Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer found two PUM.Dns


  • This topic is locked This topic is locked
7 replies to this topic

#1 Senua89

Senua89

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 13 January 2018 - 03:45 PM

Today I scanned my PC with the following programs: -Malwarebytes anti malware - Tdss killer - Kaspersky Security Scan - Kaspersky Virus Removal Tool - Rogue Killer - Windows Defender - Malwarebytes Anti Rookit - Adw Cleaner - Hitman Pro - Eset Online Scanner
None of these found anything except Rogue Killer, who found two Pum.Dns. I immediately deleted these registry keys and restarted the PC. Trying to re-scan the PC in both safe mode and normal mode Rogue Killer find anything. Reading on the net I discovered that these PUM.Dns may not be viruses but changes in the settings made by the user. I write here to see if they were viruses and, in case they were, if my PC is no longer infected. I leave you the logs of Farbar, Rogue Killer and Hitman Pro that in the last scan found "TrueSight.sys" that from what I read is a file of Rogue Killer, but to be sure I leave the log. Thank you for your attention.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2018 01
Ran by fdfer (administrator) on DESKTOP-DG73G7R (13-01-2018 20:29:02)
Running from C:\Users\fdfer\Desktop
Loaded Profiles: fdfer (Available Profiles: fdfer)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Electronic Arts) D:\Programmi\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.188_none_16c3dcde323064d9\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel Corporation)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [GalaxyClient] => D:\Programmi\GOG Galaxy\GalaxyClient.exe [5358664 2017-12-13] (GOG.com)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [CCleaner Monitoring] => D:\Programmi\Ccleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [Steam] => D:\Programmi\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [EADM] => D:\Programmi\Origin\Origin.exe [3098920 2017-12-19] (Electronic Arts)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Run: [Spotify Web Helper] => C:\Users\fdfer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-20] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: 4yqgjq5o.default
FF ProfilePath: C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Profiles\4yqgjq5o.default [2018-01-13]
FF Homepage: Mozilla\Firefox\Profiles\4yqgjq5o.default -> about:home
FF Extension: (AdBlocker Ultimate) - C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Profiles\4yqgjq5o.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Profiles\4yqgjq5o.default\features\{9754c7dd-f31a-4ee3-bbe9-b0edb7af4cb3}\disable-js-shared-memory@mozilla.org.xpi [2018-01-05] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default [2018-01-13]
CHR Extension: (Presentazioni) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-27]
CHR Extension: (Documenti) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-27]
CHR Extension: (Google Drive) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (YouTube) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-27]
CHR Extension: (Fogli) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-27]
CHR Extension: (Google Documenti offline) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-27]
CHR Extension: (Gmail) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\fdfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atiesrxx.exe [481144 2017-12-10] (AMD)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-11-25] (EasyAntiCheat Ltd)
S3 GalaxyClientService; D:\Programmi\GOG Galaxy\GalaxyClientService.exe [532552 2017-12-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-13] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-11-09] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc.)
S3 MBAMService; D:\Programmi\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; D:\Programmi\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
R2 Origin Web Helper Service; D:\Programmi\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atikmdag.sys [41701752 2017-12-10] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0321058.inf_amd64_c0aa1a2b512afe19\atikmpag.sys [545656 2017-12-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [532456 2016-10-05] (Intel Corporation)
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc.)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 20:29 - 2018-01-13 20:29 - 000011082 _____ C:\Users\fdfer\Desktop\FRST.txt
2018-01-13 20:28 - 2018-01-13 20:28 - 000000000 ____D C:\Users\fdfer\Desktop\a
2018-01-13 20:25 - 2018-01-13 20:25 - 079429632 _____ C:\Windows\system32\config\SOFTWARE
2018-01-13 20:25 - 2018-01-13 20:25 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-01-13 19:42 - 2018-01-13 19:42 - 000274480 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_19.42.25_log.txt
2018-01-13 19:41 - 2018-01-13 19:41 - 000005332 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_19.41.38_log.txt
2018-01-13 17:45 - 2018-01-13 17:45 - 006968952 _____ (ESET spol. s r.o.) C:\Users\fdfer\Downloads\esetonlinescanner_enu.exe
2018-01-13 17:38 - 2018-01-13 17:38 - 002393088 _____ (Farbar) C:\Users\fdfer\Desktop\FRST64.exe
2018-01-13 16:55 - 2018-01-13 16:55 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\F63272A5.sys
2018-01-13 16:41 - 2018-01-13 16:41 - 000275970 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_16.41.30_log.txt
2018-01-13 16:03 - 2018-01-13 16:03 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6041455E.sys
2018-01-13 16:02 - 2018-01-13 16:42 - 000173574 _____ C:\Windows\ntbtlog.txt
2018-01-13 15:49 - 2018-01-13 15:49 - 000004438 _____ C:\Users\fdfer\Desktop\Scan Rogue Killer.txt
2018-01-13 15:47 - 2018-01-13 15:47 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-2320907850-788148171-3382939013-1001
2018-01-13 15:12 - 2018-01-13 15:12 - 000275440 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_15.12.00_log.txt
2018-01-13 13:56 - 2018-01-13 13:56 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-13 13:56 - 2018-01-13 13:56 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\vlc
2018-01-13 13:56 - 2018-01-13 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-13 13:56 - 2018-01-13 13:56 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-13 13:51 - 2018-01-13 13:51 - 000005166 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_13.51.18_log.txt
2018-01-13 13:50 - 2018-01-13 13:50 - 000005166 _____ C:\TDSSKiller.3.1.0.15_13.01.2018_13.50.43_log.txt
2018-01-12 18:02 - 2018-01-13 12:54 - 000024876 _____ C:\Users\fdfer\Desktop\a.odt
2018-01-12 13:28 - 2018-01-12 22:07 - 000012363 _____ C:\Users\fdfer\Desktop\Giochi in uscita.odt
2018-01-08 12:48 - 2018-01-10 17:22 - 000029574 _____ C:\Users\fdfer\Desktop\Anteprima Fade to SIlence.odt
2018-01-08 12:48 - 2017-12-23 17:54 - 000029046 _____ C:\Users\fdfer\Desktop\Anteprima Slaps and Beans.odt
2018-01-07 17:08 - 2018-01-07 17:08 - 000000000 ____D C:\Origin Games
2018-01-06 01:27 - 2018-01-06 01:28 - 000276404 _____ C:\TDSSKiller.3.1.0.15_06.01.2018_01.27.54_log.txt
2018-01-06 00:41 - 2018-01-06 00:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4354BC16.sys
2018-01-06 00:15 - 2018-01-06 00:15 - 000005166 _____ C:\TDSSKiller.3.1.0.15_06.01.2018_00.15.07_log.txt
2018-01-05 22:39 - 2018-01-13 20:29 - 000000000 ____D C:\FRST
2018-01-05 18:10 - 2018-01-05 18:10 - 000000978 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\.mono
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\Blizzard Entertainment
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2018-01-05 18:10 - 2018-01-05 18:10 - 000000000 ____D C:\ProgramData\.mono
