Título: Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar? Publicado por: win_7 en 20 Marzo 2021, 20:08 pm (http://thumbs.subefotos.com/4f551de2d3a14de48913ad82d3577a1ao.jpg) (https://subefotos.com/ver/?4f551de2d3a14de48913ad82d3577a1ao.png)
tambien cuando sale el "malware" me sale una ventana y la que esta preeseleccionada es esta: disabled file by renaming it y sale tambien deleted y mas opciones PD: lo que he hecho, bueno como lo tenía puesto es: renombrar el archivo/malware. Esta bien? ha finalizado el scaneo, aqui el log: https://www.sendspace.com/file/8gjo96 Título: Re: Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar? Publicado por: win_7 en 20 Marzo 2021, 23:15 pm ***** THE SYSTEM HAS BEEN RESTARTED *****
20/3/2021 22:41:49: Trojan Remover has been restarted 20/3/2021 22:41:49: Trojan Remover closed ************************************************************ ***** DRIVE/DIRECTORY SCAN ***** Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com [Unregistered version] Scan started at: 17:03:30 20 març 2021 Using Database v10584 Operating System: Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868] System up since: 19:41:03 19 març 2021 File System: NTFS UAC is ENABLED [highest level] UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges Automatic Daily Updates are enabled Automatic Program Updates are enabled ************************************************************ Carrying out scan on C:\ (including subdirectories) Archive files will be EXCLUDED. ------------------------------ ! Exception in routine frmScan.FindRat EFOpenError - Cannot open file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\78CEE867-61CB-41FC-89DC-801F6530CF70\MpSigStub.exe". Acceso denegado - processing HeurList line 226 C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll - appears to contain Trashed.File C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll: 0 processes terminated C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll has been renamed to C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll.vir C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll - appears to contain Trashed.File C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll: 0 processes terminated C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll has been renamed to C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll.vir ------------------------------ 363404 files scanned Scan completed at: 22:36:32 20 març 2021 2 Malware files detected Total Scan time: 5 hrs, 33 mins, 2 secs ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations 20/3/2021 22:36:52: restart commenced ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com [Unregistered version] Scan started at: 17:02:34 20 març 2021 Using Database v10584 Operating System: Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868] System up since: 19:41:03 19 març 2021 File System: NTFS UAC is ENABLED [highest level] UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges Controlled Folder Access is enabled Automatic Daily Updates are enabled Automatic Program Updates are enabled ************************************************************ 17:02:34: ----- Checking Default File Associations ----- No modified default file associations detected ************************************************************ 17:02:34: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 17:02:35: Scanning ----- Windows Registry ----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: C:\Windows\explorer.exe C:\Windows\explorer.exe (verified signer: [Microsoft Windows]) 4704744 bytes Created: 24/2/2021 23:10 Modified: 24/2/2021 23:10 Company: Microsoft Corporation [91BCFCAB8092A94CB7D60509BA75ED1C] ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\System32\userinit.exe,] File: C:\Windows\Sysnative\userinit.exe C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows]) 34816 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [582A919CA5F944AA83895A5C633C122C] ---------- Scan cancelled by User Windows Registry scan stopped at user request The ShellExecuteHooks were not scanned Hidden Registry Entries were not scanned for The ScreenSaver was not checked The Windows Registry Active Setup keys were not scanned The ServiceDLLs registry keys were not scanned The Services registry keys were not scanned The Winlogon\Notify DLLs were not scanned The ContextMenuHandlers were not scanned The Browser Helper Objects were not scanned The Delayed Load ShellServiceObjects were not scanned The SharedTaskScheduler DLLs were not scanned The Imagefile Debuggers were not scanned The AppInit_DLLs were not scanned The Security Provider DLLs were not scanned The User Startup Groups were not scanned The Scheduled Tasks were not scanned The ShellIconOverlayIdentifiers were not scanned The Device Drivers were not scanned Malware Registry Entry Checks: not done Heuristic Scans were not carried out Shortcut Hijack Checks not carried out Running Processes were not scanned The HOSTS files were not checked The check on Explorer.exe was not carried out Internet Explorer settings were not checked. ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 17:02:38 20 març 2021 Total Scan time: 0 mins, 4 secs ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com [Unregistered version] Scan started at: 16:59:41 20 març 2021 Using Database v10584 Operating System: Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868] System up since: 19:41:03 19 març 2021 File System: NTFS UAC is ENABLED [highest level] UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges Controlled Folder Access is enabled Automatic Daily Updates are enabled Automatic Program Updates are enabled ************************************************************ 16:59:41: ----- Checking Default File Associations ----- No modified default file associations detected ************************************************************ 16:59:41: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 16:59:42: Scanning ----- Windows Registry ----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: C:\Windows\explorer.exe C:\Windows\explorer.exe (verified signer: [Microsoft Windows]) 4704744 bytes Created: 24/2/2021 23:10 Modified: 24/2/2021 23:10 Company: Microsoft Corporation [91BCFCAB8092A94CB7D60509BA75ED1C] ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\System32\userinit.exe,] File: C:\Windows\Sysnative\userinit.exe C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows]) 34816 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [582A919CA5F944AA83895A5C633C122C] ---------- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: [CCleaner Smart Cleaning] Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR] C:\Program Files\CCleaner\CCleaner64.exe 32726088 bytes Created: 5/3/2021 13:14 Modified: 5/3/2021 13:14 Company: Piriform Software Ltd [E81A2D29BA58989D6B0EF3948E7F3AEE] -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 16:59:48: Scanning ----- Windows 64-Bit Registry ----- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: [SecurityHealth] Value Data: [%windir%\system32\SecurityHealthSystray.exe] C:\Windows\System32\SecurityHealthSystray.exe 86016 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [783C99AFD4C2AE6950FA5694389D2CFA] -------------------- Value Name: [RtHDVCpl] Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 11779176 bytes Created: 7/4/2011 10:38 Modified: 18/2/2011 10:39 Company: Realtek Semiconductor [9F153BC9D4D72F6A84AD71D22ABB82BE] -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 16:59:49: Scanning ----- ShellExecuteHooks ----- No ShellExecuteHook entries found to scan ************************************************************ 16:59:49: Scanning ----- 64-Bit ShellExecuteHooks ----- No 64-Bit ShellExecuteHook entries found to scan ************************************************************ 16:59:49: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- No Hidden File-loading x64 Registry Entries found ---------- ************************************************************ 16:59:50: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 16:59:50: Scanning ----- Registry Active Setup Keys ----- ************************************************************ 16:59:50: Scanning ----- 64-Bit Registry Active Setup Keys ----- Key: {8A69D345-D564-463c-AFF1-A69D9E530F96} Path: "C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe (verified signer: [Google LLC]) 2839656 bytes Created: 19/3/2021 19:19 Modified: 19/3/2021 19:19 Company: Google LLC [2DE9F8D5D7F562B678CFF4F284445B04] ---------- ************************************************************ 16:59:52: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 17:00:12: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AnyDesk ImagePath: "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service Service Display Name: AnyDesk Service Service Start Type: Disabled C:\Program Files (x86)\AnyDesk\AnyDesk.exe (verified signer: [philandro Software GmbH]) 3743464 bytes Created: 17/2/2021 21:22 Modified: 9/3/2021 20:00 Company: philandro Software GmbH [64D3B02073AA813C69CF0CA52182FA37] ---------- Key: ESRV_SVC_QUEENCREEK ImagePath: "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe" "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" Service Display Name: Energy Server Service queencreek Service Start Type: Disabled C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (verified signer: [Intel(R) System Usage Report]) 999752 bytes Created: 15/12/2020 14:37 Modified: 15/12/2020 14:37 Company: [406C19A815FE7C361B3A2333CD58A2DB] ---------- Key: GoogleChromeElevationService ImagePath: "C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\elevation_service.exe" Service Display Name: Google Chrome Elevation Service Service Start Type: Manual C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\elevation_service.exe (verified signer: [Google LLC]) 1509488 bytes Created: 19/3/2021 19:19 Modified: 11/3/2021 23:31 Company: Google LLC [C4890B0B3D29DD4B52AB8000D223FE7D] ---------- Key: gupdate ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc Service Display Name: Servei de Google Update (gupdate) Service Start Type: Disabled C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc]) 153168 bytes Created: 10/6/2017 14:42 Modified: 10/6/2017 14:42 Company: Google Inc. [0545A3EB959CFA4790D267BFB8C1ACA4] ---------- Key: gupdatem ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc Service Display Name: Servei de Google Update (gupdatem) Service Start Type: Disabled C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc]) 153168 bytes Created: 10/6/2017 14:42 Modified: 10/6/2017 14:42 Company: Google Inc. [0545A3EB959CFA4790D267BFB8C1ACA4] ---------- Key: HidGuardian ImagePath: \SystemRoot\System32\drivers\HidGuardian.sys Service Display Name: @oem27.inf,%HidGuardian.SVCDESC%;HidGuardian Service Service Start Type: Manual C:\Windows\System32\drivers\HidGuardian.sys (verified signer: [Wohlfeil.IT e.U.]) 35728 bytes Created: 2/12/2018 13:41 Modified: 2/12/2018 13:41 Company: Benjamin Höglinger-Stelzer [9E593C108C4A1F86122FD5375F9B75B9] ---------- Key: Intel(R) SUR QC SAM ImagePath: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" Service Display Name: Intel(R) SUR QC Software Asset Manager Service Start Type: Disabled C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (verified signer: [Intel(R) System Usage Report]) 3098912 bytes Created: 5/11/2020 11:20 Modified: 5/11/2020 11:20 Company: Intel Corporation [09AAF35CDAF82C2A448ADA8EAF63D12C] ---------- Key: MozillaMaintenance ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" Service Display Name: Mozilla Maintenance Service Service Start Type: Disabled C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (verified signer: [Mozilla Corporation]) 242160 bytes Created: 23/10/2018 18:43 Modified: 19/3/2021 19:09 Company: Mozilla Foundation [2C8598CD76958DE4F9DD128DA734EAE9] ---------- Key: NEWDRIVER ImagePath: \??\C:\WINDOWS\SysWow64\WinVDEdrv6.sys Service Display Name: NEWDRIVER Service Start Type: Automatic C:\WINDOWS\SysWow64\WinVDEdrv6.sys (verified signer: [NewSoftwares.net Inc. SDN. BHD.]) 197648 bytes Created: 22/3/2016 23:08 Modified: 22/3/2016 23:08 Company: [no info] [2D446F342467128EA389CF44EC79C2BA] ---------- Key: SystemUsageReportSvc_QUEENCREEK ImagePath: "C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe" Service Display Name: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK Service Start Type: Disabled C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (verified signer: [Intel(R) System Usage Report]) 185672 bytes Created: 15/12/2020 14:37 Modified: 15/12/2020 14:37 Company: [29D4473036FB5939AD39AECABE697E80] ---------- Key: TTDrv ImagePath: \??