mbam-check result log version: 2.3.2.0 ======================================== User Account type: Administrator DomainComputer: No OS: Windows 8.1 64 bit Operating System Current Version and Build: 6.3.9600 Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/03/23 Malware Database: 2017.03.05.02 Rootkit Database: 2017.02.27.01 Remediation Database: 2017.02.15.02 IP Database: 2017.03.03.01 Domain Database: 2017.03.05.01 License: Premium Malware Protection: 4 (The service is running.) Malicious Website Protection: 4 (The service is running.) Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2017/03/05 13:44:53 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: Guest Account Level: Guest User Account: pc_mirko Account Level: Admin Total # of user entries: 3 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 0 Status: OFF SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 0 Status: OFF AntiVirus Information: =================== AntiVirus Software Installed: "ESET Smart Security 8.0" AntiVirus Software Installed: "Windows Defender" FireWall Information: =================== 3rd Party Firewall Software Installed: "Personal firewall ESET" AntiSpyware Information: =================== AntiSpyware Software Installed: "Windows Defender" AntiSpyware Software Installed: "ESET Smart Security 8.0" Machine Information =============================================== Machine ID: acbeec61f99eb8c19405e5b4ac73f58865fbfda2 Installation Token: 76eZEZYGEBfk1D3Jvf6p System has been up for: 0.480556 Hours System has been booted within the last hour Current Date: 2017-Mar-05 12:44:53.436184 Date Booted: 2017-Mar-05 12:44:53.436184 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: false Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers F:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exeREG_SZ HIGHDPIAWARE HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers F:\Farstone Virtual Drive 16.01\VirtualDrive\VDUIMGR.exeREG_SZ ~ WIN7RTM F:\TUTTO x WIN 8.1\GAMES\Dead Rising 3 Apocalypse Edition\GIOCO\deadrising3.exeREG_SZ ~ RUNASADMIN F:\Active@ Partition Recovery\PartRecovery.exeREG_SZ RUNASADMIN F:\Active@ Partition Recovery\DiskEditor.exeREG_SZ RUNASADMIN F:\Active@ Partition Recovery\FileRecovery.exeREG_SZ RUNASADMIN F:\GIOCHI MICROSOFT\Mahjong\Mahjong.exeREG_SZ ~ WIN7RTM F:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exeREG_SZ HIGHDPIAWARE F:\TUTTO x WIN 8.1\RIMEDI HELP!\ComboFix.exeREG_SZ ~ WIN8RTM C:\Users\pc_mirko\Desktop\Magic ISO Maker v5.5 Build 281\Magic ISO Maker v5.5 Build 281\MagicISO.exeREG_SZ ~ VISTARTM F:\TUTTO x WIN 8.1\IMMAGINE DISCO & altro per Backup\AOMEI TUTTO\AOMEI PE Builder 1.5\PEBuilder.exeREG_SZ ~ WIN8RTM C:\Users\pc_mirko\Desktop\UnHackMe 7.80 Build 481 Portable\Unhackme.exeREG_SZ ~ RUNASADMIN F:\Batman Arkham Knight\Binaries\Win64\BatmanAK.exeREG_SZ ~ RUNASADMIN F:\TUTTO x WIN 8.1\ASUS Z97-PRO\EasyUEFI 2.4.0\EasyUEFI_Setup.exeREG_SZ $ Win7RTM F:\Dead Synchronicity - Tomorrow Comes Today\Dead Synchronicity.exeREG_SZ ~ RUNASADMIN C:\Users\pc_mirko\Desktop\INSTALLARE & SCARICARE\Freemake Video Converter Gold 4.1.9.30 Portable\FreemakeVC.exeREG_SZ ~ RUNASADMIN F:\This War of Mine - Anniversary Edition\This War of Mine.exeREG_SZ ~ RUNASADMIN F:\Resident Evil 7 Biohazard\re7.exeREG_SZ ~ RUNASADMIN HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers F:\AIR