Jump to content


Photo

Some problems found after a check


  • Please log in to reply
2 replies to this topic

#1 emanuele

emanuele

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 130 posts

Posted 25 June 2018 - 11:16 AM

Hi every bodies

I'm supposed to be infected as, after a  first check, I've been warned of some suspicious files/threats found after the scan.

 

here you are the logs

 

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 25/06/18
Ora scansione: 13:16
File di log: 2d0ef06c-7869-11e8-9170-78843c05793d.json
Amministratore: Sì

-Informazioni software-
Versione: 3.5.1.2522
Versione componenti: 1.0.374
Aggiorna versione pacchetto: 1.0.5615
Licenza: Trial

-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: User-PC\User

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 299726
Minacce rilevate: 23
Minacce messe in quarantena: 23
Tempo impiegato: 8 min, 27 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 2
PUP.Optional.WinYahoo.TskLnk, C:\USERS\USER\APPDATA\LOCAL\{13C52599-376D-4921-5AF5-6CC97E9D9051}, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\USERS\USER\APPDATA\LOCAL\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}, In quarantena, [3735], [484244],1.0.5615

File: 21
PUP.Optional.WinYahoo.TskLnk, C:\USERS\USER\APPDATA\LOCAL\{13C52599-376D-4921-5AF5-6CC97E9D9051}\dide, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\bapi.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\bapi_ff.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\bapi_ie.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\face.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\install.log, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\naca.cfg, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\rela, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\sere, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\Sqlite3.dll, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\uninst.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\uninst.exe, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{13C52599-376D-4921-5AF5-6CC97E9D9051}\uninstp.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\USERS\USER\APPDATA\LOCAL\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\dide, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\bapi.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\install.log, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\raro, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\rela, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\Sqlite3.dll, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\uninst.dat, In quarantena, [3735], [484244],1.0.5615
PUP.Optional.WinYahoo.TskLnk, C:\Users\User\AppData\Local\{93C6A59A-B76E-C922-DAF6-ECCAFE9E1052}\uninst.exe, In quarantena, [3735], [484244],1.0.5615

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 18th June, 2018
Running from:C:\Users\User\Desktop (13:49:08 - 06/25/2018)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avira Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Avira Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (30.0.0.113)
Adobe Acrobat Reader DC (18.011.20040)
Google Chrome (67.0.3396.87)
Malwarebytes (3.5.1.2522)
Mozilla Firefox (61.0)

