cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by administrator (administrator) on DC02 (15-02-2019 16:06:03)
Running from \\192.168.1.22\public\SOSVIRUS\Soft
Loaded Profiles: administrator (Available Profiles: VVV & administrator)
Platform: Windows Server 2016 Standard (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe
(Farbar) \\192.168.1.22\public\SOSVIRUS\Soft\1. FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [83896 2018-04-14] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2018-02-02] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2018-02-02] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Notification Packages] rassfm scecli
SecurityProviders: credssp.dll, pwdssp.dll
BootExecute: autocheck autochk /q /v *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{7dfc1bfd-d4a3-40d1-b030-6d6b13c064d3}: [NameServer] 192.168.10.10,192.168.11.10,127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-be/?ocid=iehp

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [465920 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
R2 Dfs; C:\Windows\system32\dfssvc.exe [454144 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3888640 2018-04-28] (Microsoft Windows -> Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [2111488 2018-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [293376 2018-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [69120 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
R2 Kdc; C:\Windows\system32\kdcsvc.dll [564224 2018-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 KdsSvc; C:\Windows\system32\KdsSvc.dll [37888 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [177152 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R2 NTDS; C:\Windows\system32\ntdsa.dll [95744 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1002496 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [97280 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [83968 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [16896 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [261120 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [179640 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [575416 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [68096 2018-04-14] () [File not signed]
S3 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [61440 2018-04-14] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279264 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279264 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [205152 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [536416 2016-07-16] (Microsoft Windows -> QLogic Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [55648 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [67424 2019-01-04] (Microsoft Windows -> Microsoft Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758624 2016-07-16] (Microsoft Windows -> Emulex)
S3 IPsecGW; C:\Windows\System32\drivers\ipsecgw.sys [18432 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [121344 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S0 pvscsi; C:\Windows\System32\drivers\pvscsi.sys [59456 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1632608 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2016-07-16] (Microsoft Windows -> QLogic Corporation)