2018-01-05 17:45 - 2018-01-07 15:02 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-01-05 17:44 - 2018-01-05 17:44 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2018-01-05 17:43 - 2018-01-13 12:30 - 000000000 ____D C:\Users\fdfer\AppData\Local\Battle.net
2018-01-05 17:43 - 2018-01-05 17:44 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Battle.net
2018-01-05 17:43 - 2018-01-05 17:43 - 000000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
2018-01-05 17:43 - 2018-01-05 17:43 - 000000000 ____D C:\Users\fdfer\AppData\Local\Blizzard Entertainment
2018-01-05 17:43 - 2018-01-05 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-01-05 17:41 - 2018-01-13 12:20 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-01-05 17:40 - 2018-01-05 18:10 - 000000000 ____D C:\Users\fdfer\AppData\Local\Blizzard
2018-01-05 17:39 - 2018-01-05 17:39 - 000000000 ____D C:\ProgramData\Battle.net
2018-01-04 22:18 - 2018-01-04 22:19 - 000276422 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_22.18.38_log.txt
2018-01-04 21:44 - 2018-01-04 21:44 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4633D61D.sys
2018-01-04 19:23 - 2018-01-13 19:42 - 000000000 ____D C:\Users\fdfer\AppData\Local\ESET
2018-01-04 19:17 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-01-04 19:17 - 2018-01-01 13:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-04 19:17 - 2018-01-01 13:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-04 19:17 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2018-01-04 19:17 - 2018-01-01 13:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-04 19:17 - 2018-01-01 13:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-04 19:17 - 2018-01-01 13:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-01-04 19:17 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-01-04 19:17 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bam.sys
2018-01-04 19:17 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-01-04 19:17 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2018-01-04 19:17 - 2018-01-01 13:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-01-04 19:17 - 2018-01-01 13:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-01-04 19:17 - 2018-01-01 13:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-04 19:17 - 2018-01-01 13:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-01-04 19:17 - 2018-01-01 13:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-04 19:17 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-04 19:17 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-04 19:17 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-04 19:17 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-01-04 19:17 - 2018-01-01 13:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-04 19:17 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-01-04 19:17 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-01-04 19:17 - 2018-01-01 13:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-04 19:17 - 2018-01-01 13:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-04 19:17 - 2018-01-01 13:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-04 19:17 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-04 19:17 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-04 19:17 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-04 19:17 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2018-01-04 19:17 - 2018-01-01 13:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-01-04 19:17 - 2018-01-01 13:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-04 19:17 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-01-04 19:17 - 2018-01-01 13:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-01-04 19:17 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-01-04 19:17 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2018-01-04 19:17 - 2018-01-01 13:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-01-04 19:17 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-04 19:17 - 2018-01-01 13:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-04 19:17 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2018-01-04 19:17 - 2018-01-01 13:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-01-04 19:17 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-04 19:17 - 2018-01-01 13:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-01-04 19:17 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-01-04 19:17 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2018-01-04 19:17 - 2018-01-01 13:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-01-04 19:17 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2018-01-04 19:17 - 2018-01-01 13:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-01-04 19:17 - 2018-01-01 13:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2018-01-04 19:17 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2018-01-04 19:17 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-04 19:17 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-04 19:17 - 2018-01-01 13:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-01-04 19:17 - 2018-01-01 13:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-01-04 19:17 - 2018-01-01 13:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2018-01-04 19:17 - 2018-01-01 13:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-04 19:17 - 2018-01-01 13:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-01-04 19:17 - 2018-01-01 13:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-01-04 19:17 - 2018-01-01 13:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2018-01-04 19:17 - 2018-01-01 13:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-01-04 19:17 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-04 19:17 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-04 19:17 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2018-01-04 19:17 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-01-04 19:17 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-01-04 19:17 - 2018-01-01 13:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-04 19:17 - 2018-01-01 13:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-04 19:17 - 2018-01-01 13:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-04 19:17 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-04 19:17 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-04 19:17 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-04 19:17 - 2018-01-01 12:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-04 19:17 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-04 19:17 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-04 19:17 - 2018-01-01 12:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-04 19:17 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-04 19:17 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-04 19:17 - 2018-01-01 12:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-04 19:17 - 2018-01-01 12:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-04 19:17 - 2018-01-01 12:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-01-04 19:17 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-04 19:17 - 2018-01-01 12:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-04 19:17 - 2018-01-01 12:25 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2018-01-04 19:17 - 2018-01-01 12:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-01-04 19:17 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\AboutSettingsHandlers.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-04 19:17 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2018-01-04 19:17 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\convertvhd.exe