***----------------Analysis Complete-------------------------***

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by User (25-06-2018 13:45:29)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-06 15:01:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3829217399-1299044065-972332794-500 - Administrator - Disabled)
Alessia (S-1-5-21-3829217399-1299044065-972332794-1004 - Limited - Enabled) => C:\Users\Alessia
Guest (S-1-5-21-3829217399-1299044065-972332794-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3829217399-1299044065-972332794-1002 - Limited - Enabled)
Ilenia (S-1-5-21-3829217399-1299044065-972332794-1003 - Limited - Enabled) => C:\Users\Ilenia
User (S-1-5-21-3829217399-1299044065-972332794-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{B9896689-DF51-4A16-AAD5-002622D86C72}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{B9896689-DF51-4A16-AAD5-002622D86C72}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{741A792D-4ED8-4C66-B32E-A47865FA1163}) (Version:  - Microsoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{606c7b25-e58d-4e72-82dd-4a0e4e163086}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C7FA948A-FC14-4316-92DC-23AF70C55A10}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.200 - Avira Operations GmbH & Co. KG)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Erickson - Scacco matto (HKLM-x32\...\Scacco matto) (Version: 1.0 - Edizioni Centro Studi Erickson)
Erickson - Scacco matto 2 (HKU\S-1-5-21-3829217399-1299044065-972332794-1000\...\Scacco matto 2) (Version: 1.0 - Edizioni Centro Studi Erickson)
Erickson - Scacco matto 2 (HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999\...\Scacco matto 2) (Version: 1.0 - Edizioni Centro Studi Erickson)
Erickson - Scacco matto 2 (HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030\...\Scacco matto 2) (Version: 1.0 - Edizioni Centro Studi Erickson)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Plus B210 series ? (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Software di base dispositivo (HKLM\...\{D2A2A5DF-B14A-4C57-B9C7-4F0F31C5C3A9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Studio per il miglioramento dei prodotti HP (HKLM\...\{231B57B5-ACB9-46FD-9737-EF96F1B7204F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Malwarebytes versione 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NinjaTrader 7 (HKLM-x32\...\{79D6E936-FD0C-4213-9A2B-3955CE618101}) (Version: 7.0.1031 - NinjaTrader)
NinjaTrader 8 (HKLM-x32\...\{0A11BC9C-44FF-4CD6-AFBF-898947B74EF9}) (Version: 8.0.6.1 - NinjaTrader, LLC)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.23.2-r122830-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.8-r120085-release - Raptr, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3829217399-1299044065-972332794-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-19] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-06-02] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-06-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-02-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-19] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-06-02] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {166D8F48-3D1E-4BA9-9FBF-420793EF3127} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {43975BC0-DAEB-4618-83AF-2F21AF76E174} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {57F2CE92-A1F0-4516-8DA8-1E682AA4ABD0} - System32\Tasks\{9F4C3308-D484-4A05-90D3-B834B04309BF} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {669F7342-B146-4CB4-8012-FDC88C34FB11} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {95AE8AA5-575B-41BB-93B2-F4DA3FC76A16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {A63D4FA8-C9C0-4723-B568-96D08066F4B5} - \Avira\System Speedup\Delayed Startup\User\2 -> No File <==== ATTENTION
Task: {AB36C5A6-C6F0-4CCA-942B-E324616CBEC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {AFFE0232-F762-46B4-8D46-210C1B65859D} - System32\Tasks\{1FE66984-69A5-4F70-ABD7-12F8B1925B88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\F-Secure\Uninstall\fsuninst.exe" -c /UninstRegKey:"F-Secure Anti-Virus"
Task: {B282D3DC-466D-46EA-99C7-912D2369AFAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B7243EDD-BB7B-4A53-BFA0-5E0B24CAA66D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C0501A77-96F5-4046-9F21-F43B39CDA575} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-06-19] (Avira Operations GmbH & Co. KG)
Task: {C868B980-72C6-48A3-AEFF-A9B77C84CE15} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-25 13:14 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-25 13:14 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-05-10 22:43 - 2017-05-10 22:43 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-05-10 22:43 - 2017-05-10 22:43 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-05-10 22:43 - 2017-05-10 22:43 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-05-10 22:43 - 2017-05-10 22:43 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3829217399-1299044065-972332794-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3829217399-1299044065-972332794-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06252018131708133\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilenia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131646940\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilenia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131700396\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilenia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06252018131710975\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131647089\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131701227\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BB285D1A-A54D-4B5A-88A5-0BC65162D060}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F8DC7A4D-7901-4AB2-94BA-B90E941EEB43}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FB0CFA63-1959-45ED-9CD3-43E06EEE0B9A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4E953BCE-3F43-466E-A02E-A5E30D358A21}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B16B0D0D-F7BF-4099-854F-4EE74980FEDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{982CBF85-244D-4F81-A5C3-FB16F8CDCE0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{75E15656-F74E-4AC1-B5F4-0E80C1D1422A}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [UDP Query User{360EAADF-7A77-4E30-9B85-EFF45E731D3A}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [TCP Query User{2957D579-A338-4197-B6A6-D89B8CA372B9}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{D11C52D3-88A3-4494-B576-FF7A00261849}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [{48B40E1A-856C-4189-9100-8F38D04FF61B}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{719DAC67-013C-4A57-9CBE-6B3D4CA20139}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A22CAABF-5450-4300-A624-DD049A4FEE76}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D67156BA-C6C7-454E-B850-5A46E885D3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5610F88E-A7A9-4EFD-BDD2-3B776E8ABC9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D80510EB-1EB2-45DD-847F-39F533AB8106}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{77D2D0E7-5DE6-430A-9394-2C0BD0F3DBCD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [{408C05ED-E2F1-4A18-BD93-3EEFF84CA774}] => (Allow) C:\Users\User\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A9F963C9-EBD1-49F6-AEE3-89C515F4D393}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{ADC66AF0-695C-4955-834D-CCA2864864D0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FFC02768-13B3-4B58-9E2A-0585A4599B87}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E66264C8-B294-405F-9B45-4EF0F5F1CB06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C1724E7D-54EA-4E3B-B8B9-561810EED7C2}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{40F19396-0745-458A-8F3B-FD990C564D2C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FE686934-0BD1-4109-82E1-D9FCCE665203}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FD7C65E4-1B71-487E-8B92-3B519FD67AC1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{90A380B8-8A10-4956-9248-32763318165F}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [UDP Query User{33369366-0D03-444A-95FA-D4918964633F}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [TCP Query User{7B5BA8C6-AA9B-4F29-B7C8-452C83AD3CD8}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{7AA53917-E057-44B9-BB61-870243AE7583}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{1679B7F5-FCA1-4682-99E0-4DD761197C3B}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [{32AF8DEE-6B28-4895-A056-CD6263672380}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B94063A3-BDD8-4BF3-8E1A-27D67EE6E187}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37A02140-138C-46CD-9AEB-AE6D6AC0E2F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-06-2018 11:27:17 Windows Update
15-06-2018 23:51:06 Windows Update
16-06-2018 01:21:58 Windows Update
17-06-2018 00:02:53 Windows Update
18-06-2018 14:57:39 Windows Update
19-06-2018 10:29:49 Windows Update
22-06-2018 10:09:05 Windows Update
23-06-2018 14:02:05 Windows Update

