Jump to content

Removal Malware


Go to solution Solved by kevinf80,

Recommended Posts

Hello macholav and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... Before running FRST.exe right click direct on the tool, select "rename" Now add "English" to the name so you have FRSTEnglish.exe
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Thanks for your support.

This are the reports.

 

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 13/01/21
Ora scansione: 23:09
File di log: fc9dcdfa-55eb-11eb-9dda-60a44c31b52c.json

-Informazioni software-
Versione: 4.3.0.98
Versione componenti: 1.0.1130
Aggiorna versione pacchetto: 1.0.35691
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 19041.685)
CPU: x64
File system: NTFS
Utente: DESKTOP-II21I5O\humus

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 277229
Minacce rilevate: 1
Minacce messe in quarantena: 0
Tempo impiegato: 15 min, 1 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 1
PUP.Optional.Babylon, C:\USERS\HUMUS\DOWNLOADS\UNLOCKER-1-9-2.ZIP, Nessuna azione intrapresa, 52, 677189, 1.0.35691, , ame, , E560AF917B573BE4B3E16877C7E2667D, 57BDFB9BDE70C7384C25564F8C878AFD8CDACFC199BD0C5711D41BC2F884C5B3

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

------------------------------------------------------------------------------------------------------------------------------------------------

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build:    01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-14-2021
# Duration: 00:00:11
# OS:       Windows 10 Pro
# Cleaned:  7
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

Deleted       User-Agent Switcher for Chrome - djflhoibgkdhkhhcedjiklpkjnoahfmg

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1991 octets] - [14/01/2021 10:47:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

-----------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by humus (administrator) on DESKTOP-II21I5O (14-01-2021 11:03:53)
Running from C:\Users\humus\Desktop
Loaded Profiles: humus
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: Italiano (Italia)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Beijing Pu Technology Limited -> EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
(Luminati Networks -> Luminati Networks Ltd.) C:\Program Files (x86)\EagleGet\net_updater32.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18012288 2020-10-28] (Winstep Software Technologies) [File not signed]
HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\...\Run: [btweb] => "C:\Users\humus\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED
HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [2550784 2020-05-18] (Beijing Pu Technology Limited -> EagleGet.com)
HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\...\Run: [WondershareFilmoraX] => C:\Users\humus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare Filmora X\WondershareFilmoraX.exe [572570032 2020-11-23] (Wondershare Technology Co.,Ltd -> ) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
IFEO\winlogon.exe: [VerifierDlls] SecureUxTheme.dll
Startup: C:\Users\humus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2020-11-13]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060FF9F6-7F5D-4875-BB55-D02C0EB96B04} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {242FEE32-784D-4644-854E-42679D99D336} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {2952E6A2-4E8C-496A-B573-335B8B9A2BF8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-11-03] () [File not signed]
Task: {330BE3B0-D949-4902-A5FB-DD6C66BDA3D7} - System32\Tasks\SpyHunter4Startup => C:\Users\humus\Desktop\SpyHunter.Malware.Security.Suite.v4.25.6.4782.Portable.Multilingua-iCV-CreW\SpyHunter.Malware.Security.Suite.v4.25.6.4782.Portable.Multilingua-iCV-CreW\App\SpyHunter\SpyHunter4.exe [8190632 2017-03-10] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.) [File not signed]
Task: {41843DD2-4829-4EF8-BBF4-4DF7711006E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {446A8724-17E5-4438-B190-46EFC2440A45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {5AF63519-EAD9-4DAC-AE45-391BB697CAE3} - System32\Tasks\S1aKWUGgDef => c:\users\humus\AppData\Roaming\\aKWUGgDef\Xqekmsf.exe [147456 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> /E:vbscript c:\users\humus\AppData\Roaming\\aKWUGgDef\YJsizFrj.txt"
Task: {B5D8F5E5-AE34-453D-A8F3-536881BCC1DD} - System32\Tasks\S0zNbOGCunk => c:\users\humus\AppData\Roaming\\zNbOGCunk\usCbXR.exe [147456 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> /E:vbscript c:\users\humus\AppData\Roaming\\zNbOGCunk\YZsXqbgu.txt"
Task: {D0A3CE75-ACC8-49F7-94A7-E630A766154B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df2924ae-d4ef-4182-b964-2529c8817788}: [DhcpNameServer] 192.168.1.1

