Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by Administrator (administrator) on DC01 (15-02-2019 15:50:09)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows Server 2012 R2 Standard (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Farbar) C:\Users\Administrator\Desktop\1. FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [83896 2018-04-14] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [MyProgram] => C:\Program Files (x86)\LepideAuditor Suite\LepideAuditorSuiteWebConsole\apache\conf\LepideAuditor Suite Web Console.exe
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\...\Authentication\Credential Providers: [{4DA7114C-DE47-43BF-A644-62876DCC2A72}] -> C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDCREDPROV.DLL [2013-12-10] (Microsoft Corporation -> Microsoft Corp.)
Lsa: [Notification Packages] rassfm scecli
SecurityProviders: credssp.dll, pwdssp.dll
BootExecute: autocheck autochk /q /v *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{FBD088A8-E3E1-466C-9B20-AEC2C09F5A88}: [NameServer] 127.0.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.10.254,1]
Internet Explorer:
==================
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [478720 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 Dfs; C:\Windows\system32\dfssvc.exe [451072 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3832832 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [1594880 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [280064 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [64512 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 Kdc; C:\Windows\system32\kdcsvc.dll [568320 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 KdsSvc; C:\Windows\system32\KdsSvc.dll [36352 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corporation -> Microsoft Corp.)
R2 NTDS; C:\Windows\system32\ntdsa.dll [97280 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1001472 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [179640 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [575416 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [68096 2018-04-14] () [File not signed]
S3 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [61440 2018-04-14] () [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [54624 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66400 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2014-03-18] (Microsoft Windows -> Microsoft Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 vm3dmp-debug; C:\Windows\system32\DRIVERS\vm3dmp-debug.sys [371152 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 vm3dmp-stats; C:\Windows\system32\DRIVERS\vm3dmp-stats.sys [296400 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R3 vm3dmp_loader; C:\Windows\system32\DRIVERS\vm3dmp_loader.sys [42960 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [42968 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [65496 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 vnetflt; C:\Windows\system32\DRIVERS\vnetflt.sys [67048 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsepflt; C:\Windows\System32\DRIVERS\vsepflt.sys [345560 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92120 2017-11-29] (VMware, Inc. -> VMware, Inc.)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 239268BAB58EAE9A3FF4E08334C00451
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\drivers\bfadfcoei.sys 20B24A515209EEA9D0500A8E3F17F206
C:\Windows\System32\drivers\bfadi.sys 32DB84719E8EA5ED8AE54E79F19782FD
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\bxfcoe.sys C392AECC53F60801FAB32407A7F4C57B
C:\Windows\System32\drivers\bxois.sys 4DFA44593FAFB909D261898461D6ECAD
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\cht4vx64.sys 79E002FB10B0451609FE2EFBD4DED31C
C:\Windows\System32\drivers\CLFS.sys 7F006813C2AFE622C13D7AF94F56CD07
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 9F8A99F7CAA41EDD607622DB3F3F3124
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\Drivers\dfsc.sys 414686EF104910BA41DF66E83BDCD495
C:\Windows\System32\drivers\dfs.sys E87CF47F1277D1BFE87EBF6340E5F184
C:\Windows\System32\drivers\dfsrro.sys CF9CE0ABED27B08BC85957698C19450D
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\System32\drivers\dxgkrnl.sys 7E06A606CB61B88E0C59E23DD19914F7
C:\Windows\system32\DRIVERS\e1i63x64.sys FA988D76745C917CDFE20031C06DE860
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\elxfcoe.sys 6565326D51C5A3744406D723FC4199B4
