14:48 - 000000000 ____D C:\Users\user\Desktop\Contenuto vecchio Desktop
2018-08-08 22:36 - 2018-03-28 22:16 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 22:36 - 2018-03-28 22:16 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 22:32 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-08-08 22:32 - 2017-07-11 10:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-08 22:32 - 2017-07-11 10:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-08-08 22:32 - 2017-07-11 10:15 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-08 22:32 - 2017-01-14 00:56 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2018-08-08 19:59 - 2013-08-29 04:52 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-08-08 19:18 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-08 19:16 - 2013-12-27 17:50 - 000000000 ____D C:\temp
2018-08-08 18:22 - 2017-12-25 00:37 - 001710898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-08 18:22 - 2017-09-30 16:40 - 000761440 _____ C:\WINDOWS\system32\perfh010.dat
2018-08-08 18:22 - 2017-09-30 16:40 - 000139338 _____ C:\WINDOWS\system32\perfc010.dat
2018-08-08 00:07 - 2015-08-02 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam
2018-08-08 00:07 - 2015-08-02 16:34 - 000000000 ____D C:\Program Files (x86)\oCam
2018-08-07 11:44 - 2017-08-23 14:10 - 000000000 ____D C:\ProgramData\ProductData
2018-08-06 18:10 - 2013-10-05 15:16 - 000000000 ____D C:\Users\user\Desktop\Studio 82
2018-08-03 13:26 - 2015-05-23 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-03 13:25 - 2015-08-10 16:58 - 000000000 ____D C:\Program Files\Java
2018-08-03 13:17 - 2017-01-14 02:46 - 000000000 ____D C:\Program Files (x86)\Java
2018-08-03 02:13 - 2013-11-09 16:44 - 000000000 ____D C:\Users\user\AppData\Roaming\qBittorrent
2018-08-02 22:21 - 2015-11-28 19:03 - 000000000 ____D C:\Users\user\AppData\Local\eMule
2018-08-01 00:01 - 2013-10-05 14:52 - 000000000 ____D C:\Users\user\Desktop\Falsini
2018-07-31 09:24 - 2018-03-01 17:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-31 09:18 - 2018-06-28 09:11 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 14:09 - 2013-04-27 16:38 - 000000000 ____D C:\Program Files (x86)\4KDownload
2018-07-27 15:54 - 2014-07-14 20:08 - 000020492 _____ C:\Users\user\Desktop\Compleanni.odt
2018-07-24 15:47 - 2013-10-05 14:47 - 000000000 ____D C:\Users\user\Desktop\Amex
2018-07-23 17:18 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-17 09:20 - 2013-12-13 15:38 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 22:42 - 2013-12-26 01:08 - 000012724 _____ C:\Users\user\Desktop\Torrent.odt
2018-07-16 09:43 - 2018-05-05 01:59 - 000004708 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-16 09:43 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-16 09:43 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-16 09:43 - 2016-02-21 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-16 09:43 - 2015-02-02 22:19 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-16 09:42 - 2013-11-03 21:22 - 000000000 ____D C:\Program Files\WinRAR
2018-07-15 12:14 - 2014-08-16 17:01 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
2018-07-15 00:33 - 2013-10-05 15:13 - 000000000 ____D C:\Users\user\Desktop\Musica
2018-07-14 22:46 - 2016-08-06 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