Edge: 
======
Edge Profile: C:\Users\humus\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-13]
Edge HomePage: Default -> hxxp://www.google.it/
Edge StartupUrls: Default -> "hxxp://www.google.it/"
Edge Extension: (Free Download Manager) - C:\Users\humus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2020-10-19]
Edge Extension: (User-Agent Switcher for Chrome) - C:\Users\humus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2020-10-19]
Edge Extension: (EagleGet Free Downloader) - C:\Users\humus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2020-10-19]
Edge Extension: (AdBlock: il miglior ad-blocker di sempre) - C:\Users\humus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-01-03]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3525202431-2914417468-3122384875-1004: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2017-12-03] (Beijing Jiupu Technology Co., Ltd. -> EagleGet)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default [2021-01-14]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Extension: (Presentazioni) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-19]
CHR Extension: (Documenti) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-19]
CHR Extension: (Google Drive) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]
CHR Extension: (YouTube) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-19]
CHR Extension: (Fogli) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-19]
CHR Extension: (Documenti Google offline) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (AdBlock: il miglior ad-blocker di sempre) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-17]
CHR Extension: (Copia e Incolla in Office Online) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2020-11-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-12]
CHR Extension: (EagleGet Free Downloader) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2020-10-24]
CHR Extension: (Nord-PaleBlue) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcceekhafchajfniillcmjllbccnbbpp [2020-11-13]
CHR Extension: (Instagram) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\maonlnecdeecdljpahhnnlmhbmalehlm [2020-10-19]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-10-19]
CHR Extension: (Gmail) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\humus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR Profile: C:\Users\humus\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-31]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-10-24]
CHR HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2020-10-24]
CHR HKU\S-1-5-21-3525202431-2914417468-3122384875-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [340480 2020-05-18] (Beijing Pu Technology Limited -> )
R2 luminati_net_updater_win_eagleget_com; C:\Program Files (x86)\EagleGet\net_updater32.exe [5454160 2020-12-10] (Luminati Networks -> Luminati Networks Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-12] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService.exe [777216 2019-10-29] (Winstep Software Technologies) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [86520 2019-08-03] (Beijing Pu Technology Limited -> eagleGet)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-12] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-14] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2021-01-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [139424 2021-01-14] (Malwarebytes Inc -> Malwarebytes)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-14 11:03 - 2021-01-14 11:05 - 000015939 _____ C:\Users\humus\Desktop\FRST.txt
2021-01-14 11:00 - 2021-01-14 11:05 - 000000000 ____D C:\FRST
2021-01-14 10:59 - 2021-01-09 14:11 - 002281472 _____ (Farbar) C:\Users\humus\Desktop\FRSTEnglish.exe.exe
2021-01-14 10:50 - 2021-01-14 10:50 - 000002049 _____ C:\Users\humus\Desktop\AdwCleaner[C00].txt
2021-01-14 10:32 - 2021-01-14 10:32 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-14 10:32 - 2021-01-14 10:32 - 000139424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-14 10:32 - 2021-01-14 10:32 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-13 23:26 - 2021-01-13 23:26 - 000001609 _____ C:\Users\humus\Desktop\risultati scansione.txt
2021-01-13 23:19 - 2021-01-14 10:48 - 000000000 ____D C:\AdwCleaner
2021-01-13 23:17 - 2021-01-13 23:18 - 008458096 _____ (Malwarebytes) C:\Users\humus\Desktop\adwcleaner_8.0.9.exe
2021-01-13 23:17 - 2021-01-13 23:17 - 002086424 _____ (Malwarebytes) C:\Users\humus\Downloads\MBSetup (2).exe
2021-01-13 23:04 - 2021-01-13 23:04 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-13 20:53 - 2021-01-13 20:53 - 000000761 _____ C:\Users\humus\Documents\Report.txt
2021-01-13 14:08 - 2021-01-13 14:08 - 000003173 _____ C:\Users\humus\Desktop\SpyHunter4 - collegamento.lnk