C:\Windows\System32\drivers\elxstor.sys 3AF30511A5D17890343A0A4313C25D42
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fcvsc.sys F62383CA428A2DF7B3A5612A005CE506
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 46D1DF775FFF14585218BBE16E5B2C9A
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys EF3AE7773394DF49CE74AF78A1C8D23D
C:\Windows\System32\drivers\HDAudBus.sys 03909BDBFF0DCACCABF2B2D4ADEE44DC
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidusb.sys F31397220D9687E11EB448649AA6E038
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\ibbus.sys BF00494818FD9E0B3E841B93A1847C7C
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9949A3C7590B8C536C05312205079A82
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys 034D4BD9DC67C64F3A4C8A049B5173BF
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys 3C2A27553BA01F187A2A99C7831484AC
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\mlx4_bus.sys 13340C572F24BB6AFAD3AE034BEC63B8
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\System32\DRIVERS\mrxsmb.sys 16FFC07D36FD83ACA189A641385168B3
C:\Windows\System32\DRIVERS\mrxsmb10.sys 295771B092D4F7FCF2B62F80CCD14320
C:\Windows\System32\DRIVERS\mrxsmb20.sys AAF56E4E84D35411B4E446C445732DFE
C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\DRIVERS\MsLbfoProvider.sys 90364F6DB9367224B7570E2AFC5FE97E
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\System32\drivers\ndfltr.sys 59D76237021AE10E260EDA02F2D4EDCD
C:\Windows\System32\drivers\ndis.sys F21B77B4D74092A543807D3CEB711A88
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\System32\drivers\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 9AEB38B451A7B84ACB7CD3D664F87BF0
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 275AFE3FA35E8D78BE97695DF49817C6
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\System32\drivers\ql2300i.sys 257CC72B4D30667D706F33C0AAFD9799
C:\Windows\System32\drivers\ql40xx2i.sys C6197CE7D9623B7228F0E8F252CE2E34
C:\Windows\System32\drivers\qlfcoei.sys E4BE623FCC1D5A23901A3FFB8B88278B
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\AgileVpn.sys 55FE43112F61836D0581D615C72AA113
C:\Windows\System32\drivers\rasl2tp.sys BBB6272B7F46C4640A8CDB8A70C3450F
C:\Windows\System32\drivers\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 2B0F1677CDD08967005F34488559BC6F
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\DRIVERS\sacdrv.sys 46826657CCB39CB424409D33584FA460
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys FDEC5799BA499D18AFA3A540538866E7
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\DRIVERS\smbdirect.sys AA4155D7F199EBB58F623F00B30BAB9B
C:\Windows\System32\drivers\spaceport.sys 87765EF43C33BE342F4ACB0E3FBF89A6
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02
C:\Windows\System32\DRIVERS\srv2.sys A07E8B69DA403923A06C3E71BA338A7E
C:\Windows\System32\DRIVERS\srvnet.sys 77195C32175FC63D6054EBA5A066D727
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\System32\drivers\tcpip.sys ECC68BD5347BDE9631EE68274858A41F
C:\Windows\system32\DRIVERS\tcpip.sys ECC68BD5347BDE9631EE68274858A41F
C:\Windows\System32\drivers\tcpipreg.sys 33A7D83EEB15431773A6E186CFAABA21
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\System32\drivers\tsusbhub.sys 4A445D5E44CD996D18E128EF321D54B2
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70
C:\Windows\System32\drivers\usbehci.sys 5477D6E27C7D266EF8C152B9A25ADE5E
C:\Windows\System32\drivers\usbhub.sys DF56C2C04EFA328D7A66B69007130266
C:\Windows\System32\drivers\UsbHub3.sys 140AFDF144CFC90F4851121B225F9896
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS EA23453240137F6773174E0D93F61A69
C:\Windows\System32\drivers\usbuhci.sys BA4FA655E0FC577DB7436FC963932CE4
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\system32\DRIVERS\vm3dmp.sys CA59AE445A33C444AE5B803F427DD392
C:\Windows\system32\DRIVERS\vm3dmp-debug.sys E25A61AB7B4EA8C6B41D46E5EE4F9527
C:\Windows\system32\DRIVERS\vm3dmp-stats.sys DA4C15D80259D163C07F1FEEAB08BC65
C:\Windows\system32\DRIVERS\vm3dmp_loader.sys 83F61513C5F54FBBF1468C6490919C0C
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\vmci.sys 9C3FD3B0B9376537181067A28F2A5290
C:\Windows\System32\drivers\vmhgfs.sys CEDF8968A46FF46F6AE473C1022188C5
C:\Windows\system32\DRIVERS\vmmemctl.sys 75B2787DA2D311DDC681C598688DBB17
C:\Windows\System32\drivers\vmmouse.sys 3C254228F0A3C97F5244281AB5B48BBC
C:\Windows\system32\DRIVERS\vmrawdsk.sys 6FC64E8B6CB1AA793C2D15EA64CD12AA
C:\Windows\system32\DRIVERS\vnetflt.sys E07DD45A2F8C9F0C833529AF115075E3