2018-01-04 19:17 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-04 19:17 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2018-01-04 19:17 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 19:17 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2018-01-04 19:17 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-04 19:17 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-04 19:17 - 2018-01-01 12:21 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-01-04 19:17 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
2018-01-04 19:17 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-01-04 19:17 - 2018-01-01 12:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\system32\NaturalAuth.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-04 19:17 - 2018-01-01 12:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-04 19:17 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2018-01-04 19:17 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2018-01-04 19:17 - 2018-01-01 12:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-04 19:17 - 2018-01-01 12:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\AppLockerCSP.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-04 19:17 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-04 19:17 - 2018-01-01 12:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-04 19:17 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-01-04 19:17 - 2018-01-01 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-04 19:17 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-04 19:17 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-04 19:17 - 2018-01-01 12:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-04 19:17 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2018-01-04 19:17 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-04 19:17 - 2018-01-01 12:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-04 19:17 - 2018-01-01 12:11 - 001955328 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-04 19:17 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-04 19:17 - 2018-01-01 12:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2018-01-04 19:17 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-04 19:17 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-01-04 19:17 - 2018-01-01 12:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-04 19:17 - 2018-01-01 12:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-01-04 19:17 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-04 19:17 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2018-01-04 19:17 - 2018-01-01 12:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-01-04 19:14 - 2018-01-04 19:14 - 000005166 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_19.14.13_log.txt
2018-01-04 18:52 - 2018-01-04 18:52 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7773219E.sys
2018-01-04 18:49 - 2018-01-04 18:49 - 000005286 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.49.13_log.txt
2018-01-04 18:41 - 2018-01-04 18:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\56772343.sys
2018-01-04 18:34 - 2018-01-13 17:00 - 000000000 ____D C:\Users\fdfer\Desktop\mbar
2018-01-04 18:34 - 2018-01-13 17:00 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-04 18:34 - 2018-01-13 16:54 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-01-04 18:34 - 2018-01-04 18:34 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\631174B8.sys
2018-01-04 18:27 - 2018-01-04 18:28 - 000276704 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.27.14_log.txt
2018-01-04 18:26 - 2018-01-04 18:26 - 000005332 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.26.31_log.txt
2018-01-04 18:23 - 2018-01-04 18:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-01-04 18:22 - 2018-01-04 16:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\fdfer\Desktop\mbar-1.10.3.1001.exe
2018-01-04 18:00 - 2018-01-04 18:16 - 000548428 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_18.00.39_log.txt
2018-01-04 17:59 - 2018-01-04 18:00 - 000005328 _____ C:\TDSSKiller.3.1.0.15_04.01.2018_17.59.53_log.txt
2017-12-30 20:32 - 2017-12-30 20:33 - 000005910 _____ C:\TDSSKiller.3.1.0.15_30.12.2017_20.32.54_log.txt
2017-12-30 20:27 - 2017-12-30 20:31 - 000277892 _____ C:\TDSSKiller.3.1.0.15_30.12.2017_20.27.24_log.txt
2017-12-29 21:14 - 2017-12-29 21:15 - 000279012 _____ C:\TDSSKiller.3.1.0.15_29.12.2017_21.14.15_log.txt
2017-12-29 19:41 - 2017-12-29 19:42 - 000276528 _____ C:\TDSSKiller.3.1.0.15_29.12.2017_19.41.44_log.txt
2017-12-29 14:58 - 2018-01-13 13:35 - 000000000 ____D C:\Users\fdfer\Desktop\Musica
2017-12-29 13:17 - 2017-12-29 15:53 - 000000000 ____D C:\Users\fdfer\Desktop\HitFilm Express 2017 Exports
2017-12-29 11:49 - 2017-12-29 14:11 - 000033844 _____ C:\Users\fdfer\Desktop\Cose.hfp
2017-12-28 21:21 - 2017-12-29 15:59 - 000081735 _____ C:\Users\fdfer\Desktop\Anteprima Slaps and Beans.hfp
2017-12-27 20:48 - 2018-01-05 12:26 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-27 20:48 - 2018-01-05 12:26 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-27 20:47 - 2017-12-28 15:07 - 000000000 ____D C:\Users\fdfer\AppData\Local\Google
2017-12-27 20:47 - 2017-12-27 20:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-27 20:47 - 2017-12-27 20:47 - 000003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-27 20:47 - 2017-12-27 20:47 - 000003544 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-27 13:10 - 2017-12-28 20:58 - 000000000 ____D C:\Users\fdfer\Desktop\Registrazioni
2017-12-26 15:34 - 2017-12-26 15:34 - 000469952 _____ C:\TDSSKiller.3.1.0.15_26.12.2017_15.34.23_log.txt
2017-12-26 12:34 - 2017-12-26 12:35 - 000820960 _____ C:\TDSSKiller.3.1.0.15_26.12.2017_12.34.19_log.txt
2017-12-26 11:48 - 2017-12-26 11:49 - 000000000 ____D C:\Program Files (x86)\Xvid
2017-12-26 11:48 - 2017-12-26 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2017-12-26 11:48 - 2011-05-30 14:42 - 000255488 _____ C:\Windows\system32\xvidvfw.dll
2017-12-26 11:48 - 2011-05-30 14:42 - 000240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-12-26 11:48 - 2011-05-23 10:52 - 000153088 _____ C:\Windows\SysWOW64\xvid.ax
2017-12-26 11:48 - 2011-05-23 08:49 - 000173568 _____ C:\Windows\system32\xvid.ax
2017-12-26 11:48 - 2011-05-23 08:46 - 000645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-12-26 11:48 - 2011-05-23 08:45 - 000696832 _____ C:\Windows\system32\xvidcore.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000122968 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-12-26 10:39 - 2017-12-26 10:39 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-12-26 10:34 - 2017-12-26 10:34 - 000001359 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Lost Alpha DC.lnk
2017-12-26 10:34 - 2017-12-26 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STALKER Lost Alpha DC
2017-12-26 10:26 - 2017-12-26 10:34 - 000000000 ____D C:\Program Files (x86)\S.T.A.L.K.E.R. - Lost Alpha DC
2017-12-25 23:18 - 2017-12-25 23:18 - 000011570 _____ C:\Users\fdfer\Desktop\Nomi utenti e pass account.odt
2017-12-24 14:06 - 2017-12-28 19:44 - 000020420 _____ C:\Users\fdfer\Desktop\Video Slaps and Beans.odt
2017-12-22 19:32 - 2017-12-22 19:52 - 000015532 _____ C:\Users\fdfer\Desktop\Rece. Fade to Silence.odt
2017-12-21 17:08 - 2017-12-21 17:08 - 000000000 ____D C:\Users\fdfer\Desktop\Ds4 controller
2017-12-21 13:45 - 2017-12-21 13:45 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\TrinityTeam
2017-12-21 13:27 - 2017-12-21 13:27 - 000000212 _____ C:\Users\fdfer\Desktop\Bud Spencer & Terence Hill - Slaps And Beans.url
2017-12-19 20:40 - 2017-12-19 20:40 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\MSLiveStickerWhiteList
2017-12-19 20:40 - 2017-12-19 20:40 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\MSLiveSticker
2017-12-19 16:41 - 2017-12-19 16:41 - 000000768 _____ C:\Users\fdfer\Desktop\MSI Afterburner.lnk