2021-01-13 13:29 - 2021-01-13 14:30 - 000003656 _____ C:\Windows\system32\Tasks\SpyHunter4Startup
2021-01-13 13:29 - 2017-03-10 20:38 - 000025768 _____ C:\Windows\SysWOW64\sh4native.exe
2021-01-13 13:27 - 2021-01-13 13:27 - 000013256 _____ C:\spyhunter.fix
2021-01-13 13:27 - 2021-01-13 13:27 - 000000000 ___HD C:\eSEea3CaHfAR85Y2
2021-01-13 13:25 - 2021-01-14 10:53 - 000000000 ____D C:\Users\humus\AppData\Roaming\aKWUGgDef
2021-01-13 13:25 - 2021-01-13 13:25 - 000003788 _____ C:\Windows\system32\Tasks\S1aKWUGgDef
2021-01-13 13:25 - 2021-01-13 13:25 - 000000000 ____D C:\Users\humus\AppData\Roaming\LclJiRvhkF
2021-01-13 11:44 - 2021-01-13 11:44 - 000000000 ____D C:\Users\humus\Desktop\SpyHunter.Malware.Security.Suite.v4.25.6.4782.Portable.Multilingua-iCV-CreW
2021-01-13 11:42 - 2021-01-13 11:42 - 000000000 ____D C:\Windows\system32\appmgmt
2021-01-13 11:42 - 2021-01-13 11:42 - 000000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2021-01-13 11:03 - 2021-01-13 11:03 - 000000761 _____ C:\Users\humus\Desktop\Report Malware.txt
2021-01-13 10:34 - 2021-01-13 10:34 - 000000366 _____ C:\Users\humus\Desktop\Ethernet - collegamento.lnk
2021-01-13 09:53 - 2021-01-13 09:53 - 000000000 _____ C:\autoexec.bat
2021-01-13 09:49 - 2021-01-13 09:49 - 000000000 ____D C:\Program Files (x86)\Enigma Software Group
2021-01-13 09:43 - 2021-01-13 09:43 - 000000000 ____D C:\Users\humus\Downloads\SpyHunter 4.10.5.4085 Incl Patch [NepsterJay]
2021-01-13 09:42 - 2021-01-13 14:30 - 000000000 ____D C:\Users\humus\AppData\Local\CrashDumps
2021-01-13 09:42 - 2021-01-13 09:43 - 000000000 ____D C:\Users\humus\AppData\LocalLow\BitTorrent
2021-01-13 09:20 - 2021-01-13 09:20 - 000000000 ____D C:\Users\humus\Downloads\SpyHunter 4.1.11.0 + Crack
2021-01-13 09:19 - 2021-01-13 09:21 - 031924920 ____R C:\Users\humus\Downloads\SpyHunter 4.10.5.4085 Incl Patch [NepsterJay].rar
2021-01-12 22:41 - 2021-01-12 22:41 - 000000000 ____D C:\Users\humus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2021-01-12 22:41 - 2021-01-12 22:41 - 000000000 ____D C:\Program Files\Unlocker
2021-01-12 22:40 - 2021-01-12 22:40 - 000221696 _____ C:\Users\humus\Desktop\ThemeTool.exe
2021-01-12 22:37 - 2021-01-12 22:39 - 000000000 ____D C:\Users\humus\Downloads\unlocker-1-9-2
2021-01-12 20:35 - 2021-01-12 20:35 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\31572658.sys
2021-01-12 20:34 - 2021-01-12 20:57 - 000000000 ____D C:\Users\humus\Desktop\mbar
2021-01-12 20:34 - 2021-01-12 20:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-12 20:33 - 2021-01-12 20:33 - 014178840 _____ (Malwarebytes Corp.) C:\Users\humus\Downloads\mbar-1.10.3.1001.exe
2021-01-12 20:33 - 2021-01-12 20:33 - 002086424 _____ (Malwarebytes) C:\Users\humus\Downloads\MBSetup (1).exe
2021-01-12 20:15 - 2021-01-12 20:15 - 000000000 ____D C:\Users\humus\AppData\Local\mbam
2021-01-12 20:14 - 2021-01-12 20:14 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-12 20:14 - 2021-01-12 20:14 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-12 20:14 - 2021-01-12 20:14 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-12 20:14 - 2021-01-12 20:14 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-12 20:14 - 2021-01-12 20:13 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-12 20:14 - 2021-01-12 20:13 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-12 20:13 - 2021-01-12 20:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-12 20:12 - 2021-01-12 20:12 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-12 20:11 - 2021-01-12 20:12 - 002086424 _____ (Malwarebytes) C:\Users\humus\Downloads\MBSetup.exe
2021-01-12 17:12 - 2021-01-13 13:31 - 000000000 ____D C:\Users\humus\AppData\Roaming\60-A4-
2021-01-12 15:00 - 2021-01-12 15:00 - 000000146 _____ C:\Users\humus\Downloads\VSNLDE33E66C794R.csv
2021-01-12 14:55 - 2021-01-13 13:25 - 000002774 _____ C:\Windows\system32\Tasks\S0zNbOGCunk
2021-01-12 14:55 - 2021-01-13 13:25 - 000000000 ____D C:\Users\humus\AppData\Roaming\zNbOGCunk
2021-01-08 14:38 - 2021-01-08 14:38 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe DNG Converter.lnk
2021-01-08 11:58 - 2021-01-08 14:18 - 000000000 ____D C:\Users\humus\Documents\LRTimelapse
2021-01-08 10:54 - 2021-01-08 10:54 - 000000000 ____D C:\Users\humus\Documents\LrClassicLogs
2021-01-07 22:06 - 2021-01-07 22:06 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2021-01-07 21:58 - 2021-01-07 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-01-07 21:17 - 2021-01-07 21:48 - 000000000 ____D C:\Users\humus\AppData\Roaming\LRTimelapse
2021-01-07 21:16 - 2021-01-07 21:16 - 000000000 ____D C:\Users\humus\AppData\Roaming\Sun