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 3595FBDF25F8BA6256072D103937D7D6
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\DRIVERS\vsepflt.sys 593E0E744CA41AB8AEA76CBAEB251A29
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\DRIVERS\vsock.sys E5B3DEEC0F59ACD113549062B8452515
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\DRIVERS\wfplwfs.sys 2E3E82D7B1076B90F4E228A8EF17B261
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Windows\System32\drivers\winmad.sys CE7BDF86EA539F5DDF90E25DC1CDCD16
C:\Windows\System32\drivers\winnat.sys F4CCD386538E889D7E0BE3ACECFC569A
C:\Windows\System32\drivers\winverbs.sys 44B19297DBB12FFAE43CADCD5FB0893A
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\wtlmdrv.sys 72349809C6D6F5185C25EA7CDC5C2F3B
C:\Windows\System32\drivers\WudfPf.sys 2FEAE33E9B2B56104596E1BA444405A9
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 15:50 - 2019-02-15 15:50 - 000028254 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-02-15 15:50 - 2019-02-15 15:50 - 000000000 ____D C:\FRST
2019-02-15 15:49 - 2019-02-14 17:48 - 005735832 _____ (SosVirus) C:\Users\Administrator\Desktop\2. AdsFix.exe
2019-02-15 15:49 - 2019-02-13 21:36 - 002433536 _____ (Farbar) C:\Users\Administrator\Desktop\1. FRST64.exe
2019-02-15 15:41 - 2019-02-15 15:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2019-02-15 15:41 - 2019-02-15 15:41 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 15:48 - 2017-11-05 14:07 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2894946948-3597676906-2984582856-500
2019-02-15 15:46 - 2017-11-05 15:00 - 000006144 _____ C:\Windows\system32\config\netlogon.dnb
2019-02-15 15:46 - 2017-11-05 15:00 - 000002073 _____ C:\Windows\system32\config\netlogon.dns
2019-02-15 15:41 - 2017-11-05 13:50 - 000000000 ____D C:\Users\Administrator
2019-02-15 15:40 - 2017-11-05 14:58 - 000000000 ____D C:\Windows\system32\dns
2019-02-15 15:40 - 2013-08-22 16:39 - 000000000 ____D C:\Windows\Registration
2019-02-15 15:39 - 2017-11-05 14:58 - 000000000 ____D C:\Windows\NTDS
2019-02-15 15:39 - 2013-08-22 15:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-15 15:39 - 2013-08-22 14:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2019-02-10 11:42 - 2018-11-26 09:57 - 001783140 _____ C:\Users\vvv\aghSnmpz-PdAy5BlW.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000673124 _____ C:\Users\vvv\Mn63utEN-rSaiWr93.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\oaMfOj01-FsuOOKoM.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\68ZRzFXV-rXIw8Xfy.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000066916 _____ C:\Users\vvv\uiw4zyIW-3deXQjdw.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000001400 _____ C:\Users\vvv\9hQhe7fd-2j14Sbty.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000000000 ____D C:\Users\vvv
2019-02-10 11:42 - 2007-11-07 07:53 - 000243556 _____ C:\QVgYhQR5-TIiE9hUJ.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2007-11-07 07:50 - 001929336 _____ C:\p6ic1raW-hCAxHztD.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2007-11-07 07:00 - 000007066 _____ C:\8oWiD9xi-vR1IUxR5.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2019-01-09 09:35 - 000002064 _____ C:\Users\Administrator\Desktop\2Z9cixkP-qUZLWv64.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\otiT82eU-huMhGLI0.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001782 _____ C:\Users\vvv\Documents\hHVrDKSd-MtBqlRx2.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001662 _____ C:\Users\vvv\Downloads\M8e5ILR7-7zxHqQIl.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001662 _____ C:\Users\vvv\Desktop\BbLOcOPf-VXX9wGff.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-09-27 18:54 - 000000000 ____D C:\Program Files (x86)\LepideAuditor Suite
2019-02-10 11:41 - 2017-11-25 20:46 - 000002237 _____ C:\Users\Administrator\Desktop\5PTxPTAZ-qVtVa4ph.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-25 20:34 - 000003622 _____ C:\Users\Administrator\Documents\U0484A8o-rVqrRRMf.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 15:04 - 000005408 _____ C:\ProgramData\NZJSRPPz-3o2JfbBY.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001782 _____ C:\Users\Administrator\Documents\nk30aXbJ-17CYK0Je.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001662 _____ C:\Users\Administrator\Downloads\icO3BG9g-g3jBBd1w.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001662 _____ C:\Users\Administrator\Desktop\dNYZNfNI-5c6Qh3ae.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001400 _____ C:\Users\Administrator\Ge3NzTEn-DJKRQW38.