2017-12-19 16:41 - 2017-12-19 16:41 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-12-19 16:41 - 2017-12-19 16:41 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-18 22:20 - 2017-12-18 22:20 - 000000000 ____D C:\Users\fdfer\AppData\Local\WhiteSilence
2017-12-18 21:52 - 2017-12-22 13:05 - 000008870 _____ C:\Users\fdfer\Desktop\Giochi da richiedere.odt
2017-12-18 19:22 - 2017-12-18 19:22 - 000000212 _____ C:\Users\fdfer\Desktop\Fade to Silence.url
2017-12-17 18:20 - 2017-12-17 18:20 - 000274608 _____ C:\TDSSKiller.3.1.0.15_17.12.2017_18.20.41_log.txt
2017-12-17 16:36 - 2017-12-17 16:36 - 004833792 _____ (Geza Kovacs) C:\Users\fdfer\Desktop\unetbootin-windows-657.exe
2017-12-17 00:20 - 2017-12-17 00:20 - 000002849 _____ C:\Users\fdfer\AppData\Local\recently-used.xbel
2017-12-17 00:16 - 2017-12-17 00:17 - 000000000 ____D C:\Users\fdfer\AppData\Local\gtk-2.0
2017-12-17 00:14 - 2017-12-17 00:14 - 000000000 ____D C:\Users\fdfer\.thumbnails
2017-12-16 22:33 - 2017-12-16 22:33 - 000277396 _____ C:\TDSSKiller.3.1.0.15_16.12.2017_22.33.36_log.txt
2017-12-14 16:40 - 2017-12-14 16:40 - 000275480 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_16.40.08_log.txt
2017-12-14 16:30 - 2017-12-14 16:31 - 000275480 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_16.30.43_log.txt
2017-12-14 00:53 - 2018-01-13 17:45 - 000000000 ____D C:\Users\fdfer\Desktop\Ant-virus vari
2017-12-14 00:53 - 2017-12-14 00:54 - 000274266 _____ C:\TDSSKiller.3.1.0.15_14.12.2017_00.53.08_log.txt
2017-12-14 00:05 - 2017-12-29 18:10 - 000000000 ____D C:\Users\fdfer\Desktop\Video finiti
2017-12-14 00:03 - 2017-12-14 00:03 - 000002012 _____ C:\Users\fdfer\Desktop\DaVinci Resolve Project Server.lnk
2017-12-14 00:03 - 2017-12-14 00:03 - 000001992 _____ C:\Users\fdfer\Desktop\Resolve.lnk
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\ProgramData\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Program Files\Blackmagic Design
2017-12-14 00:03 - 2017-12-14 00:03 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-13 20:25 - 2017-12-01 01:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2018-01-13 20:25 - 2017-11-15 16:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-13 20:22 - 2017-11-15 17:21 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-13 20:22 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-01-13 20:21 - 2017-11-15 16:52 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-13 19:48 - 2017-11-15 16:57 - 003493264 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-13 19:48 - 2017-09-30 15:41 - 001673888 _____ C:\Windows\system32\perfh010.dat
2018-01-13 19:48 - 2017-09-30 15:41 - 000423132 _____ C:\Windows\system32\perfc010.dat
2018-01-13 19:46 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-13 19:43 - 2017-12-06 17:38 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-13 18:58 - 2017-11-16 01:08 - 000000000 ____D C:\Users\fdfer\AppData\LocalLow\Mozilla
2018-01-13 18:50 - 2017-12-01 23:49 - 000000000 ____D C:\AdwCleaner
2018-01-13 18:29 - 2017-12-06 18:19 - 000000000 ____D C:\Users\fdfer\AppData\Local\CrashDumps
2018-01-13 17:47 - 2017-11-16 00:23 - 000000000 ____D C:\Users\fdfer\AppData\Local\Spotify
2018-01-13 17:47 - 2017-11-16 00:21 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Spotify
2018-01-13 17:40 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-13 17:40 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-13 17:03 - 2017-11-16 00:45 - 000004204 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-01-13 16:02 - 2017-12-01 13:02 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-13 13:59 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF
2018-01-13 13:39 - 2017-12-08 19:08 - 000000000 ____D C:\Users\fdfer\Desktop\Registrazioni Radeon Relive
2018-01-13 12:33 - 2017-11-15 17:37 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Telegram Desktop
2018-01-12 20:09 - 2017-12-09 12:27 - 000000000 ____D C:\Users\fdfer\.gimp-2.8
2018-01-11 13:18 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\rescache
2018-01-10 19:56 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\discord
2018-01-10 19:42 - 2017-11-15 17:32 - 000000000 ____D C:\Windows\system32\MRT
2018-01-10 19:41 - 2017-11-15 17:32 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-10 19:41 - 2017-11-15 17:31 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-10 19:41 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-10 19:37 - 2017-11-16 04:01 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2320907850-788148171-3382939013-1001
2018-01-10 19:37 - 2017-11-15 17:02 - 000002409 _____ C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 19:37 - 2017-11-15 17:02 - 000000000 __RDL C:\Users\fdfer\OneDrive
2018-01-09 14:09 - 2017-11-15 16:58 - 000000000 ____D C:\Users\fdfer
2018-01-09 12:29 - 2017-11-16 00:26 - 000002233 _____ C:\Users\fdfer\Desktop\Discord.lnk
2018-01-09 12:29 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-01-09 12:29 - 2017-11-16 00:26 - 000000000 ____D C:\Users\fdfer\AppData\Local\Discord
2018-01-08 15:10 - 2017-11-16 01:06 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\audacity
2018-01-08 13:13 - 2017-11-16 01:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-08 13:13 - 2017-11-16 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-07 16:00 - 2017-11-16 09:55 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\Origin
2018-01-07 15:59 - 2017-11-27 13:45 - 000000000 ____D C:\Users\fdfer\AppData\Roaming\DS4Windows
2018-01-07 15:59 - 2017-11-16 09:51 - 000000000 ____D C:\ProgramData\Origin
2018-01-05 13:06 - 2017-11-16 01:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-04 19:22 - 2017-11-15 17:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 19:22 - 2017-11-15 17:00 - 000000000 ___RD C:\Users\fdfer\3D Objects
2018-01-04 19:22 - 2017-11-15 16:52 - 000353408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\system32\F12
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\TextInput
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\oobe
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\migwiz
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-04 19:22 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-01-04 19:22 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Dism
2018-01-04 19:18 - 2017-09-29 14:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2018-01-04 19:18 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-01-04 19:18 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-04 18:34 - 2017-11-16 00:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-04 18:23 - 2017-11-15 17:12 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-04 18:23 - 2017-11-15 17:08 - 000000000 ____D C:\Program Files\Intel
2018-01-04 18:21 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-01 13:07 - 2017-11-15 16:51 - 000397994 __RSH C:\bootmgr
2017-12-29 18:59 - 2017-11-16 00:45 - 000000711 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-25 18:06 - 2017-11-15 17:00 - 000000000 ____D C:\Users\fdfer\AppData\Local\Packages
2017-12-22 20:08 - 2017-11-25 22:59 - 000799512 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-12-22 14:45 - 2017-09-29 14:49 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-22 14:45 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-22 12:23 - 2017-11-24 20:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-21 18:36 - 2017-11-18 12:01 - 000000000 ____D C:\Users\fdfer\AppData\Local\ElevatedDiagnostics
2017-12-19 16:42 - 2017-11-16 00:58 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-18 22:20 - 2017-11-16 17:00 - 000000000 ____D C:\Users\fdfer\AppData\Local\UnrealEngine
2017-12-18 22:20 - 2017-11-15 17:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-16 23:25 - 2017-11-15 17:19 - 000000000 ____D C:\Users\fdfer\Desktop\Cose da salvare