\C:\KOPLAYER\vbox\TTDrv.sys Service Display Name: TianTian Support Driver Service Start Type: System C:\KOPLAYER\vbox\TTDrv.sys (verified signer: [Fuzhou kaopu Network Co.,Ltd.]) 317040 bytes Created: 18/7/2019 20:38 Modified: 1/11/2017 10:06 Company: Oracle Corporation [FB5BA2ADB865329C97D16A9A8CD6BCB7] ---------- Key: USER_ESRV_SVC_QUEENCREEK ImagePath: "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe" "--run_as_user_process" Service Display Name: User Energy Server Service queencreek Service Start Type: Disabled C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (verified signer: [Intel(R) System Usage Report]) 999752 bytes Created: 15/12/2020 14:37 Modified: 15/12/2020 14:37 Company: [406C19A815FE7C361B3A2333CD58A2DB] ---------- ************************************************************ 17:00:55: Scanning ----- ContextMenuHandlers ----- Key: Glary Utilities CLSID: {B3C418F8-922B-4faf-915E-59BC14448CF7} Path: C:\Program Files (x86)\Glary Utilities 5\ContextHandler.dll C:\Program Files (x86)\Glary Utilities 5\ContextHandler.dll (verified signer: [Glarysoft LTD]) 138672 bytes Created: 4/3/2020 5:25 Modified: 4/3/2020 5:25 Company: Glarysoft Ltd [BAAEC2D7DF821CB4AF2D43AC5B7FC755] ---------- Key: IXnView CLSID: {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} Path: C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll 1736704 bytes Created: 25/5/2018 18:59 Modified: 19/2/2015 10:25 Company: [8B145F0093C1E3CE13C94FC449790073] ---------- Key: WinRAR32 CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA} Path: C:\Program Files\WinRAR\rarext32.dll C:\Program Files\WinRAR\rarext32.dll (verified signer: [win.rar GmbH]) 493376 bytes Created: 22/3/2016 22:22 Modified: 24/10/2020 15:02 Company: Alexander Roshal [69729447193AC06F232BF6DC86C29ED1] ---------- ************************************************************ 17:00:58: Scanning ----- Folder\ColumnHandlers ----- No Folder\ColumnHandler entries found to scan ************************************************************ 17:00:58: Scanning ----- 64-Bit ContextMenuHandlers ----- Key: Glary Utilities CLSID: {B3C418F8-922B-4faf-915E-59BC14448CF7} Path: C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll (verified signer: [Glarysoft LTD]) 86448 bytes Created: 4/3/2020 5:27 Modified: 4/3/2020 5:27 Company: Glarysoft Ltd [A7FBACC13D7376DFBD074DA51417B915] ---------- Key: Trojan Remover CLSID: {52B87208-9CCF-42C9-B88E-069281105805} Path: C:\PROGRA~2\TROJAN~1\TRSHLE~1.DLL C:\PROGRA~2\TROJAN~1\TRSHLE~1.DLL (verified signer: [Simply Super Software]) 3605096 bytes Created: 20/3/2021 16:52 Modified: 25/10/2018 14:12 Company: Simply Super Software [BC168257A6D847002C942F725E6C4D45] ---------- Key: WinRAR CLSID: {B41DB860-64E4-11D2-9906-E49FADC173CA} Path: C:\Program Files\WinRAR\rarext.dll C:\Program Files\WinRAR\rarext.dll (verified signer: [win.rar GmbH]) 567616 bytes Created: 22/3/2016 22:22 Modified: 24/10/2020 15:02 Company: Alexander Roshal [F7D8ABC30B1D8851D3BE5158EEB62967] ---------- ************************************************************ 17:01:00: Scanning ----- 64-Bit Folder\ColumnHandlers ----- No Folder\ColumnHandler entries found to scan ************************************************************ 17:01:01: Scanning ----- Browser Helper Objects ----- ************************************************************ 17:01:01: Scanning ----- 64-Bit Browser Helper Objects ----- ************************************************************ 17:01:01: Scanning ----- ShellServiceObjectDelayLoad Entries ----- ************************************************************ 17:01:01: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries ----- ************************************************************ 17:01:01: Scanning ----- ShellServiceObjects ----- CLSID: {003e0278-eca8-4bb8-a256-3689ca1c2600} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5} File: %SystemRoot%\System32\SndVolSSO.dll C:\Windows\System32\SndVolSSO.dll (verified signer: [Microsoft Windows]) 309760 bytes Created: 12/1/2021 20:22 Modified: 12/1/2021 20:22 Company: Microsoft Corporation [9B9E4C5E758CE818ADE5C4BBC430A909] ---------- CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392} File: %SystemRoot%\system32\stobject.dll C:\Windows\System32\stobject.dll (verified signer: [Microsoft Windows]) 311808 bytes Created: 12/1/2021 20:20 Modified: 12/1/2021 20:20 Company: Microsoft Corporation [C9B1A2C6664DE4102820CC4C75346BBE] ---------- CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {78DE489B-7931-4f14-83B4-C56D38AC9FFA} File: C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll (verified signer: [Microsoft Windows]) 282624 bytes Created: 3/2/2021 20:50 Modified: 3/2/2021 20:50 Company: Microsoft Corporation [279181A001CD3E57DE8E2A4767B9CB12] ---------- CLSID: {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} File: %SystemRoot%\system32\windows.storage.dll C:\Windows\System32\windows.storage.dll (verified signer: [Microsoft Windows]) 7965496 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [ECFB27091304F40243BC3396E0A4378D] ---------- CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5} File: %SystemRoot%\System32\hcproviders.dll C:\Windows\System32\hcproviders.dll (verified signer: [Microsoft Windows]) 64000 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [A91995356658BDD21024B590207BBA0C] ---------- CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} File: %SystemRoot%\system32\wpdshserviceobj.dll C:\Windows\System32\wpdshserviceobj.dll (verified signer: [Microsoft Windows]) 67072 bytes Created: 12/1/2021 20:28 Modified: 12/1/2021 20:28 Company: Microsoft Corporation [F3F1FC4FF1C2BEB6AFF47224FFC97133] ---------- CLSID: {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} File: %SystemRoot%\system32\SettingMonitor.dll C:\Windows\System32\SettingMonitor.dll (verified signer: [Microsoft Windows]) 164864 bytes Created: 12/1/2021 20:20 Modified: 12/1/2021 20:20 Company: Microsoft Corporation [BF754DA7931484BA61D9646B71B18A8E] ---------- CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527} File: %SystemRoot%\System32\srchadmin.dll C:\Windows\System32\srchadmin.dll (verified