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000525668 _____ C:\Users\Default\QKwrshY4-ss2cb0KC.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000525668 _____ C:\Users\Default\3fAK5v06-IpzK3ume.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000066916 _____ C:\Users\Default\6awS2vf8-BOkkvyJL.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001658 _____ C:\Users\Public\Documents\8hunwz9z-T5pjMsYW.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\T2RdU861-TiloCkUi.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\e7EXFNJW-8Hqb4wc9.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\Downloads\SXvdIJCh-vU0YGUOg.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\Desktop\8hJn5uTa-1ouv6L5e.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Program Files (x86)\ukvnfea8-dp8LqxkJ.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000000000 __RHD C:\Users\Public\Libraries
2019-02-10 11:41 - 2013-08-22 16:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-10 11:41 - 2013-08-22 14:25 - 000263524 _____ C:\Users\Default\ayz0IVqY-Di0ZVOnl.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 14:25 - 000021860 _____ C:\Users\Default\biRWUTsV-1I6Caroj.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2018-09-27 17:40 - 000001754 _____ C:\jevVwksZ-m8Xi0hR1.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2018-09-12 20:35 - 000000000 ____D C:\BGInfo
2019-02-10 11:40 - 2013-08-22 16:39 - 000001554 _____ C:\Program Files\OB5jYb14-a8eOQZjb.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2013-08-22 16:39 - 000000000 ____D C:\Program Files\Common Files\Services
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\ZkHDxbDx-CCnWvpKI.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\tz6JKzUN-E1lnexI7.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\KyaO1FpQ-8NXQdFa1.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\jPswzJdF-UNuNMNlg.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\hH1CeFYX-MincBaJm.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\G3ix6fuM-yOCAaT9z.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\dvYGJK5B-RczoiUa8.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000011514 _____ C:\dYqjnvUk-rCDoJV4E.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000002490 _____ C:\1N2TWMY0-kcRKRLak.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000002223 _____ C:\JbPSUeUk-Cilj8220.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000001498 _____ C:\FC8eFwNq-brCWphhl.[Bitmine8@tutanota.com]
==================== Files in the root of some directories =======
2019-02-10 11:40 - 2019-02-10 11:40 - 000020201 _____ () C:\Program Files\#ReadMe_T0_Decrypt_Files.rtf
2013-08-22 16:39 - 2019-02-10 11:40 - 000001554 _____ () C:\Program Files\OB5jYb14-a8eOQZjb.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2019-02-10 11:41 - 000020202 _____ () C:\Program Files (x86)\#ReadMe_T0_Decrypt_Files.rtf
2013-08-22 16:39 - 2019-02-10 11:41 - 000001554 _____ () C:\Program Files (x86)\ukvnfea8-dp8LqxkJ.[Bitmine8@tutanota.com]
2017-11-05 13:58 - 2017-11-05 13:58 - 000415588 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI523C.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000423288 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI5250.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000011626 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI523C.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000011626 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI5250.txt
2017-11-25 20:35 - 2017-11-25 20:44 - 000007602 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-14 04:33
==================== End of FRST.txt ============================
Ran by Administrator (administrator) on DC01 (15-02-2019 15:50:09)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows Server 2012 R2 Standard (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Farbar) C:\Users\Administrator\Desktop\1. FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [83896 2018-04-14] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [MyProgram] => C:\Program Files (x86)\LepideAuditor Suite\LepideAuditorSuiteWebConsole\apache\conf\LepideAuditor Suite Web Console.exe
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
HKLM\Software\...\Authentication\Credential Providers: [{4DA7114C-DE47-43BF-A644-62876DCC2A72}] -> C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDCREDPROV.DLL [2013-12-10] (Microsoft Corporation -> Microsoft Corp.)