==================== Files in the root of some directories =======

2017-12-17 00:20 - 2017-12-17 00:20 - 000002849 _____ () C:\Users\fdfer\AppData\Local\recently-used.xbel
2017-12-05 20:38 - 2017-12-05 20:38 - 000007605 _____ () C:\Users\fdfer\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-01-13 13:41 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\Users\fdfer\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-07 14:03

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by fdfer (13-01-2018 20:29:21)
Running from C:\Users\fdfer\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-15 15:53:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2320907850-788148171-3382939013-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2320907850-788148171-3382939013-503 - Limited - Disabled)
fdfer (S-1-5-21-2320907850-788148171-3382939013-1001 - Administrator - Enabled) => C:\Users\fdfer
Guest (S-1-5-21-2320907850-788148171-3382939013-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2320907850-788148171-3382939013-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
DaVinci Resolve (HKLM\...\{AF2770A8-6DD9-49B7-A559-B18891759387}) (Version: 14.1.1005 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{107663E0-647E-451E-AFA3-7F71BC42A647}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitFilm Express 2017 (HKLM\...\{752C4EC4-8031-476E-A3A5-A7023C06AC2C}) (Version: 5.0.7012.39363 - FXHOME)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 it) (HKLM\...\Mozilla Firefox 57.0.4 (x64 it)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
S.T.A.L.K.E.R.: Lost Alpha DC version 1.4005 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha DC_is1) (Version: 1.4005 - dezowave)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Software per periferiche con chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Spotify (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
Total War Arena EU (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\TWA.EU.PRODUCTION) (Version:  - Wargaming.net)
Uplay (HKLM-x32\...\Uplay) (Version: 44.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\Wargaming.net Game Center) (Version: 17.9.0.6629 - Wargaming.net)
WavePad - Editor Audio (HKLM-x32\...\WavePad) (Version: 7.08 - NCH Software)
Wild West Online version 1.0 (HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\{267FF0EF-16E3-4221-AC84-3612233DCCA4}}_is1) (Version: 1.0 - WWO Partners)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext32.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programmi\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programmi\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext.dll [2017-08-26] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programmi\Winrar\rarext32.dll [2017-08-26] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024DCD8B-5E64-461C-983E-3AEEEF56B539} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-27] (Google Inc.)
Task: {0B2BC3AF-C634-4769-9E4F-6858D62FFD2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {25AE3B4C-91AB-421B-A90D-E191B8813496} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {3C433144-4868-4609-8B7E-1B6858A920D5} - System32\Tasks\CCleanerSkipUAC => D:\Programmi\Ccleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {5D3311D1-0F0F-459E-9217-BA12DAE232C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-27] (Google Inc.)
Task: {5E3097A7-F7C6-43D4-A35F-B9D8FB3CFFE5} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {5F9CE77A-4522-4D30-BCFE-24C9EA97E8C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {DE60DEAA-3411-4106-AB22-4BDB351C65D8} - System32\Tasks\S-1-5-21-2320907850-788148171-3382939013-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {E45F1651-A54B-4087-B0F8-D5A2692F0702} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {F383D226-392C-4ACD-9C5E-1B94121FCE50} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {F9E08051-0766-42AE-AD3B-5A4CD401B208} - System32\Tasks\CCleaner Update => D:\Programmi\Ccleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\fdfer\Favorites\Sito download di NCH Software.lnk -> hxxp://www.nch.com.au/it/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2016-10-07 15:48 - 2016-10-07 15:48 - 000461880 ____R () C:\Program Files\Intel\NCS2\WmiProv\Ncs2Provider.dll
2016-10-07 15:48 - 2016-10-07 15:48 - 000282168 ____R () C:\Program Files\Intel\NCS2\Agent\AdapterAgnt.DLL
2017-12-01 01:31 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 01:31 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-22 00:55 - 2017-07-22 00:55 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-22 00:55 - 2017-07-22 00:55 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 000326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 000404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60644329.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62995244.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77010168.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60644329.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62995244.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77010168.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2320907850-788148171-3382939013-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fdfer\AppData\Roaming\Mozilla\Firefox\Sfondo del desktop.bmp
DNS Servers: 192.168.1.254 - 62.101.93.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Launch LCore"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2320907850-788148171-3382939013-1001\...\StartupApproved\Run: => "Xvid"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{49C3C909-EFF2-4A6C-8626-BE44F09860F5}] => (Allow) LPort=3935
FirewallRules: [TCP Query User{CAE4AD28-A02E-4109-B6D3-79B3FAA5BA71}C:\users\fdfer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fdfer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6BD15B11-CF42-48E6-B927-040DB668A251}C:\users\fdfer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fdfer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0143C425-EA66-43A8-8AE4-574B76219636}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6AC518CD-3AE7-40D4-96B4-91A659E2DAE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2DF47572-4580-4493-B272-DC61C7A87BA1}] => (Allow) D:\Programmi\Steam\Steam.exe
FirewallRules: [{42E935DC-D782-477A-8B97-40EB6502F2A4}] => (Allow) D:\Programmi\Steam\Steam.exe
FirewallRules: [{C351C8B4-0CBA-4578-BC23-6A1566A23A8B}] => (Allow) D:\Programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA9E77ED-EBBA-4D77-A0AE-B47756C2DB14}] => (Allow) D:\Programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{0A6FA220-15DC-4252-B4C0-0010CBA58818}D:\programmi\wild west online\launcher.exe] => (Block) D:\programmi\wild west online\launcher.exe
FirewallRules: [UDP Query User{A6B2EEA4-9CC3-4AE6-AA10-678BDC462FAB}D:\programmi\wild west online\launcher.exe] => (Block) D:\programmi\wild west online\launcher.exe
FirewallRules: [TCP Query User{6CEF22DC-5C72-434C-A7FC-9D098641AD00}D:\programmi\wild west online\launcher.exe.new.exe] => (Block) D:\programmi\wild west online\launcher.exe.new.exe
FirewallRules: [UDP Query User{825D3C5D-3A3D-4DF0-8D5B-B49F4D85AFDD}D:\programmi\wild west online\launcher.exe.new.exe] => (Block) D:\programmi\wild west online\launcher.exe.new.exe
FirewallRules: [TCP Query User{6A57211F-80E6-4504-8025-21BE554E7268}D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{A529D879-7495-4F47-B777-FC4B39D1B8F0}D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4BBD7639-7C2F-413B-94FA-87EA1EBD8314}D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{78C0B6B6-DE88-4F9D-95F1-5A72BBA8D1C5}D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\programmi\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{AB36FF58-6E35-4053-A20C-90E6E76B3BB2}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{303A2039-557B-4A3E-A7E7-6F2A7A8D9243}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{E1ACC2B8-B4B5-4A49-BD43-83AC0576441F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{79B7BC3E-F2DC-46F7-9E75-B83F8872C3F1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{74B1E99D-6167-4F0C-B40A-0D9F2B7DACED}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
FirewallRules: [{41A94721-7B2B-4AE9-A8D5-0C32B0DAFF80}] => (Allow) C:\Steam Games\steamapps\common\SpellForce 3\SF3ClientFinal.exe
FirewallRules: [{23D98364-482E-44AD-B91D-8DA503AB0EAD}] => (Allow) C:\Steam Games\steamapps\common\SpellForce 3\SF3ClientFinal.exe
FirewallRules: [{6D624559-C72C-4365-B515-1B074BE25F07}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{E6305CE4-ABDD-43DA-A3CA-95C9D1D8EB4E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{0A535A2B-4074-4013-95C5-5CC2A04FA255}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe
FirewallRules: [{9EBF2427-4B3A-459D-A75E-1D512CFB15A4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{F817DCDA-A3AA-4B32-9D13-E16B046E7369}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{0DFF897D-D368-49D1-A22B-1B9355F418A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{AD59A068-529D-4BE5-9A84-15781AC17511}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{F15E70D4-0650-449E-8A5D-2929A8E3EABD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe
FirewallRules: [{14CB836E-06C6-42A1-91EB-761F857C9F44}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [TCP Query User{30C0C85C-863A-42D5-B54A-B457BCEBBA1A}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{F2E4A45F-A6E2-4881-8830-7754D648A398}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [TCP Query User{9D63802B-C464-4B96-BBD8-25EF8B2F6047}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [UDP Query User{10A19AAE-3B6E-42B8-917A-72A858A9C84C}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [{E94EC919-A077-43A1-9B87-A37A7615AD6C}] => (Allow) D:\Programmi\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{52632FB1-B929-41C9-963A-B4D6C530B8E5}] => (Allow) D:\Programmi\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{74D2AF81-6742-4A9B-8D14-D93D7B43B191}] => (Allow) C:\Steam Games\steamapps\common\White Silence\WhiteSilence.exe
FirewallRules: [{AE0F2A63-57A1-458C-8C01-112D3FA6FAF2}] => (Allow) C:\Steam Games\steamapps\common\White Silence\WhiteSilence.exe
FirewallRules: [TCP Query User{3D0BB984-0EFB-4603-A087-2A3D066EAA5C}C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe] => (Allow) C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe
FirewallRules: [UDP Query User{014C0F4B-9D3D-4900-8E96-63DA1541E6E8}C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe] => (Allow) C:\steam games\steamapps\common\white silence\whitesilence\binaries\win64\whitesilence-win64-shipping.exe
FirewallRules: [{F20C7D3D-AA36-4110-805A-8EE5221E84D3}] => (Allow) C:\Steam Games\steamapps\common\Bud Spencer & Terence Hill - Slaps And Beans\snb.exe
FirewallRules: [{DBF1EDC8-67A2-4D1B-BB40-3143A898D245}] => (Allow) C:\Steam Games\steamapps\common\Bud Spencer & Terence Hill - Slaps And Beans\snb.exe
FirewallRules: [TCP Query User{7A7E4675-85A4-4947-A86D-C34EEA38E2C4}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe
FirewallRules: [UDP Query User{EEF66E70-26D7-4C03-942B-42B86056FEA4}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe
FirewallRules: [{E5EF7752-188B-4B91-8742-D0F37C6CB271}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FA66006A-52B3-47C0-979A-337569271DD4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D94A163A-624A-4EFA-AE53-00805919146D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