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Periferica sistema di base
Description: Periferica sistema di base
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2018 01:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: cnext.exe, versione: 10.1.1.1522, timestamp: 0x56d0b595
Nome del modulo che ha generato l'errore: Qt5Qml.dll, versione: 5.5.0.0, timestamp: 0x558c716c
Codice eccezione: 0xc0000005
Offset errore 0x00000000001d9f32
ID processo che ha generato l'errore: 0x79c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d40c6665b79c68
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\cnext.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
ID segnalazione: 0564dae5-7869-11e8-a89e-889ffae42aee

Error: (06/25/2018 11:55:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema ha impedito l'invio a Microsoft dei dati di Analisi utilizzo software (errore 80004005).

Error: (06/25/2018 11:26:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (06/23/2018 05:19:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: cnext.exe, versione: 10.1.1.1522, timestamp: 0x56d0b595
Nome del modulo che ha generato l'errore: Qt5Qml.dll, versione: 5.5.0.0, timestamp: 0x558c716c
Codice eccezione: 0xc0000005
Offset errore 0x00000000001d9f32
ID processo che ha generato l'errore: 0x78c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d40b040aab74f5
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\cnext.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
ID segnalazione: d0e8aa46-76f8-11e8-9d9f-889ffae42aee

Error: (06/23/2018 05:10:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (06/23/2018 12:08:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema ha impedito l'invio a Microsoft dei dati di Analisi utilizzo software (errore 80004005).

Error: (06/22/2018 11:06:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema ha impedito l'invio a Microsoft dei dati di Analisi utilizzo software (errore 80004005).

Error: (06/22/2018 12:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: cnext.exe, versione: 10.1.1.1522, timestamp: 0x56d0b595
Nome del modulo che ha generato l'errore: Qt5Qml.dll, versione: 5.5.0.0, timestamp: 0x558c716c
Codice eccezione: 0xc000041d
Offset errore 0x00000000001d9f32
ID processo che ha generato l'errore: 0x77c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d40a0febbf71cf
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\cnext.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
ID segnalazione: 0d8af603-7607-11e8-8558-889ffae42aee


System errors:
=============
Error: (06/25/2018 11:25:15 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Tcp dipende dal servizio was, che potrebbe non essere installato.

Error: (06/25/2018 11:25:15 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Pipe dipende dal servizio was, che potrebbe non essere installato.

Error: (06/25/2018 11:25:15 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Msmq dipende dal servizio msmq, che potrebbe non essere installato.

Error: (06/23/2018 05:15:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Windows Update bloccato in partenza.

Error: (06/23/2018 05:08:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Tcp dipende dal servizio was, che potrebbe non essere installato.