S3 RasGre; C:\Windows\System32\drivers\rasgre.sys [45056 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [95072 2018-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 vm3dmp-debug; C:\Windows\system32\DRIVERS\vm3dmp-debug.sys [371152 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 vm3dmp-stats; C:\Windows\system32\DRIVERS\vm3dmp-stats.sys [296400 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R3 vm3dmp_loader; C:\Windows\system32\DRIVERS\vm3dmp_loader.sys [42960 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [42968 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 vmrawdsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [65496 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R3 vmusbmouse; C:\Windows\System32\drivers\vmusbmouse.sys [35904 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 vnetWFP; C:\Windows\system32\DRIVERS\vnetWFP.sys [75224 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsepflt; C:\Windows\System32\DRIVERS\vsepflt.sys [345560 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92120 2017-11-29] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 584C5D338B08D0D7B219F0CD88250923
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys B2D812BA7922DA7747B8448D8467B368
C:\Windows\System32\DRIVERS\ahcache.sys 23522E5D581F7722B1B5B86737CAE39C
C:\Windows\System32\drivers\amdk8.sys BBEC29A8CE2E5079394172CFB6086071
C:\Windows\System32\drivers\amdppm.sys 2404B6B14BA7B9B395F618B4C6A32505
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys 4E428D3A40BE1CEC6CF7495C922F695D
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys B66ED2CB37F7E4696A51612AFBA08834
C:\Windows\system32\drivers\AppvVemgr.sys 8CA979989D8B801457FA457D2F4DBD12
C:\Windows\system32\drivers\AppvVfs.sys D9CEF527E269FB06E52701E722120035
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 94D6B95485BFA35D81524B0EBA0F7569
C:\Windows\System32\drivers\BasicRender.sys 33C05FFEA1FB9C7DDE864EE986D8A47A
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\System32\drivers\bfadfcoei.sys 90DBA05A58867557C96BB73F7D440EF8
C:\Windows\System32\drivers\bfadi.sys F67EABE6BFC44DA0B3293745AC152D34
C:\Windows\System32\DRIVERS\bowser.sys 7FEA5BCAF1DB08EB09A157B66F6C6610
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\bxfcoe.sys BB2C3870205A987B61F8DFBF79C17ECB
C:\Windows\System32\drivers\bxois.sys 903428A7604E90726C67FD834522F89C
C:\Windows\System32\drivers\capimg.sys 60EB6A4CE3E21887D302350631C16F26
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 2B78C7A6B723E850EE965DAFD65F75D5
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\CLFS.sys 277F76EB6500598AE2AB124145C955F1
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys 1F83D25A0CA35FAA12DD10D810BB24D5
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 7F348CABED6318900CA17AE94662F55F
C:\Windows\System32\drivers\dam.sys 3BBD0073265DA6D3EFBA54B26E5D8236
C:\Windows\System32\Drivers\dfsc.sys B0DA125002BDCDDDF80603885BA2057A
C:\Windows\System32\drivers\dfs.sys 8B53F3B09FD3098292A288EDFCE88B83
C:\Windows\System32\drivers\dfsrro.sys 0D703D865BCCFCAF7C5EA04FE036DE37
C:\Windows\System32\drivers\disk.sys 630A3DA76BAC02E678AD0C3EF77CCDE3
C:\Windows\System32\drivers\dmvsc.sys EBDDC43DCD1E70A1A914F8D5B959A90E
C:\Windows\System32\drivers\dxgkrnl.sys B81B9AAF37063755918EC6C9DB6B2E49
C:\Windows\System32\drivers\e1i63x64.sys 83E4A14F851341C933C3235BFB882ECA
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 2A9817B5A9260D8F60D52E36BEF10443
C:\Windows\System32\drivers\elxfcoe.sys 16ED1B113A3D31DEE682EE4C3A0DED67
C:\Windows\System32\drivers\elxstor.sys 1F89B03C8D9DA8A21C9FFC3EFC5F933D
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys FA918EC296EB410FF02867D008D02421
C:\Windows\System32\drivers\fcvsc.sys C7BE0D703CE0CD5456F5FD296E762AF9
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys 0C499F7BEFA84398DDD79A7D1A9A23E4
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys B638E3FE81695DC5EFB883CADDD91DC9
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\drivers\vmgencounter.sys 9AC80016543E82D74E92006FF79F2EB3
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys 6B6E527B24F0D76F17E7DBD6D4059B22
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidusb.sys D8536CB438CC4CCDAE047B768EED22B2
