Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.12.2018 Ran by Renato (27-12-2018 12:24:37) Running from E:\Download Windows 7 Ultimate Service Pack 1 (X64) (2015-09-22 11:55:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2002345239-655225903-965150095-500 - Administrator - Disabled) Guest (S-1-5-21-2002345239-655225903-965150095-501 - Limited - Enabled) Renato (S-1-5-21-2002345239-655225903-965150095-1000 - Administrator - Enabled) => C:\Users\Renato ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd) Aggiornamenti NVIDIA 17.12.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 17.12.8 - NVIDIA Corporation) Hidden Aiseesoft Screen Recorder 1.1.26 (HKLM-x32\...\{DD85E531-C84E-4247-B7A3-5F0C22D276DB}_is1) (Version: 1.1.26 - Aiseesoft Studio) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon) AOMEI Partition Assistant Pro Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - AOMEI Technology Co., Ltd.) Assessments on Client (HKLM-x32\...\{C1C83898-5A60-AE9D-A3AB-7534375CA453}) (Version: 8.100.26866 - Microsoft) Hidden aTube Catcher versione 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - ) Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 50 - Convivea Inc.) calibre 64bit (HKLM\...\{A33E95E6-DB38-420F-895B-05AEB14D114A}) (Version: 3.21.0 - Kovid Goyal) Classic Menu for Office Enterprise 2010 and 2013 v5.80 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.80 - Addintools) ClipCache Pro 3.4.4 (HKLM-x32\...\ClipCache_is1) (Version: - XRayz Software) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Debut - Software di Acquisizione Video (HKLM-x32\...\Debut) (Version: 5.10 - NCH Software) DIY DataRecovery MBRtool (HKLM-x32\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl) Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.0.200 - Nuance Communications Inc.) EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) eMule (HKLM-x32\...\eMule) (Version: - ) FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3965 - OpenSight Software LLC) Fotosizer 3.06.0 (HKLM\...\Fotosizer) (Version: 3.06.0.564 - Fotosizer.com) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation) Free Video to JPG Converter (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.101.201 - Digital Wave Ltd) FreeFileSync 8.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.6 - www.FreeFileSync.org) Freemake Video Converter versione 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation) GewaControlTool (HKLM-x32\...\{3C143A5D-F24C-47A8-BD77-0D85B02C766B}) (Version: 2.00.0005 - Abilia AB) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden hide.me VPN 2.1.1 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 2.1.1 - eVenture Limited) HotKeyMan (HKLM\...\HotKeyMan_is1) (Version: - Kim Jensen) HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard) HP Deskjet 2510 series Software di base dispositivo (HKLM\...\{5D2F397F-D2E1-4519-83CD-686A6E21FE5B}) (Version: 27.0.847.0 - Hewlett-Packard Co.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden MakeMKV v1.10.7 (HKLM-x32\...\MakeMKV) (Version: v1.10.7 - GuinpinSoft inc) Malwarebytes versione 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) MediaInfo 0.7.99 (HKLM\...\MediaInfo) (Version: 0.7.99 - MediaArea.net) MemoRex - Disinstallazione (HKLM-x32\...\MemoRex_is1) (Version: 1.9 - Stefano Dardari - SDStudio) Microsoft .NET Framework 4.7 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation) MKVToolNix 21.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 21.0.0 - Moritz Bunkus) Mozilla Firefox 62.0.2 (x64 it) (HKLM\...\Mozilla Firefox 62.0.2 (x64 it)) (Version: 62.0.2 - Mozilla) Mozilla Thunderbird 60.3.3 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 60.3.3 (x86 it)) (Version: 60.3.3 - Mozilla) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multiple Image Resizer .NET 4.5.2 (HKLM-x32\...\Multiple Image Resizer .NET 4.5.2) (Version: 4.5.2.1 - Acumen Business Systems Ltd) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6 - Notepad++ Team) NVIDIA Driver 3D Vision 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA Driver audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Driver del controller 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA Driver grafico 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) ophcrack 3.6.0 (HKLM\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA) Paint Shop Pro 7 Evaluation (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) Pannello di controllo NVIDIA 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.44 - NVIDIA Corporation) Hidden PDFill FREE PDF Editor Basic (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 14.0 - PlotSoft LLC) PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.5 - Bluefive software) Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation) qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.70 - Denis Kozlov) Renee PDF Aide 2015.05.25.58 (HKLM-x32\...