Lsa: [Notification Packages] rassfm scecli
SecurityProviders: credssp.dll, pwdssp.dll
BootExecute: autocheck autochk /q /v *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{FBD088A8-E3E1-466C-9B20-AEC2C09F5A88}: [NameServer] 127.0.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.10.254,1]
Internet Explorer:
==================
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [478720 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 Dfs; C:\Windows\system32\dfssvc.exe [451072 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3832832 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [1594880 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [280064 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [64512 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 Kdc; C:\Windows\system32\kdcsvc.dll [568320 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 KdsSvc; C:\Windows\system32\KdsSvc.dll [36352 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corporation -> Microsoft Corp.)
R2 NTDS; C:\Windows\system32\ntdsa.dll [97280 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1001472 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [248832 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [179640 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [575416 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [68096 2018-04-14] () [File not signed]
S3 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [61440 2018-04-14] () [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Microsoft Windows -> Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Microsoft Windows -> Broadcom Corporation)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [605672 2013-06-18] (Chelsio.com(Test) -> Chelsio Communications)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [54624 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66400 2017-11-05] (Microsoft Windows -> Microsoft Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Microsoft Windows -> Emulex)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2014-03-18] (Microsoft Windows -> Microsoft Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (Microsoft Windows -> QLogic Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 vm3dmp-debug; C:\Windows\system32\DRIVERS\vm3dmp-debug.sys [371152 2018-04-14] (VMware, Inc. -> VMware, Inc.)
S3 vm3dmp-stats; C:\Windows\system32\DRIVERS\vm3dmp-stats.sys [296400 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R3 vm3dmp_loader; C:\Windows\system32\DRIVERS\vm3dmp_loader.sys [42960 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [42968 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [65496 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R1 vnetflt; C:\Windows\system32\DRIVERS\vnetflt.sys [67048 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsepflt; C:\Windows\System32\DRIVERS\vsepflt.sys [345560 2018-04-14] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92120 2017-11-29] (VMware, Inc. -> VMware, Inc.)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 239268BAB58EAE9A3FF4E08334C00451
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\drivers\bfadfcoei.sys 20B24A515209EEA9D0500A8E3F17F206
C:\Windows\System32\drivers\bfadi.sys 32DB84719E8EA5ED8AE54E79F19782FD
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\bxfcoe.sys C392AECC53F60801FAB32407A7F4C57B
C:\Windows\System32\drivers\bxois.sys 4DFA44593FAFB909D261898461D6ECAD
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\cht4vx64.sys 79E002FB10B0451609FE2EFBD4DED31C
C:\Windows\System32\drivers\CLFS.sys 7F006813C2AFE622C13D7AF94F56CD07
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 9F8A99F7CAA41EDD607622DB3F3F3124
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\Drivers\dfsc.sys 414686EF104910BA41DF66E83BDCD495
C:\Windows\System32\drivers\dfs.sys E87CF47F1277D1BFE87EBF6340E5F184
C:\Windows\System32\drivers\dfsrro.sys CF9CE0ABED27B08BC85957698C19450D
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\System32\drivers\dxgkrnl.sys 7E06A606CB61B88E0C59E23DD19914F7
C:\Windows\system32\DRIVERS\e1i63x64.sys FA988D76745C917CDFE20031C06DE860
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\elxfcoe.sys 6565326D51C5A3744406D723FC4199B4
C:\Windows\System32\drivers\elxstor.sys 3AF30511A5D17890343A0A4313C25D42