Error: (06/23/2018 05:08:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Pipe dipende dal servizio was, che potrebbe non essere installato.

Error: (06/23/2018 05:08:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Msmq dipende dal servizio msmq, che potrebbe non essere installato.

Error: (06/23/2018 02:05:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: 2018-06 Aggiornamento cumulativo mensile di sicurezza per Windows 7 per sistemi x64 (KB4284826).


Windows Defender:
===================================
Date: 2017-02-11 21:02:41.540
Description:
Windows Defender: analisi interrotta prima del completamento.
ID analisi:{960FFBE5-A51E-4B6B-8996-11118C3B83D9}
Tipo analisi:Antispyware
Parametri analisi:Analisi veloce
Utente:User-PC\User

Date: 2016-08-23 08:53:25.110
Description:
Windows Defender: analisi interrotta prima del completamento.
ID analisi:{70FE85A8-BDC3-467A-B4BB-F1C26ADFA584}
Tipo analisi:Antispyware
Parametri analisi:Analisi veloce
Utente:NT AUTHORITY\SERVIZIO DI RETE

CodeIntegrity:
===================================

Date: 2018-06-25 13:44:11.803
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:10.992
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:10.134
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:09.338
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:08.387
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:07.045
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:05.033
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2018-06-25 13:44:03.722
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 54%
Total physical RAM: 3950.1 MB
Available physical RAM: 1790.22 MB
Total Virtual: 7898.38 MB
Available Virtual: 5231.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:388.99 GB) NTFS
Drive d: (IT) (CDROM) (Total:7.82 GB) (Free:0 GB) UDF

\\?\Volume{4869cd54-3c4a-11e5-b930-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7B696971)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,224 posts

Posted 26 June 2018 - 05:10 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the FRST.txt log created by the Farbar program.
I need to review it.
===

I've been warned of some suspicious files/threats found after the scan.

Can you quote the exact message. It may help identify the issue.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 emanuele

emanuele

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 130 posts

Posted 28 June 2018 - 01:19 PM

Hello nasdaq

 