signer: [Microsoft Windows]) 218112 bytes Created: 12/1/2021 20:24 Modified: 12/1/2021 20:24 Company: Microsoft Corporation [C2DA20F1F8CAB266E777181C3207AC16] ---------- CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} File: C:\Windows\SysWOW64\shdocvw.dll C:\Windows\SysWOW64\shdocvw.dll (verified signer: [Microsoft Windows]) 218112 bytes Created: 12/1/2021 20:25 Modified: 12/1/2021 20:25 Company: Microsoft Corporation [89575AFBEB62052600AEE345864775E5] ---------- CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B} File: C:\Windows\SysWOW64\bthprops.cpl C:\Windows\SysWOW64\bthprops.cpl (verified signer: [Microsoft Windows]) 221184 bytes Created: 14/7/2020 19:02 Modified: 14/7/2020 19:02 Company: Microsoft Corporation [62569B8D0CEE9C6899E05A5BCF9B3608] ---------- CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B} File: %SystemRoot%\System32\SyncCenter.dll C:\Windows\System32\SyncCenter.dll (verified signer: [Microsoft Windows]) 520704 bytes Created: 5/8/2020 21:34 Modified: 5/8/2020 21:34 Company: Microsoft Corporation [A1AE89F0BF9A2832A03688FABD6EF098] ---------- CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} File: %SystemRoot%\System32\Actioncenter.dll C:\Windows\System32\Actioncenter.dll (verified signer: [Microsoft Windows]) 322048 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [FEDD74D0894D4D32A1E0FE5B585FCCFE] ---------- CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820} File: %SystemRoot%\System32\hgcpl.dll C:\Windows\System32\hgcpl.dll (verified signer: [Microsoft Windows]) 671744 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [7276B85AF58D78A06D5A3A3C699092A1] ---------- ************************************************************ 17:01:07: Scanning ----- 64-Bit ShellServiceObjects ----- CLSID: {003e0278-eca8-4bb8-a256-3689ca1c2600} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5} File: %SystemRoot%\System32\SndVolSSO.dll C:\Windows\System32\SndVolSSO.dll (verified signer: [Microsoft Windows]) 309760 bytes Created: 12/1/2021 20:22 Modified: 12/1/2021 20:22 Company: Microsoft Corporation [9B9E4C5E758CE818ADE5C4BBC430A909] ---------- CLSID: {4DC9C264-730E-4CF6-8374-70F079E4F82B} File: %SystemRoot%\System32\pwsso.dll C:\Windows\System32\pwsso.dll (verified signer: [Microsoft Windows]) 32256 bytes Created: 12/1/2021 20:26 Modified: 12/1/2021 20:26 Company: Microsoft Corporation [2B9123E1CEC0857B034AB80D8CC29ECB] ---------- CLSID: {566296fe-e0e8-475f-ba9c-a31ad31620b1} File: %systemroot%\system32\dxp.dll C:\Windows\System32\dxp.dll (verified signer: [Microsoft Windows]) 516608 bytes Created: 5/8/2020 21:34 Modified: 5/8/2020 21:34 Company: Microsoft Corporation [04294895B1C470D98D666AD5A09C66AF] ---------- CLSID: {578480AA-1B1C-4343-AABD-62C0A273DCB5} File: C:\Windows\System32\Windows.CloudStore.dll C:\Windows\System32\Windows.CloudStore.dll (verified signer: [Microsoft Windows]) 1946624 bytes Created: 12/1/2021 20:21 Modified: 12/1/2021 20:21 Company: Microsoft Corporation [6EE31349DAB9F1248F3635E9F1CCAEBF] ---------- CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392} File: %SystemRoot%\system32\stobject.dll C:\Windows\System32\stobject.dll (verified signer: [Microsoft Windows]) 311808 bytes Created: 12/1/2021 20:20 Modified: 12/1/2021 20:20 Company: Microsoft Corporation [C9B1A2C6664DE4102820CC4C75346BBE] ---------- CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {78DE489B-7931-4f14-83B4-C56D38AC9FFA} File: C:\Windows\System32\Windows.FileExplorer.Common.dll C:\Windows\System32\Windows.FileExplorer.Common.dll (verified signer: [Microsoft Windows]) 378880 bytes Created: 9/3/2021 22:33 Modified: 9/3/2021 22:33 Company: Microsoft Corporation [0FB99F3BB5805454BE527E30E9D52A89] ---------- CLSID: {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} File: %SystemRoot%\system32\windows.storage.dll C:\Windows\System32\windows.storage.dll (verified signer: [Microsoft Windows]) 7965496 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [ECFB27091304F40243BC3396E0A4378D] ---------- CLSID: {872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac} File: %SystemRoot%\System32\SystemResetPlatform\SystemResetSSO.dll C:\Windows\System32\SystemResetPlatform\SystemResetSSO.dll (verified signer: [Microsoft Windows]) 31744 bytes Created: 12/1/2021 20:26 Modified: 12/1/2021 20:26 Company: Microsoft Corporation [368442861547973F1BE44184E44688EF] ---------- CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5} File: %SystemRoot%\System32\hcproviders.dll C:\Windows\System32\hcproviders.dll (verified signer: [Microsoft Windows]) 64000 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [A91995356658BDD21024B590207BBA0C] ---------- CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} File: %SystemRoot%\system32\wpdshserviceobj.dll C:\Windows\System32\wpdshserviceobj.dll (verified signer: [Microsoft Windows]) 67072 bytes Created: 12/1/2021 20:28 Modified: 12/1/2021 20:28 Company: Microsoft Corporation [F3F1FC4FF1C2BEB6AFF47224FFC97133] ---------- CLSID: {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} File: %SystemRoot%\system32\SettingMonitor.dll C:\Windows\System32\SettingMonitor.dll (verified signer: [Microsoft Windows]) 164864 bytes Created: 12/1/2021 20:20 Modified: 12/1/2021 20:20 Company: Microsoft Corporation [BF754DA7931484BA61D9646B71B18A8E] ---------- CLSID: {C2796011-81BA-4148-8FCA-C6643245113F} File: %SystemRoot%\System32\pnidui.dll C:\Windows\System32\pnidui.dll (verified signer: [Microsoft Windows]) 2179584 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [2F6FDB3714D5731CDF24B9FA517045C8] ---------- CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527} File: %SystemRoot%\System32\srchadmin.dll C:\Windows\System32\srchadmin.dll (verified signer: [Microsoft Windows]) 218112 bytes Created: 12/1/2021 20:24 Modified: 12/1/2021 20:24 Company: Microsoft Corporation [C2DA20F1F8CAB266E777181C3207AC16] ---------- CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} File: C:\Windows\System32\shdocvw.dll C:\Windows\System32\shdocvw.dll (verified signer: [Microsoft Windows]) 245760 bytes Created: 12/1/2021 20:24 Modified: 12/1/2021 20:24 Company: Microsoft Corporation [979F32B1030D2C8040E04BDD3AD90B1E] ---------- CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B} File: C:\Windows\System32\bthprops.cpl