2021-01-07 21:15 - 2021-01-07 21:15 - 000192168 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-01-07 21:15 - 2021-01-07 21:15 - 000000000 ____D C:\ProgramData\Oracle
2021-01-07 21:15 - 2021-01-07 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-01-07 21:15 - 2021-01-07 21:15 - 000000000 ____D C:\Program Files\Java
2021-01-07 21:14 - 2021-01-07 21:14 - 000000000 ____D C:\Users\humus\AppData\LocalLow\Sun
2021-01-07 21:13 - 2021-01-07 21:14 - 083364488 _____ (Oracle Corporation) C:\Users\humus\Downloads\jre-8u271-windows-x64.exe
2021-01-07 21:11 - 2021-01-07 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LRTimelapse 4
2021-01-07 21:11 - 2021-01-07 21:17 - 000000000 ____D C:\Program Files (x86)\LRTimelapse 4
2021-01-07 21:06 - 2021-01-07 21:07 - 092128746 ____R C:\Users\humus\Downloads\LRTimelapse pro 4.2.exe
2021-01-05 15:15 - 2021-01-05 15:15 - 000018702 _____ C:\Users\humus\Desktop\QR D-Flight.pfi
2021-01-05 15:15 - 2021-01-05 15:15 - 000007826 _____ C:\Users\humus\Documents\QR Code DFlight.bc
2021-01-05 14:36 - 2021-01-05 14:36 - 000002171 _____ C:\Users\Public\Desktop\QR-Code Studio 2.0.lnk
2021-01-05 14:36 - 2021-01-05 14:36 - 000002171 _____ C:\ProgramData\Desktop\QR-Code Studio 2.0.lnk
2021-01-05 14:36 - 2021-01-05 14:36 - 000000000 ____D C:\ProgramData\TEC-IT
2021-01-05 14:36 - 2021-01-05 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEC-IT QR-Code Studio 2.0
2021-01-05 14:36 - 2021-01-05 14:36 - 000000000 ____D C:\Program Files (x86)\TEC-IT
2021-01-05 11:45 - 2021-01-05 11:45 - 000056109 _____ C:\Users\humus\Desktop\D-Flight.pdf
2021-01-05 11:45 - 2021-01-05 11:45 - 000036188 _____ C:\Users\humus\Desktop\Senza nome 1.odt
2021-01-04 21:40 - 2021-01-04 21:41 - 000288413 _____ C:\Users\humus\Documents\Regolamento_UAS-IT_040121_0.pdf
2020-12-29 13:40 - 2020-12-29 13:40 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2020-12-29 12:26 - 2020-12-29 12:26 - 000000000 ____D C:\ProgramData\Wondershare
2020-12-29 12:25 - 2021-01-14 10:36 - 000000000 ___HD C:\Users\humus\AppData\Roaming\VR
2020-12-29 12:25 - 2020-12-29 12:25 - 000000016 _____ C:\ProgramData\mntemp
2020-12-29 12:25 - 2020-12-29 12:25 - 000000000 ____D C:\Users\humus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare Filmora X
2020-12-29 12:16 - 2020-12-29 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-12-29 12:11 - 2020-12-29 12:11 - 000000000 ____D C:\Users\humus\Documents\Wondershare
2020-12-29 11:17 - 2020-12-29 11:21 - 000000000 ____D C:\Users\humus\Downloads\Wondershare Filmora X v10.0.2.1 (x64) Multilingual.Crack
2020-12-28 21:01 - 2020-12-28 21:08 - 274631230 _____ C:\Users\humus\Downloads\1608893191527-DJI-v1.2.2-201225-908-46304-official-sec.apk
2020-12-28 20:22 - 2020-12-28 20:22 - 000000000 ____D C:\Users\humus\Downloads\Backgrounds01 (1)
2020-12-28 18:55 - 2020-12-28 18:58 - 252742413 _____ C:\Users\humus\Downloads\Backgrounds01 (1).zip
2020-12-28 12:17 - 2020-12-28 12:17 - 000001919 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2020-12-28 11:47 - 2020-12-28 11:47 - 000000000 ____D C:\Users\humus\AppData\Roaming\Luminar 4
2020-12-28 11:38 - 2020-12-28 11:38 - 000000000 ____D C:\Users\humus\Downloads\AGFY-Luminar_4.1.1.5307_Multilingual
2020-12-28 11:24 - 2020-12-28 11:24 - 000000000 ____D C:\Users\humus\Downloads\Luminar.v4.2.0.5577
2020-12-28 11:16 - 2020-12-28 11:24 - 486735165 _____ C:\Users\humus\Downloads\Luminar.v4.2.0.5577.rar
2020-12-28 10:35 - 2020-12-28 10:35 - 000005906 _____ C:\Users\humus\Downloads\IT01368300099_X0014.xml
2020-12-28 10:35 - 2020-12-28 10:35 - 000005906 _____ C:\Users\humus\Downloads\IT01368300099_X0013.xml
2020-12-18 17:02 - 2020-12-18 17:06 - 252742413 _____ C:\Users\humus\Downloads\Backgrounds01.zip
2020-12-18 10:44 - 2020-12-18 10:45 - 000000000 ____D C:\Users\humus\AppData\Roaming\Luminar AI
2020-12-18 10:38 - 2020-12-18 10:38 - 000000000 ____D C:\ProgramData\Caphyon
2020-12-18 10:37 - 2020-12-28 11:43 - 000000000 ____D C:\Program Files\Skylum
2020-12-18 10:33 - 2020-12-28 11:39 - 000000000 ____D C:\Users\humus\AppData\Roaming\Skylum
2020-12-17 20:53 - 2020-12-17 22:29 - 740672945 _____ C:\Users\humus\Downloads\AGFY-Luminar_4.1.1.5307_Multilingual.rar
2020-12-17 20:50 - 2020-12-17 20:50 - 000000000 ____D C:\Users\humus\Downloads\LAI1007348
2020-12-16 20:29 - 2020-12-16 20:29 - 000000000 ____D C:\Users\humus\AppData\Local\UXP
2020-12-16 20:26 - 2020-12-16 20:26 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2020-12-15 10:58 - 2020-12-15 10:58 - 000000000 ____D C:\Users\humus\AppData\Roaming\Other
2020-12-15 10:58 - 2020-12-15 10:58 - 000000000 ____D C:\Users\humus\AppData\Roaming\AMS Software
2020-12-15 10:57 - 2020-12-15 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoWorks
2020-12-15 10:57 - 2020-12-15 10:57 - 000000000 ____D C:\Program Files (x86)\PhotoWorks