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 839B315D1A678229F74DDB9F663A17E7
C:\Windows\System32\drivers\hvservice.sys 1048922969388241817DA1AEEBDC6177
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 89FA08F1A847CB106A1BF41961E78AA4
C:\Windows\System32\drivers\HyperVideo.sys BFF8BDF2D4E6BB345B8B91695D4AAF65
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 5DF3826EBCB520E069274043D8A16275
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 10D01A3657AC8E8004C83D613163DE1E
C:\Windows\System32\drivers\ipnat.sys 70390C9571A0250F3B5AED8FE6BD7297
C:\Windows\System32\drivers\ipsecgw.sys 40B0CD3505A7DBC3565AAF136F69EE34
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys E2D655E0BF7D9A56533130928E74C25A
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 0B779E9FC426CA2268D28181FA6C222F
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\Drivers\ksecdd.sys 232FDDE207B185704FFA489A2872921E
C:\Windows\System32\Drivers\ksecpkg.sys FB26C9650A2500327F9E19F6B6BF1225
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys F9C7B70F5AFBA59E6D78F5FB5AFB6694
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\MegaSas2i.sys 2CF0CB2A0ED68C5455371E84C16F9627
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys 0D50B3F3AB32D416786B58D4553859CE
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys D93DD425F6C4FDC92F1EFC5F657B99AD
C:\Windows\System32\DRIVERS\mrxsmb.sys 3E88914E19B2A45ACEDB03EB62FE42C1
C:\Windows\System32\DRIVERS\mrxsmb10.sys E0AC54C9EEF2C8B14363B256CB0B281C
C:\Windows\System32\DRIVERS\mrxsmb20.sys 2F4E641144FDDDE5D26827CD8C235D7E
C:\Windows\System32\drivers\bridge.sys 85669C51BA3BBD4CF6457C280BFAEA0C
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\System32\drivers\MsLbfoProvider.sys A75C908669086D8CFB9705326C46FC16
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\System32\Drivers\MsRPC.sys EE92C395BFADA30F19CB4D48B7D9A686
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys A2A906C0D38BFE1D780251D044BDBD4D
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys F7332589754AEB1028048CB363983155
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys C2B9D1E69B332210E87C22CD94665BA3
C:\Windows\System32\drivers\netvsc.sys 0C5CA4049031B46969F631DD8B2D1A23
C:\Windows\System32\Drivers\Npfs.sys 31D6A36A2C99FC5D4666C1716B750B61
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 86677943316DB1C3A95977566247C93E
C:\Windows\System32\Drivers\NTFS.sys A0B01E81865FF9828D525FC98FFC5157
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys 470526670F861C495A92D93AC5E5F802
C:\Windows\System32\drivers\pci.sys 29AF16726F4DD84376ECA85AB6AFF2C6
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 382D493B91B816D12C6F775E7896ED29
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 46EFE979C788001B7E77FEEDEBF7D498
C:\Windows\System32\drivers\processr.sys 8AE6F1FDEBB0BBAF06680A1BF64CF2EF
C:\Windows\System32\drivers\pacer.sys 9A805925AC3F7C88D6090AC0A01F24C8
C:\Windows\System32\drivers\pvscsi.sys 5775F87163AA642DED05DC9CBA6DE3E8
C:\Windows\System32\drivers\ql2300i.sys 8A8902A62B2FCFEC7E9B4F80F2415761
C:\Windows\System32\drivers\ql40xx2i.sys 996D31B4CB2C8BBEA48C7DE6DC96CE2B
C:\Windows\System32\drivers\qlfcoei.sys 239F4642316448A6AECD13D21DD7D7E3
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasgre.sys 735A2F69663C9967DC9A78294CFD8E26
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\drivers\raspppoe.sys 726857E441D1D67F57694A1B613ABD34
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys 02C35B6A2AE581797250C0BC60864D1B
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 3A6D32AB910E9479A46042DA2545CD81
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\Drivers\ReFS.sys 4E7728C56F8A7900D114F1E68E70C004
C:\Windows\System32\Drivers\ReFSv1.sys CEB393C0423D8BAFAE54940F8113D304