==================== Files in the root of some directories =======

2017-07-02 01:06 - 2017-07-02 01:07 - 004110280 _____ () C:\Program Files (x86)\AdwCleaner.exe
2018-08-12 00:07 - 2018-08-12 00:08 - 010015056 _____ (AVAST Software) C:\Program Files (x86)\avastclear.exe
2018-03-28 22:16 - 2018-03-29 02:00 - 007649280 _____ () C:\Program Files (x86)\GUT8148.tmp
2013-12-27 18:57 - 2013-12-27 19:02 - 098307376 _____ () C:\Program Files (x86)\HP 1510.exe.exe
2017-07-02 01:34 - 2017-07-02 01:36 - 001663672 _____ (Malwarebytes) C:\Program Files (x86)\JRT.exe
2017-07-01 17:08 - 2017-07-01 17:17 - 1810169856 _____ () C:\Program Files (x86)\Linuxmint-18.1-cinnamon-64bit.iso
2013-10-05 16:09 - 2013-10-05 16:09 - 000573640 _____ (Microsoft Corporation) C:\Program Files (x86)\Office.exe
2018-05-19 01:37 - 2018-05-19 01:38 - 016436136 _____ (Geek Software GmbH ) C:\Program Files (x86)\pdf24-creator.exe
2013-11-24 20:08 - 2013-11-24 20:08 - 001191834 _____ () C:\Program Files (x86)\ProcessExplorer.zip
2013-10-05 16:27 - 2013-10-05 16:27 - 005307496 _____ (Tlapia) C:\Program Files (x86)\real-player.exe
2017-08-21 10:22 - 2017-08-21 10:23 - 000961144 _____ (Akeo Consulting (http://akeo.ie)) C:\Program Files (x86)\rufus-2.16.exe
2017-06-25 18:01 - 2017-08-21 11:23 - 000000116 _____ () C:\Program Files (x86)\rufus.ini
2016-03-21 00:33 - 2016-03-21 00:34 - 001116960 _____ (Lazesoft) C:\Program Files (x86)\Windowskeyfinder.exe
2016-06-06 21:00 - 2016-06-06 21:03 - 157443592 _____ () C:\Program Files (x86)\wintv8setup_34117.exe
2017-02-19 19:53 - 2017-02-19 19:53 - 000046682 _____ () C:\Program Files (x86)\wushowhide.diagcab
2014-10-18 17:26 - 2017-02-11 20:00 - 000000837 _____ () C:\Users\user\AppData\Roaming\burnaware.ini
2015-03-22 01:21 - 2015-07-26 22:00 - 000000096 _____ () C:\Users\user\AppData\Roaming\Camdata.ini
2015-03-22 01:21 - 2015-07-26 22:00 - 000000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini
2015-03-22 01:21 - 2015-07-26 22:00 - 000000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini
2015-03-22 01:18 - 2015-07-26 22:00 - 000004534 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg
2014-06-19 12:08 - 2014-06-19 12:08 - 000000024 _____ () C:\Users\user\AppData\Roaming\temp.ini
2015-07-26 19:40 - 2015-07-26 19:40 - 000000096 _____ () C:\Users\user\AppData\Roaming\version2.xml
2013-11-02 18:38 - 2013-11-02 21:45 - 000001649 _____ () C:\Users\user\AppData\Local\Cracklock.settings
2014-03-09 22:30 - 2017-08-12 21:39 - 000009728 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-17 19:03 - 2017-06-17 19:03 - 000000001 _____ () C:\Users\user\AppData\Local\RawCopy.1.10.agreement
2017-06-17 19:05 - 2017-06-17 19:05 - 000000044 _____ () C:\Users\user\AppData\Local\RawCopy.opendialog.dir
2017-06-17 19:05 - 2017-06-17 19:05 - 000000001 _____ () C:\Users\user\AppData\Local\RawCopy.opendialog.filterindex
2017-06-17 19:09 - 2017-06-17 22:18 - 000000001 _____ () C:\Users\user\AppData\Local\RawCopy.sourcedisk.index
2017-11-17 19:48 - 2017-11-17 19:48 - 000000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-08-07 23:20 - 2018-08-07 23:20 - 009263440 _____ (http://ohsoft.net/ ) C:\Users\user\AppData\Local\Temp\tmp4875.tmp.exe
2018-08-08 00:05 - 2018-08-08 00:05 - 009263440 _____ (http://ohsoft.net/ ) C:\Users\user\AppData\Local\Temp\tmp5984.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-08 12:41

==================== End of FRST.txt ============================
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 14/08/18 17:53

valyfilm ha scritto:Vi dico due stranezze:
1) Non trovo più nulla con la rete Kad di eMule;
2) Utilizzando Google Chrome quando cancello una mail su http://www.hotmail.com spariscono anche tutte le altre e per rivederle devo aggiornare la pagina. Risolvo il problema ripristinando le impostazioni predefinite originali di Chrome, cosa che cancella anche i cookie, ma poco dovo torno a riavere il problema.
Che siano due indizi?


Non avendo oggi il problema della lentezza mi sono azzardato ad avviare eMule e le cose che ieri non trovavo con la rete Kad oggi le ho trovate. Poi si è attivato Antimalware Service Executable andando ad occupare dal 25 al 27% della CPU come ieri e non mi ha fatto trovare ancora nulla con la rete Kad e ha rallentato il pc e, come ieri, mi ha mandato a nero i documenti di testo. Poi Antimalware Service Executable è tornato alla normalità e il pc è tornato veloce. Il documento di testo quando lo apro dall'essere minimizzato è ancora tutto nero ma adesso solo per un pò poi diventa visibile.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 14/08/18 18:15

Ho cantato troppo presto. Ora l'enorme lentezza la riscontro sul documento di testo, è un LibreOffice. Si avvia quel maledetto Antimalware Service Executable.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi valyfilm » 14/08/18 20:51

WhySoSlow non funziona.
valyfilm
Utente Senior
 
Post: 885
Iscritto il: 04/07/04 18:45
Località: Forlì

Re: Windows Defender

Postdi nikita75 » 15/08/18 09:42

valy devi aprire un post in sicurezza e privacy - sicuramente sei infetto!
dalle informazioni che ci hai trasmesso era comprensibile con la cpu al 100%

nel log postato di farbarn hai tantissimi attention!!

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Updater By SweetPacks 2.0.0.616 (HKLM\...\{8E9E3331-D360-4f87-8803-52DE43566502}_is1) (Version: 2.0.0.616 - SweetPacks) <==== ATTENTION
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Windows Defender

Postdi fax71ita » 15/08/18 14:04

Ciao
Non diventate matti....
Windows 10 può essere reinstallato senza perdere dati oppure enplace oppure da zero.
Valyfilm scegli tu come e risolvi tutto e bene in 30 minuti.
Avatar utente
fax71ita
Utente Senior
 
Post: 1846
Iscritto il: 20/03/15 10:43
Località: Torino

PrecedenteProssimo

Torna a Software Windows


Topic correlati a "Windows Defender":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 153 ospiti