C:\Windows\System32\bthprops.cpl (verified signer: [Microsoft Windows]) 266752 bytes Created: 14/7/2020 19:01 Modified: 14/7/2020 19:01 Company: Microsoft Corporation [13A9A5E015634F1A33774BD046BE86F2] ---------- CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B} File: %SystemRoot%\System32\SyncCenter.dll C:\Windows\System32\SyncCenter.dll (verified signer: [Microsoft Windows]) 520704 bytes Created: 5/8/2020 21:34 Modified: 5/8/2020 21:34 Company: Microsoft Corporation [A1AE89F0BF9A2832A03688FABD6EF098] ---------- CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} File: %SystemRoot%\System32\Actioncenter.dll C:\Windows\System32\Actioncenter.dll (verified signer: [Microsoft Windows]) 322048 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [FEDD74D0894D4D32A1E0FE5B585FCCFE] ---------- CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9} File: %SystemRoot%\system32\shell32.dll C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows]) 7639536 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [E00CD792AA3031C65F4B58A77E1B745C] ---------- CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820} File: %SystemRoot%\System32\hgcpl.dll C:\Windows\System32\hgcpl.dll (verified signer: [Microsoft Windows]) 671744 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [7276B85AF58D78A06D5A3A3C699092A1] ---------- ************************************************************ 17:01:15: Scanning ----- SharedTaskScheduler Entries ----- No SharedTaskScheduler entries found to scan ************************************************************ 17:01:15: Scanning ----- 64-Bit SharedTaskScheduler Entries ----- No 64-Bit SharedTaskScheduler entries found to scan ************************************************************ 17:01:15: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 17:01:15: Scanning ----- APPINIT_DLLS ----- No AppInit_DLLs value found to check ************************************************************ 17:01:15: Scanning ----- 64-Bit APPINIT_DLLS ----- No 64-Bit AppInit_DLLs value found to check ************************************************************ 17:01:17: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 17:01:17: Scanning ----- CREDENTIAL PROVIDERS ----- CLSID: {01A30791-40AE-4653-AB2E-FD210019AE88} File: %systemroot%\system32\mgmtrefreshcredprov.dll C:\Windows\System32\mgmtrefreshcredprov.dll (verified signer: [Microsoft Windows]) 119296 bytes Created: 12/1/2021 20:27 Modified: 12/1/2021 20:27 Company: Microsoft Corporation [0DA7EAF92044E1E21E6737140FCA0248] ---------- CLSID: {1b283861-754f-4022-ad47-a5eaaa618894} File: %SystemRoot%\system32\SmartcardCredentialProvider.dll C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows]) 803328 bytes Created: 1/10/2020 19:48 Modified: 1/10/2020 19:48 Company: Microsoft Corporation [E2817CA097495731172009DC2E5FF750] ---------- CLSID: {1ee7337f-85ac-45e2-a23c-37c753209769} File: %SystemRoot%\system32\SmartcardCredentialProvider.dll C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows]) 803328 bytes Created: 1/10/2020 19:48 Modified: 1/10/2020 19:48 Company: Microsoft Corporation [E2817CA097495731172009DC2E5FF750] ---------- CLSID: {2135f72a-90b5-4ed3-a7f1-8bb705ac276a} File: %SystemRoot%\system32\credprovslegacy.dll C:\Windows\System32\credprovslegacy.dll (verified signer: [Microsoft Windows]) 197120 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [343788CB03702D049FDF56341CAF1D28] ---------- CLSID: {25CBB996-92ED-457e-B28C-4774084BD562} File: %SystemRoot%\system32\credprovs.dll C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows]) 378368 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [15872A76EECC99F087ACBFD88A4DF4A8] ---------- CLSID: {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD} File: %systemroot%\system32\TrustedSignalCredProv.dll C:\Windows\System32\TrustedSignalCredProv.dll (verified signer: [Microsoft Windows]) 115712 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [B6B7B10E12BB354D3E2A26028C2A3CFF] ---------- CLSID: {3dd6bec0-8193-4ffe-ae25-e08e39ea4063} File: %SystemRoot%\system32\credprovs.dll C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows]) 378368 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [15872A76EECC99F087ACBFD88A4DF4A8] ---------- CLSID: {48B4E58D-2791-456C-9091-D524C6C706F2} File: C:\Windows\System32\devicengccredprov.dll C:\Windows\System32\devicengccredprov.dll (verified signer: [Microsoft Windows]) 204800 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [5E88B905E264E511D0C1C4389271FC14] ---------- CLSID: {600e7adb-da3e-41a4-9225-3c0399e88c0c} File: %systemroot%\system32\cngcredui.dll C:\Windows\System32\cngcredui.dll (verified signer: [Microsoft Windows]) 111104 bytes Created: 7/12/2019 10:09 Modified: 7/12/2019 10:09 Company: Microsoft Corporation [20EBBAD016D2D6F93AC5A59D731534E0] ---------- CLSID: {60b78e88-ead8-445c-9cfd-0b87f74ea6cd} File: %SystemRoot%\system32\credprovs.dll C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows]) 378368 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [15872A76EECC99F087ACBFD88A4DF4A8] ---------- CLSID: {8AF662BF-65A0-4D0A-A540-A338A999D36F} File: C:\Windows\System32\FaceCredentialProvider.dll C:\Windows\System32\FaceCredentialProvider.dll (verified signer: [Microsoft Windows]) 593408 bytes Created: 12/1/2021 20:26 Modified: 12/1/2021 20:26 Company: Microsoft Corporation [AB110765EA025AD4B1735FFB0D350956] ---------- CLSID: {8FD7E19C-3BF7-489B-A72C-846AB3678C96} File: %SystemRoot%\system32\SmartcardCredentialProvider.dll C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows]) 803328 bytes Created: 1/10/2020 19:48 Modified: 1/10/2020 19:48 Company: Microsoft Corporation [E2817CA097495731172009DC2E5FF750] ---------- CLSID: {94596c7e-3744-41ce-893e-bbf09122f76a} File: %SystemRoot%\system32\SmartcardCredentialProvider.dll C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows]) 803328 bytes Created: 1/10/2020 19:48 Modified: 1/10/2020 19:48 Company: Microsoft Corporation [E2817CA097495731172009DC2E5FF750] ---------- CLSID: {BEC09223-B018-416D-A0AC-523971B639F5} File: %SystemRoot%\System32\BioCredProv.dll C:\Windows\System32\BioCredProv.dll (verified signer: [Microsoft Windows]) 365568 bytes Created: 12/1/2021 20:22 Modified: 12/1/2021 20:22 Company: Microsoft Corporation [B4AD2CCDCAC7386ACEEB442D7170EAD7] ---------- CLSID: {C5D7540A-CD51-453B-B22B-05305BA03F07} File: C:\Windows\System32\cxcredprov.dll C:\Windows\System32\cxcredprov.dll (verified signer: [Microsoft Windows]) 116224 bytes Created: 12/1/2021 20:22 Modified: 12/1/2021 20:22 Company: Microsoft Corporation [A96A82EB3259AE0CC102D773CCB1ADE8] ---------- CLSID: {C885AA15-1764-4293-B82A-0586ADD46B35} File: C:\Windows\System32\FaceCredentialProvider.dll C:\Windows\System32\FaceCredentialProvider.dll (verified signer: [Microsoft Windows]) 593408 bytes Created: 12/1/2021 20:26 Modified: 12/1/2021 20:26 Company: Microsoft Corporation [AB110765EA025AD4B1735FFB0D350956] ---------- CLSID: {cb82ea12-9f71-446d-89e1-8d0924e1256e} File: %SystemRoot%\system32\credprovslegacy.dll C:\Windows\System32\credprovslegacy.dll (verified signer: [Microsoft Windows]) 197120 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [343788CB03702D049FDF56341CAF1D28] ---------- CLSID: {D6886603-9D2F-4EB2-B667-1971041FA96B} File: C:\Windows\System32\ngccredprov.dll C:\Windows\System32\ngccredprov.dll (verified signer: [Microsoft Windows]) 657408 bytes Created: 12/1/2021 20:21 Modified: 12/1/2021 20:21 Company: Microsoft Corporation [0F106CEB1C3FA5F00F2CA257DF014FBA] ---------- CLSID: {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435} File: %systemroot%\system32\certCredProvider.dll C:\Windows\System32\certCredProvider.dll (verified signer: [Microsoft Windows]) 48128 bytes Created: 7/12/2019 10:08 Modified: 7/12/2019 10:08 Company: Microsoft Corporation [9A129200D537445BB2659C70B0220CE1] ---------- CLSID: {F8A0B131-5F68-486c-8040-7E8FC3C85BB6} File: %SystemRoot%\system32\wlidcredprov.dll C:\Windows\System32\wlidcredprov.dll (verified signer: [Microsoft Windows]) 292352 bytes Created: 12/1/2021 20:23 Modified: 12/1/2021 20:23 Company: Microsoft Corporation [9C6FC597E8710A125E6061FA91C33BA5] ---------- CLSID: {F8A1793B-7873-4046-B2A7-1F318747F427} File: %systemroot%\system32\fidocredprov.dll C:\Windows\System32\fidocredprov.dll (verified signer: [Microsoft Windows]) 236032 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [B35494F96263A6B0F7FC6DE6A3ADE19A] ---------- CLSID: {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE} File: %SystemRoot%\system32\credprovs.dll C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows]) 378368 bytes Created: 24/2/2021 23:11 Modified: 24/2/2021 23:11 Company: Microsoft Corporation [15872A76EECC99F087ACBFD88A4DF4A8] ---------- CLSID: {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D} File: %SystemRoot%\system32\rasplap.dll C:\Windows\System32\rasplap.dll (verified signer: [Microsoft Windows]) 237056 bytes Created: 9/3/2021 22:33 Modified: 9/3/2021 22:33 Company: Microsoft Corporation [A828D407F1002C5954471DEB35E688A2] ---------- ************************************************************ 17:01:23: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] AutorunsDisabled sub-directory found - ignored The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 7/12/2019 10:14 Modified: 7/12/2019 10:12 Company: [no info] [7F1698BAB066B764A314A589D338DAAE] -------------------- ************************************************************ 17:01:24: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Administrador [C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 174 bytes Created: 16/12/2018 8:08 Modified: 16/12/2018 8:08 Company: [no info] [7F1698BAB066B764A314A589D338DAAE] ---------- -------------------- Checking Startup Group for: Florenci [C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 21/3/2016 10:40 Modified: 17/6/2020 16:26 Company: [no info] [7F1698BAB066B764A314A589D338DAAE] ---------- -------------------- Checking Startup Group for: UsuariPrivat [C:\Users\UsuariPrivat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\UsuariPrivat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 27/12/2020 21:53 Modified: 27/12/2020 21:53 Company: [no info] [7F1698BAB066B764A314A589D338DAAE] ---------- -------------------- ************************************************************ 17:01:24: Scanning ----- SCHEDULED TASKS ----- Taskname: CCleaner Update Target: C:\Program Files\CCleaner\CCUpdate.exe Parameters: Schedule: 1. At 8:25:00 every day 2. On system startup Next Run Time: 20/3/2021 20:25:56 Status: Disabled Creator: CCleaner Update Comments: ----- C:\Program Files\CCleaner\CCUpdate.exe 684976 bytes Created: 5/3/2021 13:14 Modified: 5/3/2021 13:14 Company: Piriform [21D34C75FD0B462067D408BA8B6BF765] ---------- Taskname: CCleanerSkipUAC Target: "C:\Program Files\CCleaner\CCleaner.exe" Parameters: $(Arg0) Schedule: <Task not scheduled> Next Run Time: Status: Ready Creator: Piriform Software Ltd Comments: ----- C:\Program Files\CCleaner\CCleaner.exe 27168840 bytes Created: 5/3/2021 13:14 Modified: 5/3/2021 13:14 Company: Piriform Software Ltd [7ACC4C98CEFF5B0F8A66F56800563FF9] ---------- Taskname: EOSv3 Scheduler onLogOn Target: C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe Parameters: LOGON Schedule: 1. At logon 2. At session unlock Next Run Time: Status: Disabled Creator: Eset Online Scanner Comments: ----- C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe - [file not found to scan] ---------- Taskname: EOSv3 Scheduler onTime Target: C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe Parameters: SCHED Schedule: At 17:50:00 on 7/3/2021 Next Run Time: Status: Disabled Creator: Eset Online Scanner Comments: ----- C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe - file already scanned ---------- Taskname: GoogleUpdateTaskMachineCore Target: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Parameters: /c Schedule: 1. At logon 2. At 7:22:00 every day Next Run Time: 21/3/2021 7:22:12 Status: Disabled Creator: Comments: Manté el programari de Google actualitzat. Si aquesta tasca es desactiva o s'atura, el programari de Google no s'actualitzarà, de manera que no se solucionaran les vulnerabilitats de seguretat que puguin sorgir i algunes funcions podrien deixar de funcionar. Aquesta tasca es desinstal·la automàticament quan no hi ha cap programari de Google que l'utilitzi. ----- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 153168 bytes Created: 10/6/2017 14:42 Modified: 10/6/2017 14:42 Company: Google