DROID\AirDroid\AirDroid.exeREG_SZ WINXPSP3 F:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exeREG_SZ HIGHDPIAWARE Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\WINDOWS\system32\drivers\mbam.sys File Size: 27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb] C:\WINDOWS\system32\drivers\mwac.sys File Size: 65408 BYTES FileVersion: 1.0.6.0 MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b] C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b] C:\WINDOWS\system32\drivers\mbamchameleon.sys File Size: 140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 ErrorControl REG_DWORD 1 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Start REG_DWORD 2 Type REG_DWORD 32 Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 DependOnService REG_MULTI_SZ RpcSs WfpLwfs ObjectName REG_SZ NT AUTHORITY\LocalService ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter {89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data {84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data {c8d1f513-20c8-40e9-8673-fc516c7fd258}REG_BINARY Binary Data {ec20256a-62e7-46c7-a648-7029a297b449}REG_BINARY Binary Data {6ee5eef0-e215-42f3-b443-78de64101675}REG_BINARY Binary Data {3490ca13-9db9-4698-bd12-e72762253a79}REG_BINARY Binary Data {7ed5bbe6-7207-4260-bf68-6e9cb542fe6f}REG_BINARY Binary Data {1c07a21f-578d-48c8-a768-fabf17f301c4}REG_BINARY Binary Data {6ec6b2e6-5fab-459e-9e45-fc92b278cebc}REG_BINARY Binary Data {5a1671ca-d445-425f-b562-fa252d8f9b8c}REG_BINARY Binary Data {ca7a9563-265a-4682-95ae-12be1d4580b3}REG_BINARY Binary Data {623c2876-0079-4468-9a52-273606a79f72}REG_BINARY Binary Data {8a3abd38-1cea-4931-b709-2a8e5de4b589}REG_BINARY Binary Data {534e5b48-29d9-4aa7-9ef4-292efbc1286a}REG_BINARY Binary Data {af274747-6e32-4110-9f8f-fc5ae1949846}REG_BINARY Binary Data {88f00db2-5879-4d1f-97e8-bde938f6a916}REG_BINARY Binary Data {6ad560f2-684a-49a7-bc90-8ad456db2c21}REG_BINARY Binary Data {9a45efe5-37c3-4cdc-a5c4-f6a389517b05}REG_BINARY Binary Data {2d24f7da-ce29-43ef-9b7a-4524bf2a3fc6}REG_BINARY Binary Data {f5d2505d-d9a7-4cff-9695-d1701e8de4df}REG_BINARY Binary Data {1c537b16-b95f-4ffe-a218-934792cabb65}REG_BINARY Binary Data {f32094d4-6195-4a68-a22b-742c3adcc548}REG_BINARY Binary Data {97c720b3-18ce-4cd6-a6ff-d4f5f33085f6}REG_BINARY Binary Data {5f5cb466-eb77-40cf-aeb2-e105e8e495c2}REG_BINARY Binary Data {3692c1bc-fa3f-472a-b667-c3504bb9065e}REG_BINARY Binary Data {3f038330-3db6-44fd-b20f-1ffa1ab0dd58}REG_BINARY Binary Data {ffd0fa7e-5492-4349-b266-c024dfdbc38e}REG_BINARY Binary Data {01f8b5f6-aaf5-4bef-a184-66bf24e732ee}REG_BINARY Binary Data {a8ff9d51-83a9-4e00-8e34-c012c4e9de16}REG_BINARY Binary Data {d12324d3-b6b1-405d-95f6-506d6edaf12a}REG_BINARY Binary Data {689309c3-a134-4431-8a8e-feb2d5c1cec1}REG_BINARY Binary Data {adc92e15-0da4-4c12-acca-2c011c0f7d53}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Options EnablePacketQueue REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout {c8d1f513-20c8-40e9-8673-fc516c7fd256}REG_BINARY Binary Data {ec20256a-62e7-46c7-a648-7029a297b447}REG_BINARY Binary Data {6ee5eef0-e215-42f3-b443-78de64101673}REG_BINARY Binary Data {3490ca13-9db9-4698-bd12-e72762253a77}REG_BINARY Binary Data {7ed5bbe6-7207-4260-bf68-6e9cb542fe6d}REG_BINARY Binary Data {1c07a21f-578d-48c8-a768-fabf17f301c2}REG_BINARY Binary Data {6ec6b2e6-5fab-459e-9e45-fc92b278ceba}REG_BINARY Binary Data {5a1671ca-d445-425f-b562-fa252d8f9b8a}REG_BINARY Binary Data {ca7a9563-265a-4682-95ae-12be1d4580b1}REG_BINARY Binary Data {623c2876-0079-4468-9a52-273606a79f70}REG_BINARY Binary Data {8a3abd38-1cea-4931-b709-2a8e5de4b587}REG_BINARY Binary Data {534e5b48-29d9-4aa7-9ef4-292efbc12868}REG_BINARY Binary Data {af274747-6e32-4110-9f8f-fc5ae1949844}REG_BINARY Binary Data {88f00db2-5879-4d1f-97e8-bde938f6a914}REG_BINARY Binary Data {6ad560f2-684a-49a7-bc90-8ad456db2c1f}REG_BINARY Binary Data {9a45efe5-37c3-4cdc-a5c4-f6a389517b03}REG_BINARY Binary Data {2d24f7da-ce29-43ef-9b7a-4524bf2a3fc4}REG_BINARY Binary Data {f5d2505d-d9a7-4cff-9695-d1701e8de4dd}REG_BINARY Binary Data {1c537b16-b95f-4ffe-a218-934792cabb63}REG_BINARY Binary Data {f32094d4-6195-4a68-a22b-742c3adcc546}REG_BINARY Binary Data {97c720b3-18ce-4cd6-a6ff-d4f5f33085f4}REG_BINARY Binary Data {5f5cb466-eb77-40cf-aeb2-e105e8e495c0}REG_BINARY Binary Data {3692c1bc-fa3f-472a-b667-c3504bb9065c}REG_BINARY Binary Data {3f038330-3db6-44fd-b20f-1ffa1ab0dd56}REG_BINARY Binary Data {ffd0fa7e-5492-4349-b266-c024dfdbc38c}REG_BINARY Binary Data {01f8b5f6-aaf5-4bef-a184-66bf24e732ec}REG_BINARY Binary Data {a8ff9d51-83a9-4e00-8e34-c012c4e9de14}REG_BINARY Binary Data {d12324d3-b6b1-405d-95f6-506d6edaf128}REG_BINARY Binary Data {689309c3-a134-4431-8a8e-feb2d5c1cebf}REG_BINARY Binary Data {adc92e15-0da4-4c12-acca-2c011c0f7d51}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter {89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data {84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data {e72646bc-7d3f-4c5c-a679-b3716f8c6cc8}REG_BINARY Binary Data {b98b75dc-17c0-4e84-bd4e-2080527ca6a6}REG_BINARY Binary Data {c8d1f513-20c8-40e9-8673-fc516c7fd257}REG_BINARY Binary Data {c8d1f513-20c8-40e9-8673-fc516c7fd258}REG_BINARY Binary Data {ec20256a-62e7-46c7-a648-7029a297b448}REG_BINARY Binary Data {ec20256a-62e7-46c7-a648-7029a297b449}REG_BINARY Binary Data {6ee5eef0-e215-42f3-b443-78de64101674}REG_BINARY Binary Data {6ee5eef0-e215-42f3-b443-78de64101675}REG_BINARY Binary Data {3490ca13-9db9-4698-bd12-e72762253a78}REG_BINARY Binary Data {3490ca13-9db9-4698-bd12-e72762253a79}REG_BINARY Binary Data {7ed5bbe6-7207-4260-bf68-6e9cb542fe6e}REG_BINARY Binary Data {7ed5bbe6-7207-4260-bf68-6e9cb542fe6f}REG_BINARY Binary Data {1c07a21f-578d-48c8-a768-fabf17f301c3}REG_BINARY Binary Data {1c07a21f-578d-48c8-a768-fabf17f301c4}REG_BINARY Binary Data {6ec6b2e6-5fab-459e-9e45-fc92b278cebb}REG_BINARY Binary Data {6ec6b2e6-5fab-459e-9e45-fc92b278cebc}REG_BINARY Binary Data {5a1671ca-d445-425f-b562-fa252d8f9b8b}REG_BINARY Binary Data {5a1671ca-d445-425f-b562-fa252d8f9b8c}REG_BINARY Binary Data {ca7a9563-265a-4682-95ae-12be1d4580b2}REG_BINARY Binary Data {ca7a9563-265a-4682-95ae-12be1d4580b3}REG_BINARY Binary Data {623c2876-0079-4468-9a52-273606a79f71}REG_BINARY Binary Data {623c2876-0079-4468-9a52-273606a79f72}REG_BINARY Binary Data {8a3abd38-1cea-4931-b709-2a8e5de4b588}REG_BINARY Binary Data {8a3abd38-1cea-4931-b709-2a8e5de4b589}REG_BINARY Binary Data {534e5b48-29d9-4aa7-9ef4-292efbc12869}REG_BINARY Binary Data {534e5b48-29d9-4aa7-9ef4-292efbc1286a}REG_BINARY Binary Data {af274747-6e32-4110-9f8f-fc5ae1949845}REG_BINARY Binary Data {af274747-6e32-4110-9f8f-fc5ae1949846}REG_BINARY Binary Data {88f00db2-5879-4d1f-97e8-bde938f6a915}REG_BINARY