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fcvsc.sys F62383CA428A2DF7B3A5612A005CE506
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 46D1DF775FFF14585218BBE16E5B2C9A
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys EF3AE7773394DF49CE74AF78A1C8D23D
C:\Windows\System32\drivers\HDAudBus.sys 03909BDBFF0DCACCABF2B2D4ADEE44DC
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidusb.sys F31397220D9687E11EB448649AA6E038
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\ibbus.sys BF00494818FD9E0B3E841B93A1847C7C
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9949A3C7590B8C536C05312205079A82
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys 034D4BD9DC67C64F3A4C8A049B5173BF
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys 3C2A27553BA01F187A2A99C7831484AC
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\mlx4_bus.sys 13340C572F24BB6AFAD3AE034BEC63B8
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\System32\DRIVERS\mrxsmb.sys 16FFC07D36FD83ACA189A641385168B3
C:\Windows\System32\DRIVERS\mrxsmb10.sys 295771B092D4F7FCF2B62F80CCD14320
C:\Windows\System32\DRIVERS\mrxsmb20.sys AAF56E4E84D35411B4E446C445732DFE
C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\DRIVERS\MsLbfoProvider.sys 90364F6DB9367224B7570E2AFC5FE97E
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\System32\drivers\ndfltr.sys 59D76237021AE10E260EDA02F2D4EDCD
C:\Windows\System32\drivers\ndis.sys F21B77B4D74092A543807D3CEB711A88
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\System32\drivers\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 9AEB38B451A7B84ACB7CD3D664F87BF0
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 275AFE3FA35E8D78BE97695DF49817C6
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\System32\drivers\ql2300i.sys 257CC72B4D30667D706F33C0AAFD9799
C:\Windows\System32\drivers\ql40xx2i.sys C6197CE7D9623B7228F0E8F252CE2E34
C:\Windows\System32\drivers\qlfcoei.sys E4BE623FCC1D5A23901A3FFB8B88278B
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\AgileVpn.sys 55FE43112F61836D0581D615C72AA113
C:\Windows\System32\drivers\rasl2tp.sys BBB6272B7F46C4640A8CDB8A70C3450F
C:\Windows\System32\drivers\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 2B0F1677CDD08967005F34488559BC6F
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\DRIVERS\sacdrv.sys 46826657CCB39CB424409D33584FA460
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys FDEC5799BA499D18AFA3A540538866E7
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\DRIVERS\smbdirect.sys AA4155D7F199EBB58F623F00B30BAB9B
C:\Windows\System32\drivers\spaceport.sys 87765EF43C33BE342F4ACB0E3FBF89A6
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02
C:\Windows\System32\DRIVERS\srv2.sys A07E8B69DA403923A06C3E71BA338A7E
C:\Windows\System32\DRIVERS\srvnet.sys 77195C32175FC63D6054EBA5A066D727
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\System32\drivers\tcpip.sys ECC68BD5347BDE9631EE68274858A41F
C:\Windows\system32\DRIVERS\tcpip.sys ECC68BD5347BDE9631EE68274858A41F
C:\Windows\System32\drivers\tcpipreg.sys 33A7D83EEB15431773A6E186CFAABA21
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\System32\drivers\tsusbhub.sys 4A445D5E44CD996D18E128EF321D54B2
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70
C:\Windows\System32\drivers\usbehci.sys 5477D6E27C7D266EF8C152B9A25ADE5E
C:\Windows\System32\drivers\usbhub.sys DF56C2C04EFA328D7A66B69007130266
C:\Windows\System32\drivers\UsbHub3.sys 140AFDF144CFC90F4851121B225F9896
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS EA23453240137F6773174E0D93F61A69
C:\Windows\System32\drivers\usbuhci.sys BA4FA655E0FC577DB7436FC963932CE4
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\system32\DRIVERS\vm3dmp.sys CA59AE445A33C444AE5B803F427DD392
C:\Windows\system32\DRIVERS\vm3dmp-debug.sys E25A61AB7B4EA8C6B41D46E5EE4F9527
C:\Windows\system32\DRIVERS\vm3dmp-stats.sys DA4C15D80259D163C07F1FEEAB08BC65
C:\Windows\system32\DRIVERS\vm3dmp_loader.sys 83F61513C5F54FBBF1468C6490919C0C
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\vmci.sys 9C3FD3B0B9376537181067A28F2A5290
C:\Windows\System32\drivers\vmhgfs.sys CEDF8968A46FF46F6AE473C1022188C5
C:\Windows\system32\DRIVERS\vmmemctl.sys 75B2787DA2D311DDC681C598688DBB17
C:\Windows\System32\drivers\vmmouse.sys 3C254228F0A3C97F5244281AB5B48BBC