Inc. [0545A3EB959CFA4790D267BFB8C1ACA4] ---------- Taskname: GoogleUpdateTaskMachineUA Target: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Parameters: /ua /installsource scheduler Schedule: At 7:22:00 every day Next Run Time: 20/3/2021 17:22:12 Status: Disabled Creator: Comments: Manté el programari de Google actualitzat. Si aquesta tasca es desactiva o s'atura, el programari de Google no s'actualitzarà, de manera que no se solucionaran les vulnerabilitats de seguretat que puguin sorgir i algunes funcions podrien deixar de funcionar. Aquesta tasca es desinstal·la automàticament quan no hi ha cap programari de Google que l'utilitzi. ----- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - file already scanned ---------- Taskname: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 Target: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" Parameters: --automatic Schedule: At 13:40:00 every day Next Run Time: 21/3/2021 13:40:51 Status: Disabled Creator: SYSTEM Comments: Intel(R) SUR QC Software Asset Manager helps you keep your system up-to-date. ----- C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe 3098912 bytes Created: 5/11/2020 11:20 Modified: 5/11/2020 11:20 Company: Intel Corporation [09AAF35CDAF82C2A448ADA8EAF63D12C] ---------- Taskname: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon Target: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" Parameters: --automatic Schedule: At logon Next Run Time: Status: Disabled Creator: SYSTEM Comments: Intel(R) SUR QC Software Asset Manager helps you keep your system up-to-date. ----- C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe - file already scanned ---------- Taskname: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 Target: C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Parameters: --automatic Schedule: At 14:12:00 every day Next Run Time: 21/3/2021 14:12:18 Status: Disabled Creator: SYSTEM Comments: Intel(R) Update Manager helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available. ----- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe - [file not found to scan] ---------- Taskname: OneDrive Standalone Update Task-S-1-5-21-549940460-2404856339-1566757125-1007 Target: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Parameters: Schedule: At 8:00:00 on 1/5/1992 Next Run Time: 21/3/2021 11:03:39 Status: Disabled Creator: Microsoft Corporation Comments: ----- C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe - [file not found to scan] ---------- Taskname: OneDrive Standalone Update Task-S-1-5-21-549940460-2404856339-1566757125-500 Target: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Parameters: Schedule: At 4:00:00 on 1/5/1992 Next Run Time: 22/3/2021 3:21:37 Status: Disabled Creator: Microsoft Corporation Comments: ----- C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe - file already scanned ---------- Taskname: Opera scheduled assistant Autoupdate 1611338731 Target: C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe Parameters: --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Florenci\AppData\Local\Programs\Opera\assistant" $(Arg0) Schedule: 1. At 19:05:00 every day 2. At logon Next Run Time: 20/3/2021 19:05:32 Status: Disabled Creator: FPA-PC\Florenci Comments: Keeps Opera Browser Assistant up to date ----- C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe 1793688 bytes Created: 22/1/2021 19:05 Modified: 18/3/2021 8:00 Company: Opera Software [C89EC574BEDCE5EF629F31E06374729D] ---------- Taskname: Opera scheduled Autoupdate 1611338715 Target: C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe Parameters: --scheduledautoupdate $(Arg0) Schedule: 1. At 19:17:00 every day 2. At logon Next Run Time: 20/3/2021 19:17:01 Status: Ready Creator: FPA-PC\Florenci Comments: Manté Opera actualitzat. ----- C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe - file already scanned ---------- Taskname: TR_AntiHijack Target: "C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe" Parameters: Schedule: At logon Next Run Time: Status: Ready Creator: Simply Super Software Comments: This task starts the Trojan Remover Anti-Hijack component when a user logs on. This component helps protect against screen locker malware. ----- C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe - [file not found to scan] ---------- Taskname: TR_FastScan_AtLogon Target: "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" Parameters: /boot Schedule: At logon Next Run Time: Status: Ready Creator: Simply Super Software Comments: This task starts the Trojan Remover FastScan when a user logs on. The FastScan scans important system areas to check for malware. The scan is delayed so that the task does not impact on system startup time. ----- C:\Program Files (x86)\Trojan Remover\Trjscan.exe 6499736 bytes Created: 20/3/2021 16:52 Modified: 20/3/2021 16:58 Company: Simply Super Software [267F478536778B6B10B21553D27CE615] ---------- Taskname: TR_FastScan_Daily_Florenci Target: "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" Parameters: /silent Schedule: At 8:05:00 every day Next Run Time: 21/3/2021 8:05:00 Status: Ready Creator: Simply Super Software Comments: This task starts the Trojan Remover FastScan daily at the given time. The FastScan scans important system areas to check for malware. ----- C:\Program Files (x86)\Trojan Remover\Trjscan.exe - file already scanned ---------- Taskname: TR_Updater Target: "C:\Program Files (x86)\Trojan Remover\Trupd.exe" Parameters: /silent Schedule: At 7:50:00 every day Next Run Time: 21/3/2021 7:50:00 Status: Ready Creator: Simply Super Software Comments: This task checks for and installs program and database updates for Trojan Remover. ----- C:\Program Files (x86)\Trojan Remover\Trupd.exe 6480784 bytes Created: 20/3/2021 16:52 Modified: 20/3/2021 16:58 Company: Simply Super Software [5E3E79C36C68D199C70A83DD9F37575E] ---------- Taskname: USER_ESRV_SVC_QUEENCREEK Target: "C:\WINDOWS\System32\Wscript.exe" Parameters: //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Schedule: At logon Next Run Time: Status: Disabled Creator: Intel(r) Energy Checker Comments: ----- C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs 179 bytes Created: 17/1/2021 11:04 Modified: 17/1/2021 11:04 Company: [no