\{9282228A-6DE7-4BD6-B314-C41DB8F941FE}_is1) (Version: 2015.05.25.58 - Rene.E Laboratory) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden Sound Blaster X-Fi Go! Pro (HKLM-x32\...\{587B7A6F-CA1F-4639-9083-16F9BB2363B4}) (Version: 1.0 - Creative Technology Limited) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) Startup Delayer v3.0 (build 366) (HKLM-x32\...\Startup Delayer) (Version: 3.0 (build 366) - r2 Studios) Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - ) Symantec System Recovery 2013 R2 (HKLM\...\{6F05024B-4D3C-41F8-833E-EB3F2FA8828A}) (Version: 11.1.0.53728 - Symantec Corporation) Hidden Symantec System Recovery 2013 R2 (HKLM\...\Symantec System Recovery) (Version: 11.1.0.53728 - Symantec Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.3399 - TeamViewer) Toolkit Documentation (HKLM-x32\...\{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}) (Version: 8.100.26866 - Microsoft) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH) TrayDay v7 (HKLM-x32\...\TrayDay_is1) (Version: - MJMSoft Design) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) Volume2 1.1.4 (HKLM-x32\...\Volume2) (Version: 1.1.4 - Alexandr Irza) WickrMe (HKLM-x32\...\{767F7979-22F5-4FCB-BD09-DBC6A524BEC8}) (Version: 4.16.3 - Wickr Inc.) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation) WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WonderFox DVD Ripper Pro 9.7 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 9.7 - WonderFox Soft, Inc.) Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software) WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26866 - Microsoft) Hidden WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26837 - Microsoft) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\ChromeHTML: -> <==== ATTENTION ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> [CC]{A94757A0-0226-426F-B4F1-4DF381C630D3} => -> No File ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => -> No File ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll -> No File ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> [CC]{FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Applicazioni varie\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project) ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Applicazioni varie\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Applicazioni varie\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project) ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll -> No File ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation) ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Applicazioni varie\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd) ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project) ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => -> No File ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll -> No File ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Applicazioni varie\Unlocker\UnlockerCOM.dll [2010-07-15] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {030AA3A4-DE4C-411E-B397-5F4D836E2ABE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {0BAD0D61-4614-4FAF-A3C0-1DFC0998E09F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {15E2AD61-391D-447E-8BE4-886EDB668295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {4109ADE9-8649-4D39-8C96-D245C798E505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated) Task: {43CBDD18-4D1A-40BB-BD5B-53DCC0D3D299} - System32\Tasks\Backup telefilm sottotitolati => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) Task: {4AD6ADAF-06BD-483C-9BBF-42A6F91078C8} - System32\Tasks\Backup vecchi film alta definizione => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) Task: {4E45D0C5-09BF-4B8E-897D-D3BD6EB9130B} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe Task: {632AFD0E-B28C-4D20-A1FA-5A0BEB6F8F0A} - System32\Tasks\Backup film sottotitolati => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) Task: {71FE810F-7CE3-4B2B-81C6-0A279556BA0F} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe Task: {8C17F190-FF29-4D50-B1AC-F5E90322444D} - System32\Tasks\Backup vecchi film sottotitolati => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) Task: {B6224A4D-3667-47D8-B8E4-9BE140266455} - System32\Tasks\Backup film alta definizione => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) Task: {C33AACC8-93F5-46B7-9489-199EE4AC100B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.) Task: {DC9FE6FB-BF3D-4112-9CF6-83C22CCDFD6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated) Task: {FAD5D6E2-86D4-4B1D-9F24-E1217068B982} - System32\Tasks\Backup telefilm in italiano => C:\Program Files\Applicazioni varie\FreeFileSync\FreeFileSync.exe [2016-10-25] (www.FreeFileSync.org) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-22 14:25 - 2015-02-04 03:21 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-09-06 16:33 - 2001-09-28 22:30 - 000057344 _____ () C:\Program Files (x86)\Applicazioni varie\Hide it\HideIt.exe 2015-10-01 14:13 - 2013-01-16 19:45 - 003157504 _____ () C:\Program Files\Applicazioni varie\Hotkeyman\HotKeyMan.exe 2018-10-06 10:01 - 2018-12-12 08:33 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2015-10-01 14:07 - 2013-10-31 17:27 - 036229696 _____ () C:\Program Files (x86)\Pdf\Foxit Reader\Foxit Reader.exe 2018-12-18 03:29 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-18 03:29 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll 2018-02-25 14:15 - 2017-03-20 17:06 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll 2018-02-25 14:17 - 2017-03-20 17:06 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2018-02-25 14:17 - 2017-03-20 17:06 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2018-02-25 14:17 - 2017-03-20 17:06 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2017-09-06 16:33 - 2001-09-28 22:08 - 000024576 _____ () C:\Program Files (x86)\Applicazioni varie\Hide it\HotDll.dll 2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-10-01 14:07 - 2013-09-27 13:19 - 000561152 _____ () C:\Program Files (x86)\Pdf\Foxit Reader\plugins\CommentsSummary.fpi 2015-10-01 14:07 - 2013-09-27 14:54 - 001746432 _____ () C:\Program Files (x86)\Pdf\Foxit Reader\plugins\Speech.fpi ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftUpdateCatalogWebControl.dll:BDU [0] AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [246] AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE [418] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2002345239-655225903-965150095-1000\...\123simsen.com -> www.123simsen.com There are 7936 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2018-02-28 00:33 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15600 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2002345239-655225903-965150095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Renato\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp DNS Servers: 8.8.8.8 - 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5B0E23FC-03EC-47B3-9136-627628E1D392}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{913B7D6C-D8A6-499D-9448-16E7DC4B035F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{A55C8DE1-2035-4144-912F-E1CEACB13304}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) FirewallRules: [{752F698F-07FE-4676-AB9D-EBDC2DA75861}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) FirewallRules: [{293DF479-55B7-42C3-AD84-B98305BF9FBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) FirewallRules: [{F45BC97C-7563-45EA-A397-BBD37407061F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) FirewallRules: [{7142CBF4-1FBF-4572-821D-11076B1B597E}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager-Admin.exe No File FirewallRules: [{0B6EC423-40A8-4021-84C3-06B16F6E21AE}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager.exe No File FirewallRules: [{249A4F6E-DB26-4D38-9AC4-9227AF629C78}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager.exe No File FirewallRules: [{9EECA883-7C05-4EFE-83AF-F9619FD1CD78}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager-Admin.exe No File FirewallRules: [TCP Query User{F7C2A72C-9FC7-469E-B1CE-27697D546BD1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation) FirewallRules: [UDP Query User{3DE3000C-8F34-417C-A472-D7CC903EE454}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation) FirewallRules: [{E9FED883-0851-4A5F-B4B7-CFBDC2773BEB}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe (Hewlett-Packard Co.) FirewallRules: [{91C8DEF5-93C4-4553-B524-CAE02A16FEBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{00F64377-8D47-4032-8CC3-E42840C23C03}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{3D32DF4F-A340-4EF4-B21C-9E422A5ACAD4}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager.exe No File FirewallRules: [{C0210375-9CF2-4E4B-96B7-FE0F2349D7F9}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager.exe No File FirewallRules: [{D3456BD8-60AE-4934-9486-6DB2FBBB3467}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager-Admin.exe No File FirewallRules: [{17BE8085-5606-4BAF-93F5-3DDF06C575BB}] => (Block) %ProgramFiles%\Applicazioni varie\Classic Menu for Office\OfficeMenu2010Manager-Admin.exe No File FirewallRules: [{2401DBC0-49C0-4975-B554-FAD418D62E38}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe (Hewlett-Packard Co.) FirewallRules: [{1AE2C3B8-701F-4177-AACF-118A376914C8}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe (Hewlett-Packard Co.) FirewallRules: [{570DC326-2B6B-446D-AEAA-38FCDC33E41A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{021575C8-1E84-48B7-8635-65DB97F84219}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{B65E0494-3612-472A-B62B-0E0BDCE3CE9E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{3ADF0A97-57BA-4D82-9E6E-3DDD08B2A4C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [TCP Query User{0D4B7EFB-B8B3-4A73-8B0A-8AFE3306A604}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software, LLC) FirewallRules: [UDP Query User{735010C9-532E-4149-B5B7-79E8314E55F4}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software, LLC) FirewallRules: [{B4026FC5-4A95-4D11-B346-E762DE210E51}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://www.emule-project.net) FirewallRules: [{43515CE6-8F91-4A74-AE84-B9EB97CCB639}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://www.emule-project.net) FirewallRules: [{7A5C3DE7-BDF3-4841-9D25-F4C69EA68151}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://www.emule-project.net) FirewallRules: [{C8E5FBC2-193D-41BF-922D-30BA585FF46F}] => (Allow) C:\Program Files (x86)\eMule\emule.exe (hxxp://www.emule-project.net) FirewallRules: [TCP Query User{64721438-D275-4253-B5D7-AF91577FF546}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () FirewallRules: [UDP Query User{E1FA84E1-0A7A-4DEB-B279-27D873701F24}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () FirewallRules: [{4AA1B0FB-9DA9-4349-A7C6-22D12BFAE2F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{941BA222-8149-4BC0-8E12-47102F0B9670}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{0A0878C1-6340-4292-9FB3-C0F554805E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{E4D17472-F1D6-4590-934A-4E57BAA11E68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{1FEF5AE1-8164-4817-81EC-3FA2961A66AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{3AA4F494-DDEB-4559-945E-2AB5A12C7669}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () FirewallRules: [{8BE97A58-1B31-46C8-91FD-6E0688E0642E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () ==================== Restore Points ========================= 18-12-2018 11:02:48 Windows Update 20-12-2018 11:01:09 Windows Update 23-12-2018 17:00:58 Windows Update 27-12-2018 10:59:41 Windows Update ==================== Faulty Device Manager Devices ============= Name: Hook Test Driver Description: Hook Test Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SDHookDriver Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2018 12:05:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. Error: (12/27/2018 11:27:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. Error: (12/27/2018 09:00:03 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato. . L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente. Operazione: Raccolta dei dati del processo di scrittura Contesto: ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220} Nome del processo di scrittura: System Writer ID dell'istanza del processo di scrittura: {6de53639-05e3-4bb9-9656-3b2b25bdac49} Error: (12/27/2018 08:00:10 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato. . L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente. Operazione: Raccolta dei dati del processo di scrittura Contesto: ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220} Nome del processo di scrittura: System Writer ID dell'istanza del processo di scrittura: {6de53639-05e3-4bb9-9656-3b2b25bdac49} Error: (12/27/2018 06:00:04 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato. . L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente. Operazione: Raccolta dei dati del processo di scrittura Contesto: ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220} Nome del processo di scrittura: System Writer ID dell'istanza del processo di scrittura: {6de53639-05e3-4bb9-9656-3b2b25bdac49} Error: (12/26/2018 06:00:11 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato. . L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente. Operazione: Raccolta dei dati del processo di scrittura Contesto: ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220} Nome del processo di scrittura: System Writer ID dell'istanza del processo di scrittura: {6de53639-05e3-4bb9-9656-3b2b25bdac49} Error: (12/25/2018 11:00:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005, Accesso negato. . L'errore è spesso causato da impostazioni di sicurezza non corrette nel processo di scrittura o richiedente. Operazione: Raccolta dei dati del processo di scrittura Contesto: ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220} Nome del processo di scrittura: System Writer ID dell'istanza del processo di scrittura: {6de53639-05e3-4bb9-9656-3b2b25bdac49} Error: (12/25/2018 07:00:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema. System errors: ============= Error: (12/27/2018 12:04:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio Ottimizzazione avvio terminato con l'errore: Impossibile trovare il file specificato. Error: (12/27/2018 12:03:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: All'avvio non è stato possibile caricare i seguenti driver: SDHookDriver Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio SymTrackService è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio. Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Symantec System Recovery è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio. Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio NVIDIA Network Service. Questo evento si è già verificato 1 volta(e). Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Digital Wave Update Service. Questo evento si è già verificato 1 volta(e). Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio NVIDIA Stereoscopic 3D Driver Service. Questo evento si è già verificato 1 volta(e). Error: (12/27/2018 12:01:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio NVIDIA Streamer Service. Questo evento si è già verificato 1 volta(e). Windows Defender: =================================== Date: 2016-07-07 13:06:17.648 Description: Windows Defender: errore durante il tentativo di aggiornare le firme. Nuova versione firma: Versione firma precedente: Origine aggiornamento:Utente Tipo firma: Tipo aggiornamento: Utente:NT AUTHORITY\SYSTEM Versione modulo corrente: Versione modulo precedente:1.1.12902.0 Codice errore:0x8050a003 Descrizione errore:Il pacchetto non contiene file di definizione aggiornati per il programma. Per ulteriori informazioni, vedere Guida e supporto tecnico. CodeIntegrity: =================================== Date: 2018-01-27 22:37:34.662 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2018-01-27 19:56:18.486 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2018-01-27 19:42:35.409 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2018-01-05 17:37:58.578 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-11-10 13:15:11.093 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-10-31 12:55:30.472 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-10-07 13:25:50.838 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. Date: 2017-10-02 10:53:45.679 Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 945 Processor Percentage of memory in use: 27% Total physical RAM: 16383.09 MB Available physical RAM: 11952.51 MB Total Virtual: 32764.33 MB Available Virtual: 28314.9 MB ==================== Drives ================================ Drive a: (Riservato per il sistema nuovo) (Fixed) (Total:0.22 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)] Drive b: (Riservato per il sistema scorta) (Fixed) (Total:0.22 GB) (Free:0.18 GB) NTFS ==>[system with boot components (obtained from drive)] Drive c: (Windows 7 nuovo) (Fixed) (Total:232.66 GB) (Free:121.18 GB) NTFS Drive d: (Windows 7 di scorta) (Fixed) (Total:232.66 GB) (Free:136.08 GB) NTFS Drive e: (Download) (Fixed) (Total:1608.14 GB) (Free:659.93 GB) NTFS Drive f: (Backup) (Fixed) (Total:1058.18 GB) (Free:881.95 GB) NTFS Drive g: (Sharing varie USB (1 Tb)) (Fixed) (Total:931.51 GB) (Free:397.61 GB) NTFS Drive h: (Sharing mmedia USB 1 (2 Tb)) (Fixed) (Total:1863.01 GB) (Free:1055.16 GB) NTFS Drive i: (Sharing mmedia USB 2 (2 Tb)) (Fixed) (Total:1863.01 GB) (Free:1252.38 GB) NTFS Drive j: (Sharing Tv Live) (Fixed) (Total:3725.99 GB) (Free:477.31 GB) NTFS Drive x: (Windows 10 2018) (Fixed) (Total:130.5 GB) (Free:62.47 GB) NTFS Drive y: (Windows 10 2015) (Fixed) (Total:128.2 GB) (Free:87.01 GB) NTFS Drive z: (Backup e Storage) (Fixed) (Total:1732.04 GB) (Free:217.95 GB) NTFS \\?\Volume{aa27ddcc-0158-11e9-86c0-806e6f6e6963}\ () (Fixed) (Total:0.48 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: D24AB6A8) Partition 1: (Active) - (Size=224 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 75982FCD) Partition 1: (Active) - (Size=224 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 081DA246) Partition 1: (Not Active) - (Size=1732 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=130.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=490 MB) - (Type=27) ======================================================== Disk: 3 (Size: 2794.5 GB) (Disk ID: 00012CBA) Partition: GPT. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B7312BCA) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 4C31F550) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: F1884CB0) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================