==================== Restore Points =========================

28-12-2017 21:41:48 Punto di controllo pianificato
04-01-2018 18:19:38 IIF_MSI
10-01-2018 19:41:16 Windows Update
10-01-2018 19:41:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2018 07:58:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/13/2018 06:49:09 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/13/2018 06:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 3.0.0.1247, timestamp: 0x59f37972
Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.6.2.0, timestamp: 0x59a63e00
Codice eccezione: 0xc0000005
Offset errore 0x0018de83
ID processo che ha generato l'errore: 0x1ce4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d38c941b61dfb0
Percorso dell'applicazione che ha generato l'errore: D:\Programmi\Anti-Malware\mbam.exe
Percorso del modulo che ha generato l'errore: D:\Programmi\Anti-Malware\Qt5Core.dll
ID segnalazione: 914dc922-61a9-46f5-aeda-5a7934bea079
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (01/13/2018 05:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.

Error: (01/13/2018 05:16:09 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/13/2018 04:54:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.

Error: (01/13/2018 04:54:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "D:\Programmi\Audacity\audacity.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.

Error: (01/13/2018 04:53:39 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/13/2018 04:53:38 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Applicazione: wmiprvse.exe
Versione framework: v4.0.30319
Descrizione: l'applicazione ha richiesto la terminazione del processo tramite System.Environment.FailFast(messaggio stringa).
Messaggio: Eccezione imprevista generata dal provider:
 System.Exception: Questo servizio non può essere avviato in modalità provvisoria

Questo servizio non può essere avviato in modalità provvisoria

   in Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName)
   in Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName)
   in Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList)
   in Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages()
Stack:
   in System.Environment.FailFast(System.String)
   in WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (01/13/2018 04:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: hitmanpro_x64.exe, versione: 3.7.20.286, timestamp: 0x58e5ec3b
Nome del modulo che ha generato l'errore: hitmanpro_x64.exe, versione: 3.7.20.286, timestamp: 0x58e5ec3b
Codice eccezione: 0xc0000005
Offset errore 0x00000000002bfb49
ID processo che ha generato l'errore: 0x750
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d38c806a68444a
Percorso dell'applicazione che ha generato l'errore: C:\Users\fdfer\Desktop\Ant-virus vari\hitmanpro_x64.exe
Percorso del modulo che ha generato l'errore: C:\Users\fdfer\Desktop\Ant-virus vari\hitmanpro_x64.exe
ID segnalazione: 382ed402-bc97-4b83-9afb-83ac85e7530b
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:


System errors:
=============
Error: (01/13/2018 08:25:52 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/13/2018 08:25:52 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI1

Error: (01/13/2018 07:42:10 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/13/2018 07:42:10 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI1

Error: (01/13/2018 05:52:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore:
Il caricamento del driver è stato bloccato

Error: (01/13/2018 05:52:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\fdfer\AppData\Local\Temp\ehdrv.sys

Error: (01/13/2018 05:52:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore:
Il caricamento del driver è stato bloccato

Error: (01/13/2018 05:52:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\fdfer\AppData\Local\Temp\ehdrv.sys

Error: (01/13/2018 05:52:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore:
Il caricamento del driver è stato bloccato

Error: (01/13/2018 05:52:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\fdfer\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-11-16 00:16:15.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume1\Programmi\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 24%
Total physical RAM: 8124 MB
Available physical RAM: 6117.64 MB
Total Virtual: 14524 MB
Available Virtual: 11763.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:273.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:930.63 GB) (Free:884.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00070789)
Partition 1: (Active) - (Size=930.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3E74AE8F)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 MB) - (Type=27)

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

RogueKiller V12.11.32.0 (x64) [Jan  8 2018] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : https://forum.adlice.com
Sito Web : http://www.adlice.com/download/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.16299) 64 bits version
Iniziato in : Modalità Normale
Utente : fdfer [Amministratore]
Iniziato da : C:\Users\fdfer\Desktop\Ant-virus vari\RogueKiller_portable64.exe
Modalità : Scansione -- Data : 01/13/2018 15:13:05 (Durata : 00:16:06)

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] 4yqgjq5o.default : user_pref("browser.search.selectedEngine", "Bing®"); -> Trovato
[PUM.SearchEngine][Firefox:Config] 4yqgjq5o.default : user_pref("browser.search.defaultenginename", "Bing®"); -> Trovato

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 +++++
--- User ---
[MBR] 4e82f55c6d6fb9a8af0ece98b16deeb1
[BSP] 79ad945bca0d85336820c67c17753f83 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 952966 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] e68fd1021edfe9af9fb4a27f8916213a
[BSP] d4e9ba090b1f3d6a2a890efbefe95171 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476485 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975845376 | Size: 451 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

 

 

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DESKTOP-DG73G7R
   Windows . . . . . . . : 10.0.0.16299.X64/4
   User name . . . . . . : DESKTOP-DG73G7R\fdfer
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-01-13 18:50:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 1.571.690
   Files scanned . . . . : 33.415
   Remnants scanned  . . : 369.896 files / 1.168.379 keys

Suspicious files ____________________________________________________________

   C:\Users\fdfer\Desktop\FRST64.exe
      Size . . . . . . . : 2.393.088 bytes
      Age  . . . . . . . : 0.0 days (2018-01-13 17:38:44)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4AFDEF1E0DCE2C4852DB8E08B546C917558E0AAB3DBAA9B63044EB51D2B193B7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -82.7s C:\Windows\Prefetch\CHXSMARTSCREEN.EXE-53E7BF87.pf
         -76.9s C:\Windows\Prefetch\RUNTIMEBROKER.EXE-7A697783.pf
         -66.4s C:\Windows\Prefetch\SVCHOST.EXE-5AC380EC.pf
         -63.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\98CAA319B4B47A38F831B9230A962F51
         -63.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53001AC5-9554-41A9-A853-2573598865E7}
         -53.6s C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf
         -51.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0C1DCFFF0A0984077B34D922D1E28A3A8338F5AC
         -50.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\AE412A6C5E50240E36977A5B698EC1D4CE576725
         -50.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\97664440023B4229D58FF9374B2C1D14A2998116
         -50.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B2B3D0241DE0BEDFEB1023989B39BB2E32A6D4DF
         -50.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\20BD8F8760F09FE41BA3059A475961CF655216CF
         -49.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\017207F266FB431555B193739A7A67A3C9A77A19
         -49.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\8B4E3050E005062F24C6A3E3F7F5285B445D80A1
         -23.0s C:\Windows\Prefetch\DLLHOST.EXE-A5CF8F40.pf
         -20.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\DEF7837FADA9696118C032F3A290948C7A567CD8
         -19.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\FB1AB6DBDC80E5EC83C2F5836A2A40306C5FBFA1
         -19.8s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\423A639B765EC1B0E5F3A7DCEFDA73197C0B18EA
         -19.7s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\F794622DC85F0F326D4639D489F0E154B9DFCB31
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\642EC346CBF072B6FE7BA3DF99F8EE5123BE6FBF
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\2A3980CDB36A34C211335486DB8FCC974FE0D54A
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\4A8BC76CBD4BC399F35A28A8951FC842074FFDCE
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\2B75EE14FD16DD7E9D83DE2DC827AC16BBDA5032
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\A945C8490516E99671EC968CF6FBF5A31D6CA702
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\134D4F0A17789614E47C46C3AE64C58B31667271
         -19.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\203CC5A0FCD9479B8D84F03721BEBFD6581FA7DE
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\3FF74F96AFAC7771E4850C46FCEF2F2371606C94
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\E2C27A65E25835925DD64A3DDF307C7435653926
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\2C56A74A4E461399DE2F91FF6A800AC0A4F0697E
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\4E8A616A17CC1B414E7D55967D3D9E525B2B0C0F
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\DCBDB8BE6935C2A90B94A1D87E6DC273C02A6DCE
         -19.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\533FA9DDB2E7B4720B0E87EDD62DF3919A99926F
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\38AB6F192EA30B05C2A736523E23B6164E2AF3D4
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B0F148501E8E6901E56CFE61E0B2A08FFE05D2E6
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\EBE38260FC3AA96E12C159E0AA18DF61957B5B98
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\D1ABD101FC579B6939B317B346A4F27728E0C13E
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\A188AAEFC14313BAE087774BC42D6D0EE63DAC66
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\63B554CA29AA5461436B5F7A978B21EB946A828B
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\674F2C22B0B902F256B348A639D2CA9885A974A5
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\C2B9A65438E48CEAFED6D316266C09C1C7677E3A
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\9D70898BDCBD15720F957428AC9506CDF6CED360
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0AD58B892E501E8B67E4C8D85C7BB50FF19B2F8F
         -19.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\526C79B71B76CEB79FCBB07382ACD731B904250C
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B870A80F2216D8B7A3DBB54F470ACEBDAC94D9F9
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\42512B375CD524CCE7AA1DC4707933545D64D96F
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\787D5F21493EC9A015AE38F5E6A7DF89D34CEB4C
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\E6C9D1F0C6D2626E0A4F585B72E3D225580986FE
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\A89B11087F6B0DFA25E5E109C1BB7046A3BB4801
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B675EDEB4E9845FD7EECF3252129F53946643341
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\AC375C85828668E14C135DF7F8CC7E9FD0367C1B
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\5670DE0D4D3472038A703CDEE6EA3E8B73BA33AC
         -19.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\3D3CAB0804E82962E6B66C5015EF27AEE4743937
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\38591CD8A7F8D09573C1B3B0BC599AD50C270880
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0C2A211AC6491A6EEF53D60ECDEDAB7AF43F82F9
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\C4C737A3895F533BE12E276074A1C63425D3B038
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\8F0BA124DB0EA159C4122C8618F6FA983275D2B8
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\166B5B5B9B6B2C40827BCDA8AD1635B881832D45
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\4345F616061C69FCA9E8F9ABC759ACD7D9675BBF
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0910A297CE0F0AB2EAFA887CD0EFDAA074ECF754
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B1F1F630D66D0B585139CAEB3DFB47DC000AC681
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\A04612BF4A92FFE89BA1F182309DF5C008231670
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\31EF0763A0E40FDCE380312FF3D86C3D9F42C6FC
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\18FBD92B4EDB12207B5F9BA20C267471E65D6ECB
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\31D90B7A67AC9A4892A066BB4A58515098D6C343
         -19.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\6C9ECF4F158443ECDCE7A7F97E7E2C759A26BF16
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\E13C0573FA0974192F0A265E6033F695C186AE88
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\1647F15D1C7F0C70A435C9FF5587520C5C416F85
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\A28F11027DDC45FCC78106A35C28BBF8E8A52BE4
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B29487DBCC62EEDF2838B404109F09F59736D14D
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\C38B816842A7B9422A2C7578776EEC1C99D0303A
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\1EACC59DEE472883D9D3A09512E0715ACC3F0644
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\40670BA7DC405D230D9496FCDE4FF080E3A6F180
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\9F6137780E5861B58CC8327253FE48B4D83C091C
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\7C3C7CE6D0DBD94FFBE0966223340F596AA9BB53
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\2F78F87062CCB415448FBFB895DABBA15E7C765C
         -19.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\820771AAFCDA6EFC9FCE23912F3536E9B4B90874
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\3FB20D4DE9AD3D0AE4EC26CC1C579CE453D1C3EB
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B9EA9A04C29046BFB2B8F52F0F34C0AF30334BD9
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\71B88BC4100B3E2571143C70D0B08A32B1F34F95
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B670DBA984A53D5271F90957D63C0FA0A14522CB
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\2A028ADE54DD81C3001E1D953A9B6CB64FD054F3
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\5E338CE2CE6C49C4F9E3DAC2E4263D2DBC3E2165
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\DD628612020A8DE25128EA7A4DBC5B1C7F039380
         -19.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\5D949C1F0FF6027B83129152049EE2F6919E1AB9
         -18.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\35045772782776074DCB142DE32BA205F142B853
         -18.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\17B698FDE1501C0BBACE3047599CD1BCC8CBA692
         -18.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\916B016AF7FDCFCEDE4117BC2960A0634C2F635E
         -18.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\3E367D19D97AD86CD2B09782439FEB8026F47798
         -18.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\9DA7E75A3593FC3212686B92E6ABFBEC92F80DE3
         -18.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\7C3FDE7400C05BC610E2AD47BD9F3D9328F874F8
         -18.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\5DDD2ED3F1EE90C46DE2C5BCBE85225DB60A08F5
         -18.4s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\58EFCD8E6A3A1201586D2AD739EF0B214DC10FFF
         -18.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B5AA59E7F1AD95404A662CB0D176C079D935E8E3
         -18.2s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\785828A3DADA809F4FD9F8E9283D2F70B12EDD4F
         -18.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\B5930B1320C59C30821B3CDB78CCD74ABFEEEB78
         -18.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\3C12095FBD0BC074F6000E290C0AFC2CB882E417
         -18.0s C:\Windows\Prefetch\DLLHOST.EXE-B242466F.pf
         -17.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\5976DA636A39D0A68A859128C539827A673A5205
         -17.8s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\FB7F75CC6692438957C30DA9C7987C6088668AB1
         -17.8s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\8E69680E518868BDA374F554C9995B0F97C2BC89
         -17.7s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\93ADC45678F98DF0DB05A0343CFFEFBC0F36A8C9
         -16.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\317A0E64D6EF4020E6A7874E51DBA7D6DC13063F
         -16.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\D5913459F89FB86DD8543CB9C08CBB9B1A4DFEED
         -15.7s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\ED69D3DFC608FFA4EDF96351648720F8373754CE
         -14.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0C32164AFB261DACDAF6F9D25D5CF216AC0D423E
         -14.5s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\E1127D9A3D3957DABC904FC82E7F9C3C63D569D7
         -14.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\4754096F177134D90F20448E52835CC1B028179E
         -10.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\CB9D23C6632EAF2DE9388D541733C37B1F7E4FF3
         -6.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\21832644E53822DFC5195BB14DC2A313BAB1C45F
         -6.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\179260E957BCCBEAFA1E8F014CB259FD1DE4E945
         -6.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\32C3C2000DBC7DEE3919F0447D1FC1E7DA978099
         -5.9s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\58E26FFC6BA7FEDA9D587CD7174FDE68F577982D
         -4.0s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\0DE0547B8DCF1F6A153D84177390CB295654F2B3
          0.0s C:\Users\fdfer\Desktop\FRST64.exe
          0.6s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\14CEACBC2745BA583CE469F0CAC4B3ABAC63FEFF
          3.1s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\7DFD643CBBACBF816C55B4E2A4D70022B39D21D1
          5.3s C:\Users\fdfer\AppData\Local\Mozilla\Firefox\Profiles\4yqgjq5o.default\cache2\entries\540687DFF2843430DDF133684BEB744DEA77B3FD