Binary Data {88f00db2-5879-4d1f-97e8-bde938f6a916}REG_BINARY Binary Data {6ad560f2-684a-49a7-bc90-8ad456db2c20}REG_BINARY Binary Data {6ad560f2-684a-49a7-bc90-8ad456db2c21}REG_BINARY Binary Data {9a45efe5-37c3-4cdc-a5c4-f6a389517b04}REG_BINARY Binary Data {9a45efe5-37c3-4cdc-a5c4-f6a389517b05}REG_BINARY Binary Data {2d24f7da-ce29-43ef-9b7a-4524bf2a3fc5}REG_BINARY Binary Data {2d24f7da-ce29-43ef-9b7a-4524bf2a3fc6}REG_BINARY Binary Data {f5d2505d-d9a7-4cff-9695-d1701e8de4de}REG_BINARY Binary Data {f5d2505d-d9a7-4cff-9695-d1701e8de4df}REG_BINARY Binary Data {1c537b16-b95f-4ffe-a218-934792cabb64}REG_BINARY Binary Data {1c537b16-b95f-4ffe-a218-934792cabb65}REG_BINARY Binary Data {f32094d4-6195-4a68-a22b-742c3adcc547}REG_BINARY Binary Data {f32094d4-6195-4a68-a22b-742c3adcc548}REG_BINARY Binary Data {97c720b3-18ce-4cd6-a6ff-d4f5f33085f5}REG_BINARY Binary Data {97c720b3-18ce-4cd6-a6ff-d4f5f33085f6}REG_BINARY Binary Data {5f5cb466-eb77-40cf-aeb2-e105e8e495c1}REG_BINARY Binary Data {5f5cb466-eb77-40cf-aeb2-e105e8e495c2}REG_BINARY Binary Data {3692c1bc-fa3f-472a-b667-c3504bb9065d}REG_BINARY Binary Data {3692c1bc-fa3f-472a-b667-c3504bb9065e}REG_BINARY Binary Data {3f038330-3db6-44fd-b20f-1ffa1ab0dd57}REG_BINARY Binary Data {3f038330-3db6-44fd-b20f-1ffa1ab0dd58}REG_BINARY Binary Data {ffd0fa7e-5492-4349-b266-c024dfdbc38d}REG_BINARY Binary Data {ffd0fa7e-5492-4349-b266-c024dfdbc38e}REG_BINARY Binary Data {01f8b5f6-aaf5-4bef-a184-66bf24e732ed}REG_BINARY Binary Data {01f8b5f6-aaf5-4bef-a184-66bf24e732ee}REG_BINARY Binary Data {a8ff9d51-83a9-4e00-8e34-c012c4e9de15}REG_BINARY Binary Data {a8ff9d51-83a9-4e00-8e34-c012c4e9de16}REG_BINARY Binary Data {d12324d3-b6b1-405d-95f6-506d6edaf129}REG_BINARY Binary Data {d12324d3-b6b1-405d-95f6-506d6edaf12a}REG_BINARY Binary Data {689309c3-a134-4431-8a8e-feb2d5c1cec0}REG_BINARY Binary Data {689309c3-a134-4431-8a8e-feb2d5c1cec1}REG_BINARY Binary Data {adc92e15-0da4-4c12-acca-2c011c0f7d52}REG_BINARY Binary Data {adc92e15-0da4-4c12-acca-2c011c0f7d53}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data {078d858c-80f9-4d81-9cdd-69f6ef58fbca}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data {f16f53a4-bd01-460e-ae29-44a34dca8922}REG_BINARY Binary Data {0005b255-1370-43c3-beb6-ab269c67bbae}REG_BINARY Binary Data --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 ErrorControl REG_DWORD 3 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 360792 BYTES FileVersion: 6.3.9600.17090 MD5: [6592d192e2823c043edbc010e7774053] C:\WINDOWS\SysWOW64\comctl32.ocx File Size: 1351392 BYTES FileVersion: 6.0.81.6 MD5: [2640ad05ab39321e6c9d3c71236ca0df] C:\WINDOWS\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 MD5: [e52859fcb7a827cacfce7963184c7d24] C:\WINDOWS\SysWOW64\olepro32.dll File Size: 80384 BYTES FileVersion: 6.3.9600.16384 MD5: [0fc9b04c7f729498b41a19fa55c33573] C:\WINDOWS\system32\comctl32.ocx File Size: 617896 BYTES FileVersion: 6.0.98.39 MD5: [f5564d7f69c7bdef4e078f610431d426] C:\WINDOWS\system32\mscomctl.ocx File Size: 1070232 BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 General: DaysUntilNotifyExpiration: 5 Language: it RightClickAccess: true SilentErrors: false Logging: ExportLog: true Marketing: LastPostScanMarketingIndex: 1 Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Driver: 0 Duration_Filesystem: 96000 Duration_Heuristics: 