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys E311D969AFF391C4CE915CB3B285A7DD
C:\Windows\System32\DRIVERS\sacdrv.sys AE6B0F48BCEC2311EE2AAE45A372B8E2
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 090953FB94D6D52AF335C3C07E5057B6
C:\Windows\System32\drivers\scmdisk0101.sys 50FCAD2051E6DD313393437DE6D7C049
C:\Windows\System32\drivers\sdbus.sys C57B12A84F35A0ABB7B89E0F0F8E09CB
C:\Windows\System32\drivers\sdstor.sys 4DFEC463DD018EC4EC47F9E94128EFDC
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\DRIVERS\smbdirect.sys A0A01BEEC4180B1788763F34D2B73599
C:\Windows\System32\drivers\spaceport.sys 824115F8D43FE583DBAEEF306E8D207B
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\DRIVERS\srv.sys 8B80C6C7C4874B7195E41AB8134B68F8
C:\Windows\System32\DRIVERS\srv2.sys A86B03A042961ABAF29AFF70872CA7FC
C:\Windows\System32\DRIVERS\srvnet.sys 621560D9F33EE1849D0F830506FC5EB7
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys CBABEDCA7DA0431374DB367568F764A9
C:\Windows\System32\drivers\vmstorfl.sys D17A9D395FAD27B852840176D076C816
C:\Windows\System32\drivers\stornvme.sys 16AEFB8D934EF9A4066F3AF9C0072C05
C:\Windows\System32\drivers\storqosflt.sys C933825CDAB040098726085553397834
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys C1F369BF70FE664214C80877FC9C78C7
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\Synth3dVsc.sys 99770B12635254C185E3F0E60046E58F
C:\Windows\System32\drivers\tcpip.sys 1674A7B5BF57AD54D7E4EBFEA9FFE9D6
C:\Windows\System32\drivers\tcpip.sys 1674A7B5BF57AD54D7E4EBFEA9FFE9D6
C:\Windows\System32\drivers\tcpipreg.sys CA1B323B05B6BE8452B0CC8AAB862303
C:\Windows\system32\DRIVERS\tdx.sys 3C5978BB1F00FB3D2F2B9A51AB9C38F5
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys C83DE1E02E1588F24C889224C2B65FAD
C:\Windows\System32\drivers\tsusbflt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys E9503E60345EEDFB9C11E74063E03E2E
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 87D467A7329E5994A0EC8C6DE630E44E
C:\Windows\System32\drivers\ucx01000.sys DCB93956EACE2045012DDBA025AEA65A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys EEAF8EB95FB0FB8870433FF825F67034
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys B81B4F1C35555E8FEFC65E74D7116D4D
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 0676C54CB2512F336DA70B891504F85F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 529634743FB9D72BDC27F2AF02F3260C
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 6E7781B2293DB092DB605A579C16824F
C:\Windows\System32\drivers\vdrvroot.sys B297AB9D4E4F144DEB3DF4DBE9EF6B73
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys ABFEC01762AC4277DA7355A4DFF802FE
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\system32\DRIVERS\vm3dmp.sys CA59AE445A33C444AE5B803F427DD392
C:\Windows\system32\DRIVERS\vm3dmp-debug.sys E25A61AB7B4EA8C6B41D46E5EE4F9527
C:\Windows\system32\DRIVERS\vm3dmp-stats.sys DA4C15D80259D163C07F1FEEAB08BC65
C:\Windows\system32\DRIVERS\vm3dmp_loader.sys 83F61513C5F54FBBF1468C6490919C0C
C:\Windows\System32\drivers\vmbus.sys 9FE48D99FAE7F7AFB92B3C61F2344671
C:\Windows\System32\drivers\VMBusHID.sys C249E76A85EA0998F680F9DDCDC38E58
C:\Windows\System32\drivers\vmci.sys 9C3FD3B0B9376537181067A28F2A5290
C:\Windows\System32\drivers\vmgid.sys DEB4D6171C652431362DD83D6E398AE2
C:\Windows\System32\DRIVERS\vmhgfs.sys CEDF8968A46FF46F6AE473C1022188C5
C:\Windows\system32\DRIVERS\vmmemctl.sys 75B2787DA2D311DDC681C598688DBB17
C:\Windows\System32\drivers\vmmouse.sys 3C254228F0A3C97F5244281AB5B48BBC
C:\Windows\system32\DRIVERS\vmrawdsk.sys 6FC64E8B6CB1AA793C2D15EA64CD12AA
C:\Windows\System32\drivers\vmusbmouse.sys 1F211FD46A2C49D0A2D3CF7160726292
C:\Windows\system32\DRIVERS\vnetWFP.sys E85F381BB973E89E6211819AE497CA80
C:\Windows\System32\drivers\volmgr.sys B174382D177289C7A8C581E426B84D82