info] [36B717542417E7836848CDE4AA85ECC1] ---------- Taskname: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB Target: C:\Program Files\Mozilla Firefox\default-browser-agent.exe Parameters: do-task "308046B0AF4A39CB" Schedule: At 19:08:00 every day Next Run Time: 20/3/2021 19:08:43 Status: Ready Creator: Mozilla Comments: La tasca «Agent de navegador per defecte» controla quan el navegador per defecte canvia de Firefox a un altre navegador. Si el canvi es produeix en circumstàncies sospitoses, demanarà als usuaris que tornin a canviar-ho per Firefox dues vegades com a màxim. El Firefox isntal·la aquesta tasca automàticament i es reinstal·la quan s'actualitza el Firefox. Per desactivar aquesta tasca, actualitzeu la preferència «default-browser-agent.enabled» en la pàgina about:config o el paràmetre de política d'empresa «DisableDefaultBrowserAgent» del Firefox. ----- C:\Program Files\Mozilla Firefox\default-browser-agent.exe 694256 bytes Created: 4/2/2021 20:51 Modified: 19/3/2021 19:09 Company: Mozilla Foundation [97D2F00500F66B6A8D7B88743DDE10C7] ---------- ************************************************************ 17:01:55: Scanning ----- ShellIconOverlayIdentifiers ----- ************************************************************ 17:01:55: Scanning ----- 64-Bit ShellIconOverlayIdentifiers ----- ************************************************************ 17:01:55: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: VIDC.FMVC File: fmcodec.dll C:\Windows\SysWOW64\fmcodec.dll 77824 bytes Created: 24/12/2018 8:02 Modified: 18/8/2008 18:18 Company: Fox Magic Software [5C8874EE321F4623FFF7A1315039DDBC] ---------- ************************************************************ 17:01:57: Scanning for ----- MALWARE REGISTRY ENTRIES ----- ************************************************************ 17:01:57: ----- ADDITIONAL CHECKS ----- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: c:\users\florenci\pictures\fondos\img_20201225_155457.jpg c:\users\florenci\pictures\fondos\img_20201225_155457.jpg 5019719 bytes Created: 28/12/2020 18:23 Modified: 28/12/2020 18:23 Company: [no info] [B157C030794E401FACACE56971FBDEB5] ---------- Web Desktop Wallpaper entry is blank ---------- Checks for Backdoor.ZeroAccess completed ---------- Safe Mode checks completed ---------- Command Processor AutoRuns checks completed. ---------- Checks for rogue DNS NameServers completed ---------- BootExcute entries: Unparsed entry: [autocheck autochk * ] ----- BootExecute registry entry checks completed ---------- Additional checks completed ************************************************************ 17:01:58: Checking ----- Shortcut Hijacks ----- 129 Program Shortcuts checked ************************************************************ 17:02:07: Scanning ----- RUNNING PROCESSES ----- C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (verified signer: [Skype Software Sarl]) 91016584 bytes Created: 20/2/2021 17:00 Modified: 20/2/2021 17:00 Company: Skype Technologies S.A. [1F808255386A83AF44FE39F61A616F7E] -------------------- C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21021.116.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe 42496 bytes Created: 6/3/2021 18:31 Modified: 6/3/2021 18:33 Company: [483372509381D6D436E6DE3B14B9DB4C] -------------------- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe 1439232 bytes Created: 20/2/2021 17:02 Modified: 20/2/2021 17:04 Company: Microsoft Corporation [1A76813AD4C5072A08B093EFC42136DA] -------------------- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe 93184 bytes Created: 20/2/2021 17:02 Modified: 20/2/2021 17:04 Company: Microsoft Corporation [F43A716FB10240336C1588482A818A52] -------------------- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxAccounts.exe 222208 bytes Created: 20/2/2021 17:02 Modified: 20/2/2021 17:03 Company: Microsoft Corporation [3A7554BDAA00520B6BE06B29B6E6BA56] -------------------- C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21021.116.0_x64__8wekyb3d8bbwe\YourPhone.exe 24064 bytes Created: 6/3/2021 18:31 Modified: 6/3/2021 18:32 Company: Microsoft Corporation [B0CCAF543144961A227B0B71A56DB17C] -------------------- C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe FileSize: 7295352 [This is a Trojan Remover component] ************************************************************ 17:02:18: Checkin Título: Re: Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar? Publicado por: EdePC en 21 Marzo 2021, 19:29 pm Más parece un Falso Positivo, veamos:
MpSigStub.exe tiene que ver con Windows Defender, aunque es un poco raro que esté también en esa locación, voy a entender que se está actualizando. snmpincl.dll está en la carpeta C:\Windows\Servicing que es justo donde se van almacenando los archivos de actualización vía Windows Update Prefiero confiar en que son archivos legítimos, sino ya sería verificar los archivos con los originales de la web de Microsoft, pero esto ya conlleva el tener más conocimientos técnicos sobre el tema para identificar archivos, hashes, versiones, búsquedas en la Windows Catalog OffLine y OnLine, etc. Título: Re: Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar? Publicado por: win_7 en 21 Marzo 2021, 19:55 pm Más parece un Falso Positivo, veamos: MpSigStub.exe tiene que ver con Windows Defender, aunque es un poco raro que esté también en esa locación, voy a entender que se está actualizando. snmpincl.dll está en la carpeta C:\Windows\Servicing que es justo donde se van almacenando los archivos de actualización vía Windows Update Prefiero confiar en que son archivos legítimos, sino ya sería verificar los archivos con los originales de la web de Microsoft, pero esto ya conlleva el tener más conocimientos técnicos sobre el tema para identificar archivos, hashes, versiones, búsquedas en la Windows Catalog OffLine y OnLine, etc. Pero has visto el log? Es que como digo la acción preseleccionada a ejecutar con el "malware" bueno toda los demás de ruta similar fue renombrar el archivo. Esta todo bien y correcto? Título: Re: Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar? Publicado por: Hangaro en 2 Abril 2021, 20:19 pm ... que comparta SHA256 de los archivos .. o el mismo analize a VirusTotal "www.virustotal.com" .. por mayor seguridad .. ya que pueden ser sucios haciendo sustitucion de originales .. :o
|