8000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 8753 Duration_Registry: 3000 Duration_Sector: 0 Duration_Startup: 0 ItemCount_Driver: 0 ItemCount_Filesystem: 6890 ItemCount_Heuristics: 108509 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 8750 ItemCount_Registry: 38948 ItemCount_Sector: 0 ItemCount_Startup: 0 LastRemovalRequiredDOR: false LastScanDateEpoch: 1488716277031 LastScanType: 1 (Threat Scan) Update: NotifyInstallReady: true NotifyOutdatedDatabase: 7 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Premium Expiration Time: Activation Time: 2015/06/28 15:20:16 Trial Used: false --------------Access Policies:-------------- Scheduler Queue: ================ tasks: Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 0 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ HH:mm:ss REG_SZ REG_SZ REG_SZ Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: 850 Please refer to this link for details:[url=http://technet.microsoft.com/en-us/library/cc775938(WS.10).aspx] Here [/url] Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 431072 BYTES FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] mbamtoast.dll File Size: 98272 BYTES FileVersion: 1.70.0.0 MD5: [b55f6f7b61ae6070a6e023e11fda92ee] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] Third-party-notices.txt File Size: 70041 BYTES FileVersion: N/A MD5: [915ab4fe416654fbc412019a0a1002ac] unins000.dat File Size: 230983 BYTES FileVersion: N/A MD5: [af3d93d535c865499dd558d222a836ad] unins000.exe File Size: 721343 BYTES FileVersion: 51.52.0.0 MD5: [80ba1981b95524689218e5a800e9c170] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\Users\pc_mirko\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 9585 BYTES FileVersion: N/A MD5: [967b27cfde31ca60fb73c1f2184f5daa] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 2071028 BYTES FileVersion: N/A MD5: [3e69acaa7d6fb7091efbe4eb8c6fb8a6] exclusions.dat File Size: 28323 BYTES FileVersion: N/A MD5: [697a4501a3fcd475e6c86924ba491eb9] ips.ref File Size: 209630 BYTES FileVersion: N/A MD5: [ca2646effcfc8e65aa801b6b24d40347] mbam-setup.exe File Size: 22851472 BYTES FileVersion: 2.2.1.1043 MD5: [52f4695c53b02ada7d648f95f2e2f8b4] rules.ref File Size: 9809780 BYTES FileVersion: N/A MD5: [6031c39bfb3eaedef994b9a02e2bcae7] swissarmy.ref File Size: 29038 BYTES FileVersion: N/A MD5: [cf66059d20d48d0b489f75a3add6e3ee] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4599 BYTES FileVersion: N/A MD5: [fd9982cb15d1438bb6db3f5a81a73594] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 2899 BYTES FileVersion: N/A MD5: [d9ad887305c19dc771b31c747140b28b] manifest.conf File Size: 3412 BYTES FileVersion: N/A MD5: [d3ea55e20d41c4deb123ab152aca0cfa] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 7339 BYTES FileVersion: N/A MD5: [525fb890bad1b886332d3cafea9a1f64] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 67 BYTES FileVersion: N/A MD5: [11085d96af540aaec9916a1687e946aa] settings.conf File Size: 1940 BYTES FileVersion: N/A MD5: [b7e856be8ad4e926ea5e8908f17a72f9] settings.conf.error File Size: 1939 BYTES FileVersion: N/A MD5: [fa3df7861c0a5dd8562271d287291234] statistics.conf File Size: 597 BYTES FileVersion: N/A MD5: [dd13bb78c11368681c4c38b0221dd41f] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] =============================================================== END OF FILE