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-14 10:59 - 2020-10-24 20:04 - 000000000 ____D C:\Program Files (x86)\EagleGet
2021-01-14 10:51 - 2020-10-24 20:09 - 000000000 ____D C:\Users\humus\Documents\EGDownloads
2021-01-14 10:40 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-14 10:31 - 2020-10-19 10:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-14 10:31 - 2020-10-19 10:04 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-13 23:32 - 2020-10-19 21:03 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-01-13 23:32 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-13 23:29 - 2020-10-19 10:04 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-13 21:10 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-13 21:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-13 09:43 - 2020-12-03 20:39 - 000000000 ____D C:\Users\humus\AppData\Roaming\BitTorrent
2021-01-13 09:12 - 2020-10-19 12:53 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-12 21:01 - 2020-11-13 20:54 - 000000000 ____D C:\Users\Public\Documents\Winstep
2021-01-12 20:14 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-09 21:14 - 2020-10-19 12:33 - 000002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 14:24 - 2020-11-13 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2021-01-08 14:24 - 2020-11-13 20:41 - 000000000 ____D C:\Program Files\DAUM
2021-01-08 10:56 - 2020-10-26 21:24 - 000000000 ____D C:\Users\humus\Documents\Adobe
2021-01-08 10:56 - 2020-10-19 10:56 - 000000000 ____D C:\Users\humus\AppData\Roaming\Adobe
2021-01-08 10:54 - 2020-10-26 21:00 - 000000000 ____D C:\Users\humus\AppData\Local\Adobe
2021-01-08 10:54 - 2020-10-26 21:00 - 000000000 ____D C:\ProgramData\Adobe
2021-01-07 22:06 - 2020-10-26 21:03 - 000000000 ____D C:\Program Files\Adobe
2021-01-07 22:03 - 2020-10-19 19:55 - 000000000 ____D C:\Users\humus\AppData\Local\D3DSCache
2021-01-05 14:35 - 2020-10-19 10:26 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-31 18:45 - 2020-10-19 19:24 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2020-12-29 12:26 - 2020-10-19 19:24 - 000000000 ____D C:\Program Files\Wondershare
2020-12-29 12:11 - 2020-10-19 19:24 - 000000000 ____D C:\Users\humus\Documents\Wondershare Filmora 9
2020-12-17 18:02 - 2020-10-19 10:59 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3525202431-2914417468-3122384875-1004
2020-12-17 18:02 - 2020-10-19 10:59 - 000000000 ___RD C:\Users\humus\OneDrive
2020-12-17 18:02 - 2020-10-19 10:54 - 000002436 _____ C:\Users\humus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 20:24 - 2020-10-26 21:03 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-12-15 11:49 - 2020-11-16 09:24 - 000000000 ____D C:\Users\humus\Desktop\Ricorso