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys 8F8887440BC649ABEC29FACEE7B5389F
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys CC505364D68E1B327FD6059F54E699B1
C:\Windows\System32\DRIVERS\vsepflt.sys 593E0E744CA41AB8AEA76CBAEB251A29
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\DRIVERS\vsock.sys E5B3DEEC0F59ACD113549062B8452515
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys 25FCDF2A44411B7EC9717FF2A5532D98
C:\Windows\system32\drivers\wcnfs.sys BADE779D124D1805AED17C71C20ACDA6
C:\Windows\System32\drivers\wd\WdBoot.sys 8CEABB2EE1F576F9B8E6F796039E8642
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\System32\drivers\wd\WdFilter.sys 63B81A20277F629A178248CAF8065B04
C:\Windows\System32\drivers\wd\WdNisDrv.sys 5D8E18A7890EC523CF9DBFD6C061198B
C:\Windows\System32\drivers\wfplwfs.sys 69CC8CBA92DB2B08EDE25BA7F961D173
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 7A04E260EAD0393C345CBCC637C7089A
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\winnat.sys 74E60D7913EE860A11554D5DB2770E77
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys 856D5EFCFAD4229F68FF9A5E7EA82C9D
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys DB77764B46D02DCB9777D9E00A3F7D63
C:\Windows\System32\drivers\xinputhid.sys 63088A3361D9A308F328F11E9099DD87

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-15 16:01 - 2019-02-15 16:05 - 000000000 ____D C:\FRST
2019-02-15 16:01 - 2019-02-15 16:01 - 000000000 ____D C:\AdsFix
2019-02-15 16:01 - 2019-02-14 17:48 - 005735832 _____ (SosVirus) C:\Users\administrator.VVNET\Desktop\2. AdsFix.exe
2019-02-15 16:01 - 2019-02-13 21:36 - 002433536 _____ (Farbar) C:\Users\administrator.VVNET\Desktop\1. FRST64.exe
2019-02-10 22:29 - 2019-02-15 15:47 - 000002236 ____H C:\Users\administrator.VVNET\Documents\Default.rdp
2019-01-08 10:58 - 2019-02-10 11:39 - 000097866 _____ C:\Users\administrator.VVNET\Desktop\ZIBNyHTb-ASdOaBzz.[Bitmine8@tutanota.com]
2019-01-08 10:58 - 2019-02-10 11:39 - 000000000 ____D C:\Users\administrator.VVNET\Desktop\filetypesman-x64
2019-01-08 10:29 - 2019-02-15 11:36 - 000004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D10F96A-2A8E-4D53-9F84-405494862C5E}
2019-01-08 08:51 - 2019-02-10 11:39 - 041237287 _____ C:\Program Files (x86)\c0sQExgv-XDYTUJ19.[Bitmine8@tutanota.com]
2019-01-08 08:41 - 2019-02-15 16:06 - 000000000 ____D C:\Users\administrator.VVNET\AppData\Local\Temp\4
2019-01-08 08:26 - 2019-01-08 08:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2019-01-08 08:25 - 2019-02-10 11:39 - 019139428 _____ C:\Users\vvv\Downloads\QFXfmjeY-kAxjLDKF.[Bitmine8@tutanota.com]
2019-01-08 08:25 - 2019-02-10 11:39 - 018740068 _____ C:\Users\vvv\Downloads\8Li73WjS-iqStveSa.[Bitmine8@tutanota.com]
2019-01-08 08:22 - 2019-01-08 08:22 - 000004070 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BCBE833-AB12-4F8E-B175-6742889B5413}
2019-01-04 15:44 - 2019-01-04 15:44 - 000005912 _____ C:\Windows\system32\config\netlogon.dnb
2019-01-04 15:44 - 2019-01-04 15:44 - 000001998 _____ C:\Windows\system32\config\netlogon.dns
2019-01-04 15:42 - 2019-02-14 14:33 - 000000000 ____D C:\Windows\NTDS
2019-01-04 15:42 - 2019-01-04 15:43 - 000000000 ____D C:\Windows\system32\dns
2019-01-04 15:42 - 2019-01-04 15:42 - 000000000 ____D C:\Windows\SYSVOL
2019-01-04 15:24 - 2019-01-04 15:24 - 006291456 _____ C:\Users\Administrator\AppData\Local\Temp\TempWinSAT-wsk-2019-01-04-15-24-26-83.tmp
2019-01-04 15:24 - 2019-01-04 15:24 - 006291456 _____ C:\Users\Administrator\AppData\Local\Temp\TempWinSAT-wse-2019-01-04-15-24-26-84.tmp
2019-01-04 15:22 - 2019-01-04 15:22 - 012582912 _____ C:\Windows\system32\ntds.dit