C:\Windows\system32\DRIVERS\vmrawdsk.sys 6FC64E8B6CB1AA793C2D15EA64CD12AA
C:\Windows\system32\DRIVERS\vnetflt.sys E07DD45A2F8C9F0C833529AF115075E3
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 3595FBDF25F8BA6256072D103937D7D6
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\DRIVERS\vsepflt.sys 593E0E744CA41AB8AEA76CBAEB251A29
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\DRIVERS\vsock.sys E5B3DEEC0F59ACD113549062B8452515
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\DRIVERS\wfplwfs.sys 2E3E82D7B1076B90F4E228A8EF17B261
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Windows\System32\drivers\winmad.sys CE7BDF86EA539F5DDF90E25DC1CDCD16
C:\Windows\System32\drivers\winnat.sys F4CCD386538E889D7E0BE3ACECFC569A
C:\Windows\System32\drivers\winverbs.sys 44B19297DBB12FFAE43CADCD5FB0893A
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\wtlmdrv.sys 72349809C6D6F5185C25EA7CDC5C2F3B
C:\Windows\System32\drivers\WudfPf.sys 2FEAE33E9B2B56104596E1BA444405A9
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 15:50 - 2019-02-15 15:50 - 000028254 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-02-15 15:50 - 2019-02-15 15:50 - 000000000 ____D C:\FRST
2019-02-15 15:49 - 2019-02-14 17:48 - 005735832 _____ (SosVirus) C:\Users\Administrator\Desktop\2. AdsFix.exe
2019-02-15 15:49 - 2019-02-13 21:36 - 002433536 _____ (Farbar) C:\Users\Administrator\Desktop\1. FRST64.exe
2019-02-15 15:41 - 2019-02-15 15:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2019-02-15 15:41 - 2019-02-15 15:41 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 15:48 - 2017-11-05 14:07 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2894946948-3597676906-2984582856-500
2019-02-15 15:46 - 2017-11-05 15:00 - 000006144 _____ C:\Windows\system32\config\netlogon.dnb
2019-02-15 15:46 - 2017-11-05 15:00 - 000002073 _____ C:\Windows\system32\config\netlogon.dns
2019-02-15 15:41 - 2017-11-05 13:50 - 000000000 ____D C:\Users\Administrator
2019-02-15 15:40 - 2017-11-05 14:58 - 000000000 ____D C:\Windows\system32\dns
2019-02-15 15:40 - 2013-08-22 16:39 - 000000000 ____D C:\Windows\Registration
2019-02-15 15:39 - 2017-11-05 14:58 - 000000000 ____D C:\Windows\NTDS
2019-02-15 15:39 - 2013-08-22 15:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-15 15:39 - 2013-08-22 14:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2019-02-10 11:42 - 2018-11-26 09:57 - 001783140 _____ C:\Users\vvv\aghSnmpz-PdAy5BlW.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000673124 _____ C:\Users\vvv\Mn63utEN-rSaiWr93.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\oaMfOj01-FsuOOKoM.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\68ZRzFXV-rXIw8Xfy.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000066916 _____ C:\Users\vvv\uiw4zyIW-3deXQjdw.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000001400 _____ C:\Users\vvv\9hQhe7fd-2j14Sbty.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2018-11-26 09:57 - 000000000 ____D C:\Users\vvv
2019-02-10 11:42 - 2007-11-07 07:53 - 000243556 _____ C:\QVgYhQR5-TIiE9hUJ.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2007-11-07 07:50 - 001929336 _____ C:\p6ic1raW-hCAxHztD.[Bitmine8@tutanota.com]
2019-02-10 11:42 - 2007-11-07 07:00 - 000007066 _____ C:\8oWiD9xi-vR1IUxR5.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2019-01-09 09:35 - 000002064 _____ C:\Users\Administrator\Desktop\2Z9cixkP-qUZLWv64.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000525668 _____ C:\Users\vvv\otiT82eU-huMhGLI0.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001782 _____ C:\Users\vvv\Documents\hHVrDKSd-MtBqlRx2.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001662 _____ C:\Users\vvv\Downloads\M8e5ILR7-7zxHqQIl.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-11-26 09:57 - 000001662 _____ C:\Users\vvv\Desktop\BbLOcOPf-VXX9wGff.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2018-09-27 18:54 - 000000000 ____D C:\Program Files (x86)\LepideAuditor Suite