   C:\Windows\System32\drivers\TrueSight.sys
      Size . . . . . . . : 28.272 bytes
      Age  . . . . . . . : 38.0 days (2017-12-06 17:38:39)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3
      RSA Key Size . . . : 2048
      Service  . . . . . : TrueSight
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\TrueSight\


 

 

 


Edited by Senua89, 13 January 2018 - 03:53 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:35 AM

Posted 14 January 2018 - 06:41 AM

Senua89::

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to reply late this afternoon with my findings.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:35 AM

Posted 14 January 2018 - 07:31 AM

Senua89:

Thank you for your patience while I analyzed your FRST logs.  Fortunately I had the time this morning to analyze your logs.  One never knows what might turn up, so I try to allow myself lots of time to thoroughly analyze every line.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I have reviewed your FRST logs. I see nothing that indicates that your computer is infected.

TrueSight.sys is a legitimate RogueKiller file. Please see this link for more information.

You have already run the standard anti-malware scans, and you stated that they did not reveal any issues with your computer. Is there anything else that I can help you with?

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 Senua89

Senua89
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 14 January 2018 - 10:48 AM

Senua89:

Thank you for your patience while I analyzed your FRST logs.  Fortunately I had the time this morning to analyze your logs.  One never knows what might turn up, so I try to allow myself lots of time to thoroughly analyze every line.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I have reviewed your FRST logs. I see nothing that indicates that your computer is infected.

TrueSight.sys is a legitimate RogueKiller file. Please see this link for more information.

You have already run the standard anti-malware scans, and you stated that they did not reveal any issues with your computer. Is there anything else that I can help you with?

.

Thank you and have a great day.

Regards,
-Phil

Thank you for your time Phil, my name is Fernando.

Going on the internet I did not notice any strange redirects and looking in the Windows Proxy settings I could see that there is no active proxy. So I did not notice any problems. But what I wanted to ask you is: there is a way to know if those PUM.Dns were really viruses ?. I'm always very careful about what I download so I can not figure out where I could take it. The only file I recently downloaded is VLC Media Player from the official website, but I doubt I took them from VLC.



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:35 AM

Posted 14 January 2018 - 11:29 AM

Fernando:

 

Thank you for your post.  Thank you for permission to address you by your first name.

 

Do you recall what the DNS addresses were?  We could research those DNS addresses with IP Checker.  From what I can see, your attached RogueKiller  log detected those two PUM.DNS entries.  Please correct me if I am mistaken.

 

I am guessing that RogueKiller might not "like" the local IP addresses, which I have highlighted in red, because two PUM DNS entries are reported in the RogueKiller log that you submitted with your topic.

 

 

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Tcpip\..\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

 

 

 

 

 

¤¤¤ Registro : 2 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato

 

 

 

You can check this article here for more information.  Normally, not always, the DNS entries point to Internet Service Provider (ISP) DNS servers.  In your case, the first entries are to a local address on your network, and then the following two entries, which I did research with IP Checker, point to legitimate Italian ISP DNS servers.

 

I conclude that this is a probable "false positive", in your case.  Most times when I see a local network specified on an individual computer, it is often on a network with a server  and the server is referencing a legitimate ISP DNS server.  In your case, you have mix of one local IP address and two legitimate IP addresses for ISP DNS servers.  I suspect that your somewhat rare configuration "triggered" the PUM.DNS warning from RogueKiller.

 

That is great news that you are not aware of any unusual computer activity. :thumbup2: I use VLC Media Player myself, and it is not malware.

 

Personally, I would ignore those alleged detections.  I think your configuration is not all that common, so RogueKiller wanted to bring them to your attention as Potentially Unwanted Modifications (PUMs).

 

Is there anything else that I can help you with?  If not, stay safe out there in cyberspace.  If there is nothing more that I can assist you with, I will conclude your topic as resolved.  Please let me know.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 Senua89

Senua89
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 14 January 2018 - 11:55 AM

Fernando:

 

Thank you for your post.  Thank you for permission to address you by your first name.

 

Do you recall what the DNS addresses were?  We could research those DNS addresses with IP Checker.  From what I can see, your attached RogueKiller  log detected those two PUM.DNS entries.  Please correct me if I am mistaken.

 

I am guessing that RogueKiller might not "like" the local IP addresses, which I have highlighted in red, because two PUM DNS entries are reported in the RogueKiller log that you submitted with your topic.

 

 

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Tcpip\..\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

 

 

 

 

 

¤¤¤ Registro : 2 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eaaccab7-844d-4d2a-8d06-980498cb2f7d} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 ([-][X][X])  -> Trovato

 

 

 

You can check this article here for more information.  Normally, not always, the DNS entries point to Internet Service Provider (ISP) DNS servers.  In your case, the first entries are to a local address on your network, and then the following two entries, which I did research with IP Checker, point to legitimate Italian ISP DNS servers.

 

I conclude that this is a probable "false positive", in your case.  Most times when I see a local network specified on an individual computer, it is often on a network with a server  and the server is referencing a legitimate ISP DNS server.  In your case, you have mix of one local IP address and two legitimate IP addresses for ISP DNS servers.  I suspect that your somewhat rare configuration "triggered" the PUM.DNS warning from RogueKiller.

 

That is great news that you are not aware of any unusual computer activity. :thumbup2: I use VLC Media Player myself, and it is not malware.

 

Personally, I would ignore those alleged detections.  I think your configuration is not all that common, so RogueKiller wanted to bring them to your attention as Potentially Unwanted Modifications (PUMs).

 

Is there anything else that I can help you with?  If not, stay safe out there in cyberspace.  If there is nothing more that I can assist you with, I will conclude your topic as resolved.  Please let me know.

 

Thank you and have a great day.

 

Regards,

-Phil

Thanks for the help Phil :thumbup2:



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:35 AM

Posted 14 January 2018 - 12:06 PM

Fernando:

 

Thank you for your prompt reply.  It was my pleasure to assist you.  Thank you for choosing Bleeping Computer to help you with your computer issues.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:35 AM

Posted 14 January 2018 - 12:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users