here you are the log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by User (administrator) on USER-PC (25-06-2018 13:42:13)
Running from C:\Users\User\Desktop
Loaded Profiles: User &  (Available Profiles: User & Ilenia & Alessia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exea
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-05-30] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3829217399-1299044065-972332794-1000\...\MountPoints2: {e9dc9047-1871-11e6-b5b6-78843c05793d} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999\...\MountPoints2: {e9dc9047-1871-11e6-b5b6-78843c05793d} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030\...\MountPoints2: {e9dc9047-1871-11e6-b5b6-78843c05793d} - E:\Windows\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aggiorna Notifier.lnk [2016-08-12]
ShortcutTarget: Aggiorna Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-08-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-08-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitora avvisi inchiostro - HP Photosmart Plus B210 series.lnk [2018-06-25]
ShortcutTarget: Monitora avvisi inchiostro - HP Photosmart Plus B210 series.lnk -> C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7BE067D3-0A34-472E-9884-00E737A9B60A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3829217399-1299044065-972332794-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-6c6643b2
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-6c6643b2
HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-6c6643b2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131645999 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131658030 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06252018131710975 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131647089 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3829217399-1299044065-972332794-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06252018131701227 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kfpyohai.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kfpyohai.default [2018-06-25]
FF Homepage: Mozilla\Firefox\Profiles\kfpyohai.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\kfpyohai.default -> about:newtab
FF Extension: (Sicurezza browser Avira) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kfpyohai.default\Extensions\abs@avira.com.xpi [2018-06-02]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kfpyohai.default\searchplugins\bing search engine.xml [2016-11-27]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-23] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-08] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-06-19]
CHR Extension: (Presentazioni) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-18]
CHR Extension: (Documenti) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-18]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
CHR Extension: (Fogli) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-18]
CHR Extension: (Google Documenti offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [879128 2018-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [224472 2018-06-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [224472 2018-06-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-06-19] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [452352 2018-05-30] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-05-10] (Copyright © 2017 Plays.tv, LLC)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-20] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199912 2018-05-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153552 2018-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-29] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R1 FSES; C:\Windows\System32\drivers\fses.sys [44328 2015-06-11] (F-Secure Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-25] (Malwarebytes)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-25 13:42 - 2018-06-25 13:44 - 000014643 _____ C:\Users\User\Desktop\FRST.txt
2018-06-25 13:41 - 2018-06-25 13:42 - 000000000 ____D C:\FRST
2018-06-25 13:40 - 2018-06-25 13:40 - 002412544 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-06-25 13:15 - 2018-06-25 13:16 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-25 13:15 - 2018-06-25 13:15 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-25 13:15 - 2018-06-25 13:15 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-25 13:15 - 2018-06-25 13:15 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-25 13:15 - 2018-06-25 13:15 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-25 13:14 - 2018-06-25 13:14 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-25 13:14 - 2018-06-25 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-25 13:14 - 2018-06-25 13:14 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-25 13:14 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-25 12:44 - 2018-06-25 12:45 - 072879848 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5609.exe
2018-06-08 18:08 - 2018-06-08 18:08 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-25 13:38 - 2017-06-19 16:37 - 000000000 ____D C:\Users\User\Desktop\ANTIVIRUS
2018-06-25 13:36 - 2017-10-19 18:23 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-06-25 13:14 - 2016-06-03 12:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-25 11:34 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-25 11:34 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-25 11:26 - 2016-09-24 23:29 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-06-25 11:24 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-23 17:08 - 2017-05-01 09:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-23 17:08 - 2015-09-11 13:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-19 12:37 - 2016-09-23 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-06-18 14:57 - 2011-04-12 12:49 - 000743928 _____ C:\Windows\system32\perfh010.dat
2018-06-18 14:57 - 2011-04-12 12:49 - 000148548 _____ C:\Windows\system32\perfc010.dat
2018-06-18 14:57 - 2009-07-14 07:13 - 001667672 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-18 14:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-15 11:39 - 2017-03-02 22:48 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 11:33 - 2017-10-17 20:16 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 11:32 - 2017-03-02 22:48 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-14 21:05 - 2015-09-07 10:58 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 21:05 - 2015-09-07 10:58 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 09:07 - 2015-09-07 14:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-08 18:56 - 2018-05-09 18:36 - 000004606 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-08 18:56 - 2017-04-24 20:46 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-08 18:56 - 2017-04-24 20:46 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-08 18:56 - 2017-04-24 20:46 - 000004472 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-08 18:55 - 2017-04-24 20:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-08 18:55 - 2017-04-24 20:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-05 19:21 - 2016-07-20 22:03 - 000000000 ____D C:\Windows\Minidump
2018-06-05 19:20 - 2015-08-06 16:49 - 000269738 ____N C:\Windows\Minidump\060518-28282-01.dmp
2018-06-03 19:19 - 2015-08-06 17:01 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-05-29 14:11 - 2015-08-06 16:49 - 000269738 ____N C:\Windows\Minidump\052918-29718-01.dmp
2018-05-26 21:29 - 2017-02-11 22:18 - 000153552 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-05-26 20:27 - 2017-04-24 20:56 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-05-26 20:26 - 2017-04-24 20:46 - 000000000 ____D C:\Program Files\TrueKey
2018-05-26 20:26 - 2015-08-06 16:49 - 000269738 ____N C:\Windows\Minidump\052618-29468-01.dmp

==================== Files in the root of some directories =======

2017-04-03 14:48 - 2016-08-12 13:48 - 000000512 _____ () C:\Users\User\AppData\Roaming\install.log
2016-08-23 08:49 - 2016-08-23 08:49 - 002443284 _____ () C:\Users\User\AppData\Roaming\sb813.dat
2016-08-12 14:48 - 2017-04-18 14:19 - 000000306 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2017-06-20 00:41 - 2017-06-20 00:41 - 000121711 _____ () C:\Users\User\AppData\Local\ars.cache
2017-06-20 00:41 - 2017-06-20 00:41 - 000254003 _____ () C:\Users\User\AppData\Local\census.cache
2017-06-19 19:15 - 2017-06-19 19:15 - 000000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-19 23:50

==================== End of FRST.txt ============================






Member of UNITE
Support SpywareInfo Forum - click the button