==================== Files in the root of some directories ========

2021-01-12 14:54 - 2020-10-19 20:34 - 000433152 _____ (Microsoft Corporation) C:\ProgramData\fJckBIpQy.exe
2021-01-13 13:30 - 2019-12-07 10:09 - 000186880 _____ (Microsoft Corporation) C:\ProgramData\nJbHUjMin.exe
2021-01-12 14:54 - 2019-12-07 10:09 - 000186880 _____ (Microsoft Corporation) C:\ProgramData\qesziaOin.exe
2021-01-12 17:12 - 2019-12-07 10:09 - 000186880 _____ (Microsoft Corporation) C:\ProgramData\tXPkLRWin.exe
2021-01-12 14:54 - 2021-01-12 14:54 - 000125530 _____ () C:\Users\humus\AppData\Roaming\it.gif

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

-----------------------------------------------------------------------------------------------------------------------------------------------

Addition.txt

Link to post
Share on other sites
  • Solution

Hiya macholav,

Thanks for those logs, you`re system is heavily infected and the cause is very obvious. Do yourself a favour and stop downloading and installing cracked software, you will always be at risk when using P2P software to access dodgy sites.... Continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply.

I strongly advise that you remove all cracked software and all P2P software and associated applications...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hiya Massimo,

Good to hear your system is ok for you now. Continue to clean up:

Right click on FRST here: C:\Users\humus\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.