2019-01-04 15:22 - 2019-01-04 15:22 - 005426688 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 005029888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gppref.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 003295744 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 002575360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propshts.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000771584 _____ (Microsoft Corporation) C:\Windows\system32\gpprefbr.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000612864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefbr.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpregistrybrowser.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcn.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcn.dll
2019-01-04 15:22 - 2019-01-04 15:22 - 000000764 _____ C:\Windows\system32\dsac.exe.config
2019-01-04 15:22 - 2019-01-04 15:22 - 000000000 ____D C:\Windows\system32\adprep
2019-01-04 15:22 - 2019-01-04 15:22 - 000000000 ____D C:\Windows\system32\ADDSDeployment_Internal
2019-01-04 15:22 - 2019-01-04 15:22 - 000000000 ____D C:\Windows\ADWS
2019-01-04 15:21 - 2019-01-04 15:21 - 000043184 _____ C:\Users\vvv\AppData\Local\Temp\ARWConfig-cf079510-fe34-4bb7-a7e7-32f6573c74c5.xml
2019-01-04 15:21 - 2019-01-04 15:21 - 000000000 ____D C:\Windows\system32\ServerManager
2019-01-04 15:12 - 2019-02-10 11:39 - 000787812 _____ C:\Users\vvv\mNWXcmnB-ZOB41pVX.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000525668 _____ C:\Users\vvv\q3UI5iqp-P4eMXLJh.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000525668 _____ C:\Users\vvv\D0gJ7t5c-rp91Csuj.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000066916 _____ C:\Users\vvv\1I3hMPE9-Ts9k6xvd.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000001782 _____ C:\Users\vvv\Documents\lGrL30vv-IYx2qhdL.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000001662 _____ C:\Users\vvv\Downloads\6i9kWSmP-ocG3lJXm.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000001662 _____ C:\Users\vvv\Desktop\qWDAxMGR-3NhFZAS3.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000001400 _____ C:\Users\vvv\M50MjQsT-W9eKksuD.[Bitmine8@tutanota.com]
2019-01-04 15:12 - 2019-02-10 11:39 - 000000000 ____D C:\Users\vvv
2019-01-04 15:12 - 2019-01-04 15:12 - 000000000 ____D C:\Users\vvv\AppData\Roaming\Adobe

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-15 16:01 - 2016-07-16 14:23 - 000000000 ____D C:\Windows\Web
2019-02-15 15:47 - 2018-10-17 23:04 - 000003652 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-02-15 15:47 - 2018-02-02 20:41 - 000960518 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-15 15:47 - 2016-07-16 14:21 - 000000000 ____D C:\Windows\INF
2019-02-12 19:46 - 2016-07-16 14:02 - 000000000 ____D C:\Windows\CbsTemp
2019-02-10 11:39 - 2018-11-10 14:17 - 000001782 _____ C:\Users\Administrator\Documents\tV1CRuq5-13LmdvNx.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:17 - 000001662 _____ C:\Users\Administrator\Downloads\mGP89SHA-6rDxsY30.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:17 - 000001662 _____ C:\Users\Administrator\Desktop\9F6mN38I-k76Kmepc.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000787812 _____ C:\Users\Administrator\1wWl6aLZ-8KpcjAlE.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000525668 _____ C:\Users\Administrator\imdlfzeT-84tTtbgw.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000525668 _____ C:\Users\Administrator\0NJ7a8Fx-s808AWe6.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000197988 _____ C:\Users\Administrator\cImQ48wj-Xr4xztwk.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000079204 _____ C:\Users\Administrator\rkIdbb6F-afLjIcMy.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000066916 _____ C:\Users\Administrator\HlFDPGWz-BsvDq3rq.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000001400 _____ C:\Users\Administrator\gkTEb5hk-neg4ziOS.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-11-10 14:16 - 000000000 ____D C:\Users\Administrator