2019-02-10 11:41 - 2017-11-25 20:46 - 000002237 _____ C:\Users\Administrator\Desktop\5PTxPTAZ-qVtVa4ph.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-25 20:34 - 000003622 _____ C:\Users\Administrator\Documents\U0484A8o-rVqrRRMf.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 15:04 - 000005408 _____ C:\ProgramData\NZJSRPPz-3o2JfbBY.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001782 _____ C:\Users\Administrator\Documents\nk30aXbJ-17CYK0Je.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001662 _____ C:\Users\Administrator\Downloads\icO3BG9g-g3jBBd1w.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001662 _____ C:\Users\Administrator\Desktop\dNYZNfNI-5c6Qh3ae.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 13:50 - 000001400 _____ C:\Users\Administrator\Ge3NzTEn-DJKRQW38.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000525668 _____ C:\Users\Default\QKwrshY4-ss2cb0KC.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000525668 _____ C:\Users\Default\3fAK5v06-IpzK3ume.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2017-11-05 12:23 - 000066916 _____ C:\Users\Default\6awS2vf8-BOkkvyJL.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001658 _____ C:\Users\Public\Documents\8hunwz9z-T5pjMsYW.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\T2RdU861-TiloCkUi.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\e7EXFNJW-8Hqb4wc9.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\Downloads\SXvdIJCh-vU0YGUOg.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Users\Public\Desktop\8hJn5uTa-1ouv6L5e.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000001554 _____ C:\Program Files (x86)\ukvnfea8-dp8LqxkJ.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 16:39 - 000000000 __RHD C:\Users\Public\Libraries
2019-02-10 11:41 - 2013-08-22 16:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-10 11:41 - 2013-08-22 14:25 - 000263524 _____ C:\Users\Default\ayz0IVqY-Di0ZVOnl.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2013-08-22 14:25 - 000021860 _____ C:\Users\Default\biRWUTsV-1I6Caroj.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2018-09-27 17:40 - 000001754 _____ C:\jevVwksZ-m8Xi0hR1.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2018-09-12 20:35 - 000000000 ____D C:\BGInfo
2019-02-10 11:40 - 2013-08-22 16:39 - 000001554 _____ C:\Program Files\OB5jYb14-a8eOQZjb.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2013-08-22 16:39 - 000000000 ____D C:\Program Files\Common Files\Services
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\ZkHDxbDx-CCnWvpKI.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\tz6JKzUN-E1lnexI7.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\KyaO1FpQ-8NXQdFa1.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\jPswzJdF-UNuNMNlg.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\hH1CeFYX-MincBaJm.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\G3ix6fuM-yOCAaT9z.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000019114 _____ C:\dvYGJK5B-RczoiUa8.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000011514 _____ C:\dYqjnvUk-rCDoJV4E.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000002490 _____ C:\1N2TWMY0-kcRKRLak.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000002223 _____ C:\JbPSUeUk-Cilj8220.[Bitmine8@tutanota.com]
2019-02-10 11:40 - 2007-11-07 07:00 - 000001498 _____ C:\FC8eFwNq-brCWphhl.[Bitmine8@tutanota.com]
==================== Files in the root of some directories =======
2019-02-10 11:40 - 2019-02-10 11:40 - 000020201 _____ () C:\Program Files\#ReadMe_T0_Decrypt_Files.rtf
2013-08-22 16:39 - 2019-02-10 11:40 - 000001554 _____ () C:\Program Files\OB5jYb14-a8eOQZjb.[Bitmine8@tutanota.com]
2019-02-10 11:41 - 2019-02-10 11:41 - 000020202 _____ () C:\Program Files (x86)\#ReadMe_T0_Decrypt_Files.rtf
2013-08-22 16:39 - 2019-02-10 11:41 - 000001554 _____ () C:\Program Files (x86)\ukvnfea8-dp8LqxkJ.[Bitmine8@tutanota.com]
2017-11-05 13:58 - 2017-11-05 13:58 - 000415588 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI523C.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000423288 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI5250.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000011626 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI523C.txt
2017-11-05 13:58 - 2017-11-05 13:58 - 000011626 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI5250.txt
2017-11-25 20:35 - 2017-11-25 20:44 - 000007602 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-14 04:33
==================== End of FRST.txt ============================