2019-02-10 11:39 - 2018-10-18 17:14 - 000000000 ____D C:\25c895d04aec51424abb74d37fc2
2019-02-10 11:39 - 2018-10-17 23:04 - 000001782 _____ C:\Users\administrator.VVNET\Documents\80Z7PX2A-86rKpDZ1.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-17 23:04 - 000001662 _____ C:\Users\administrator.VVNET\Downloads\d7wqfNmU-Pn5tsFwg.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-17 23:04 - 000001662 _____ C:\Users\administrator.VVNET\Desktop\41wx00Yf-zoZvGuYn.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-17 23:04 - 000001400 _____ C:\Users\administrator.VVNET\HuOx1mYx-O2QuTGWz.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-17 23:04 - 000000000 ____D C:\Users\administrator.VVNET
2019-02-10 11:39 - 2018-10-17 21:20 - 000005408 _____ C:\ProgramData\ADYh7OjU-oIfjIaqk.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-15 20:20 - 000525668 _____ C:\Users\Default\m60sXS0c-gD32YEUe.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-15 20:20 - 000525668 _____ C:\Users\Default\KgsjQkmq-WT9VSZR8.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-10-15 20:20 - 000066916 _____ C:\Users\Default\caOH1IBF-cwN5TQsF.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2018-02-02 21:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-10 11:39 - 2016-07-16 14:23 - 000001658 _____ C:\Users\Public\Documents\CsGQszbR-VL1Ketvp.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Users\Public\u7ddtVje-fNxkLcoE.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Users\Public\Downloads\xFXzQNVq-dbl1NFGg.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Users\Public\Desktop\2za6d0IB-zUOkFe8C.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Users\PBNrKeRJ-RBj76x0t.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Program Files\mhpSD9FM-RQMN7SSL.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000001554 _____ C:\Program Files (x86)\RwLqFwC5-j9VYsulr.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 14:23 - 000000000 __RHD C:\Users\Public\Libraries
2019-02-10 11:39 - 2016-07-16 14:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-10 11:39 - 2016-07-16 14:23 - 000000000 ____D C:\Program Files\Common Files\Services
2019-02-10 11:39 - 2016-07-16 07:04 - 000263524 _____ C:\Users\Default\5RY3df16-V0c4GTIQ.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 07:04 - 000102756 _____ C:\Users\Default\RbO1WxLr-q8MNuA9O.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2016-07-16 07:04 - 000058724 _____ C:\Users\Default\pLoVzmNU-qPxyJOVm.[Bitmine8@tutanota.com]
2019-01-25 15:55 - 2018-10-18 18:29 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Files in the root of some directories =======

2019-02-10 11:39 - 2019-02-10 11:39 - 000020201 _____ () C:\Program Files\#ReadMe_T0_Decrypt_Files.rtf
2016-07-16 14:23 - 2019-02-10 11:39 - 000001554 _____ () C:\Program Files\mhpSD9FM-RQMN7SSL.[Bitmine8@tutanota.com]
2019-02-10 11:39 - 2019-02-10 11:39 - 000020202 _____ () C:\Program Files (x86)\#ReadMe_T0_Decrypt_Files.rtf
2019-01-08 08:51 - 2019-02-10 11:39 - 041237287 _____ () C:\Program Files (x86)\c0sQExgv-XDYTUJ19.[Bitmine8@tutanota.com]
2016-07-16 14:23 - 2019-02-10 11:39 - 000001554 _____ () C:\Program Files (x86)\RwLqFwC5-j9VYsulr.[Bitmine8@tutanota.com]
2018-10-18 21:36 - 2018-10-18 21:36 - 000567580 _____ () C:\Users\administrator.VVNET\AppData\Local\dd_vcredistMSI18EC.txt
2018-10-18 21:36 - 2018-10-18 21:36 - 000011712 _____ () C:\Users\administrator.VVNET\AppData\Local\dd_vcredistUI18EC.txt
2019-01-08 08:43 - 2019-01-08 08:43 - 000007605 _____ () C:\Users\administrator.VVNET\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 15:12

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité