FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Tosca (administrator) on TOSCA-PC (19-12-2017 06:20:26)

Running from C:\Users\Tosca\Desktop
Loaded Profiles: Tosca (Available Profiles: Tosca)
Platform: Windows 10 Pro Version 1703 (X64) Language: Espaol (Espaa,
internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA

Corporation\Display.NvContainer\NVDisplay.Container.exe
Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA
Corporation\NvTelemetry\NvTelemetryContainer.exe
Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
() C:\Program
Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming
Software\ArxApplets\Discord\logitechg_discord.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.)
C:\Users\Tosca\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderpr
ocess.exe
(Razer, Inc.)
C:\Users\Tosca\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.
exe
Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce
Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce
Experience\NVIDIA Share.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
() C:\Program Files (x86)\Black Desert Online\bin64\BlackDesert64.exe
(Wellbia.com Co., Ltd.) C:\Program Files (x86)\Black Desert
Online\bin64\xc\na\2\xcoronahost.xem
(Wellbia.com) C:\Program Files (x86)\Black Desert Online\bin64\xc\na\2\xxd-0.xem
(Coherent Labs) C:\Program Files (x86)\Black Desert
Online\bin64\host\CoherentUI_Host.exe
(RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrServer.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe

[629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe
C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe
[17987704 2017-10-20] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files
(x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKU\S-1-5-21-2024120183-3602982349-2077926921-1001\...\Run: [Steam] => C:\Program
Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2024120183-3602982349-2077926921-1001\...\Run: [Gyazo] => C:\Program
Files (x86)\Gyazo\GyStation.exe [5345672 2017-11-09] (Nota Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed

or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{40b3183b-b76d-4a8e-b961-8606a8a74fec}: [DhcpNameServer]
80.58.61.250 80.58.61.254
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->
C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft
Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-
ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-
31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
[2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-
A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL
[2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft
Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files
(x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: wzmx4dkr.default
FF ProfilePath:
C:\Users\Tosca\AppData\Roaming\Mozilla\Firefox\Profiles\wzmx4dkr.default [2017-12-
19]
FF Homepage: Mozilla\Firefox\Profiles\wzmx4dkr.default ->
hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-9692bc87
FF NewTab: Mozilla\Firefox\Profiles\wzmx4dkr.default -> about:newtab
FF Extension: (Safe Browsing Version 4 (temporary add-on)) -
C:\Users\Tosca\AppData\Roaming\Mozilla\Firefox\Profiles\wzmx4dkr.default\Extensions
\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-03] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D
Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA
Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader
DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mcanime.net/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?
gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8EF95378-0A44-4B4E-8FFD-
8C9D005AEBAF&SearchSource=55&CUI=&UM=6&UP=SPAE915494-BD39-4E10-87CE-
B77A10298479&SSPV=","hxxp://www.trotux.com/?
z=40a36c6a2ce37af335fe782g6zfb6g4tbg3waq5q3e&from=isr&uid=SamsungXSSDX850XEVOX250GB
_S21PNSAGA72769J&type=hp","hxxp://www.amisites.com/?
type=hp&ts=1482156274&z=0c85848dfd78319ad587f7eg5z8b5oagdw7q2ofm4o&from=archer1028&
uid=SamsungXSSDX850XEVOX250GB_S21PNSAGA72769J","hxxp://www.amisites.com/?
type=hp&ts=1482404992&z=1a0cf2467e1e4e807c6682eg7z3b3obzaecz1t8t2e&from=che0812&uid
=SamsungXSSDX850XEVOX250GB_S21PNSAGA72769J"
CHR Profile: C:\Users\Tosca\AppData\Local\Google\Chrome\User Data\Default [2017-12-
19]
CHR Extension: (Presentaciones) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-01]
CHR Extension: (Documentos) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-01]
CHR Extension: (Google Drive) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-01]
CHR Extension: (Adguard AdBlocker) -
C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-05]
CHR Extension: (YouTube) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-16]
CHR Extension: (Hojas de clculo) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-01]
CHR Extension: (Trevx - Music Downloader) -
Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2017-11-01]
CHR Extension: (Documentos de Google sin conexin) -
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01]
CHR Extension: (AdBlock) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Player para ver Movistar+) -
Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2017-11-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) -
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01]
CHR Extension: (Gmail) - C:\Users\Tosca\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-01]
CHR Extension: (Chrome Media Router) -
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] -
hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming

Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech
Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960
2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA
Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA
Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-27] (NVIDIA
Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer
Services\GSS\GameScannerService.exe [189264 2017-07-20] ()
R2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-
27] (RemoteMyApp sp. z o.o.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
[3913064 2017-03-20] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30]
(@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18]
(Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-11-01]
===================== Drivers (Whitelisted) ======================
S3 ALSysIO; C:\Users\Tosca\AppData\Local\Temp\ALSysIO64.sys [46384 2017-12-08]

(Arthur Liberman) <==== ATTENTION
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung
Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-05]
(Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-05]
(Disc Soft Ltd)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2014-12-03] (Intel
Mobile Communications)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming
Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-01-
23] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-01-23]
(Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23]
(Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2013-05-30]
(Logitech Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-19]
(Malwarebytes)
R3 MTsensor; C:\WINDOWS\System32\drivers\ASACPI.sys [17280 2016-02-23] ()
R3 nvlddmkm;
C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\
nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
[30328 2017-10-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-
11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA
Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18]
(Realtek )
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer
Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer
Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13]
(Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer
Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer,
Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13]
(Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer
Inc)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2014-12-03] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2014-12-03] (MCCI
Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2014-12-03] (MCCI
Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2014-12-03] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2014-12-03] (MCCI
Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2014-12-03] (MCCI
Corporation)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU
Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206104 2014-12-03] (DEVGURU
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206104 2014-12-03] (DEVGURU
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05]
(QUALCOMM Incorporated)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206104 2014-12-03] (DEVGURU
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2014-12-03] (MCCI
Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26392
2014-12-03] (DEVGURU Co., LTD.)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18]
(Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [210680 2017-10-18]
(Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft
Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18]
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18]
R3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2017-12-19] (Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-19]
(BigNox Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2017-03-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-19 06:20 - 2017-12-19 06:20 - 000020395 _____

C:\Users\Tosca\Desktop\FRST.txt
2017-12-19 06:19 - 2017-12-19 06:20 - 000000000 ____D C:\FRST
2017-12-19 06:18 - 2017-12-19 06:18 - 002392064 _____ (Farbar)
C:\Users\Tosca\Desktop\FRST64.exe
2017-12-19 06:05 - 2017-12-19 06:05 - 008187336 _____ (Malwarebytes)
C:\Users\Tosca\Downloads\adwcleaner_7.0.5.0.exe
2017-12-19 04:53 - 2017-12-19 06:08 - 000000000 ____D
C:\Users\Tosca\AppData\Local\JDownloader v2.0
2017-12-18 04:40 - 2017-12-18 05:13 - 000000000 ____D C:\Users\Tosca\Desktop\xml
2017-12-15 14:54 - 2017-12-15 14:54 - 000262144 ____N C:\WINDOWS\Minidump\121517-
8890-01.dmp
2017-12-15 06:16 - 2017-12-15 06:16 - 000000000 ____D C:\WINDOWS\Panther
2017-12-15 03:22 - 2017-12-19 06:12 - 000000000 ____D C:\Program Files\KMSpico
2017-12-15 03:22 - 2017-12-15 03:22 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-12-15 03:22 - 2017-12-15 03:22 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-12-15 03:22 - 2017-12-15 03:22 - 000003462 _____
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2017-12-15 03:22 - 2017-12-15 03:22 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-12-15 03:22 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.)
C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-12-15 03:06 - 2017-12-15 03:06 - 000002729 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002662 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002656 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002656 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002656 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002648 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002648 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002642 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000002628 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ___RD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft
Office 2016
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ____D C:\Program Files\Microsoft
SQL Server
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ____D C:\Program Files\Common
Files\DESIGNER
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ____D C:\Program Files
(x86)\Mozilla Firefox
2017-12-15 03:06 - 2017-12-15 03:06 - 000000000 ____D C:\Program Files
(x86)\Microsoft SQL Server
2017-12-15 03:03 - 2017-12-15 03:06 - 000000000 ____D C:\WINDOWS\SHELLNEW
Office
2017-12-15 03:03 - 2017-12-15 03:03 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Microsoft Help
Analysis Services
2017-12-15 03:03 - 2017-12-15 03:03 - 000000000 ____D C:\Program Files
(x86)\Microsoft Office
2017-12-15 03:03 - 2017-12-15 03:03 - 000000000 ____D C:\Program Files
(x86)\Microsoft Analysis Services
2017-12-15 02:48 - 2015-10-02 23:29 - 000000000 ____D
C:\Users\Tosca\Desktop\Office_Professional_Plus_2016_64Bit_Spanish
2017-12-10 21:24 - 2017-12-10 21:24 - 000169496 _____ C:\Users\Tosca\Desktop\TEMA 4
EL CONTRATO DE TRABAJO GS pdf.pdf
2017-12-08 22:42 - 2017-12-19 06:12 - 000000000 ____D C:\ProgramData\Remotr
2017-12-08 22:42 - 2017-12-08 22:42 - 005420800 _____ (RemoteMyApp sp. z o.o. )
C:\Users\Tosca\Downloads\Remotr (1).exe
2017-12-08 22:42 - 2017-12-08 22:42 - 000001218 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remotr Streamer.lnk
2017-12-08 22:42 - 2017-12-08 22:42 - 000000000 ____D C:\Program Files (x86)\Remotr
2017-12-05 14:31 - 2017-12-05 14:31 - 000000082 _____
C:\Users\Tosca\Desktop\Francisco Del Rio Portillo Task2.txt
2017-12-05 07:40 - 2017-12-05 07:41 - 000000000 ____D C:\Program Files\Core Temp
2017-12-05 07:40 - 2017-12-05 07:40 - 001243944 _____ (ALCPU )
C:\Users\Tosca\Downloads\Core-Temp-setup.exe
2017-12-05 07:40 - 2017-12-05 07:40 - 000000989 _____ C:\Users\Tosca\Desktop\Core
Temp.lnk
2017-12-05 07:40 - 2017-12-05 07:40 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2017-12-05 06:16 - 2017-12-05 06:16 - 000796452 _____ C:\WINDOWS\Minidump\120517-
10453-01.dmp
2017-12-04 19:05 - 2017-10-21 12:41 - 341702439 _____ C:\Users\Tosca\Desktop\Arrow
6x02 [Mega Descargas].mkv
2017-12-04 19:04 - 2017-12-04 19:04 - 000063741 _____
C:\Users\Tosca\Downloads\Arrow 6x02 - Tribute (Espaol (Espaa)).srt
2017-12-04 19:00 - 2017-12-04 19:00 - 358099844 _____
C:\Users\Tosca\Downloads\ARW.-6.O6-Sub720p[MegaDescargas].rar
2017-12-04 18:58 - 2017-12-04 18:58 - 358159012 _____
2017-12-04 18:58 - 2017-12-04 18:58 - 331912852 _____
2017-12-04 18:56 - 2017-12-04 18:56 - 342567716 _____
2017-12-04 18:56 - 2017-12-04 18:56 - 342328564 _____
2017-12-04 18:56 - 2017-12-04 18:56 - 342325428 _____
2017-12-04 18:56 - 2017-12-04 18:56 - 336966868 _____
8906-01.dmp
2017-12-03 23:52 - 2017-12-03 23:52 - 000055088 _____
C:\Users\Tosca\Downloads\Arrow 6x01 - Fallout (Espaol (Espaa)).srt
2017-12-03 23:49 - 2017-12-03 23:49 - 446474730 _____
C:\Users\Tosca\Downloads\Arrow.S06E01.720p.HDTV.X264-DIMENSION.mp4
2017-12-03 05:54 - 2017-12-03 05:54 - 000782076 _____ C:\WINDOWS\Minidump\120317-
36500-01.dmp
12875-01.dmp
2017-11-28 07:50 - 2017-11-28 07:50 - 008728808 _____ C:\Users\Tosca\Downloads\Tema
IV - GNU-Linux. Conceptos previos, instalacion y shell.pdf
2017-11-27 13:05 - 2017-11-27 13:05 - 000000000 ____D
C:\Users\Tosca\AppData\Local\yo_cm_client
2017-11-27 13:05 - 2017-11-27 13:05 - 000000000 ____D
C:\Users\Tosca\AppData\Local\cache
2017-11-27 12:57 - 2017-11-27 12:57 - 000000000 ____D
C:\Users\Tosca\AppData\Local\CrashRpt
2017-11-27 12:15 - 2017-11-27 13:45 - 000001843 _____
C:\Users\Tosca\AppData\Local\Tempbannercash.tmp
2017-11-27 12:15 - 2017-11-27 12:15 - 000032159 _____
C:\Users\Tosca\AppData\Local\Tempnewscash.tmp
2017-11-27 12:03 - 2017-11-27 12:03 - 000000000 ____D
C:\Users\Tosca\AppData\Local\launcher
2017-11-27 12:02 - 2017-11-28 20:49 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Life is Feudal MMO
2017-11-27 12:02 - 2017-11-27 12:02 - 000001217 _____ C:\Users\Public\Desktop\Life
Is Feudal.lnk
2017-11-27 12:02 - 2017-11-27 12:02 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiF
2017-11-27 06:39 - 2017-11-27 06:39 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Solid State Networks
2017-11-27 06:38 - 2017-11-27 06:39 - 032490344 _____ (Gameforge 4D GmbH )
C:\Users\Tosca\Downloads\2017-11-14_TERA_Setup.exe
2017-11-27 05:10 - 2017-11-27 05:10 - 000290840 _____ C:\Users\Tosca\Downloads\Tema
2. Modelo Relacional de Datos(1) (1) 1.pdf
2017-11-26 10:29 - 2017-11-26 10:29 - 000000000 ____H
C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-26 07:43 - 2017-11-26 07:43 - 000001069 _____
C:\Users\Tosca\Desktop\FOTOS.reg
2017-11-25 11:02 - 2017-11-28 11:59 - 000000000 ____D
C:\Users\Tosca\Downloads\drive-download-20171125T095948Z-001
2017-11-25 11:00 - 2017-11-25 11:00 - 028144050 _____
C:\Users\Tosca\Downloads\drive-download-20171125T095948Z-001.zip
2017-11-23 12:25 - 2017-11-28 11:50 - 000001524 _____
C:\Users\Tosca\Desktop\xuletilla trabajo ingles.txt
2017-11-21 20:52 - 2017-12-19 04:34 - 000001688 _____ C:\Users\Tosca\.xmlcopyeditor
2017-11-21 11:17 - 2017-11-21 11:17 - 002214408 _____
C:\Users\Tosca\Downloads\Documento 5 (1).pdf
2017-11-21 10:41 - 2017-11-21 10:41 - 000000284 _____
C:\Users\Tosca\Desktop\cine.xml
2017-11-21 07:45 - 2017-11-21 07:45 - 003364239 _____
C:\Users\Tosca\Downloads\ejercicios-lenguaje.pdf
2017-11-21 07:45 - 2017-11-21 07:45 - 002492159 _____
C:\Users\Tosca\Downloads\RESUMEN LENGUAJE DE MARCAS.pdf
2017-11-21 07:44 - 2017-11-21 07:44 - 013078516 _____
C:\Users\Tosca\Downloads\TEORIA LENGUAJE DE MARCAS.pdf
2017-11-20 02:01 - 2017-11-20 02:01 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Copy Editor
2017-11-20 02:01 - 2017-11-20 02:01 - 000000000 ____D C:\Program Files\XML Copy
Editor
2017-11-19 19:38 - 2017-12-05 00:44 - 000001121 _____ C:\Users\Tosca\Desktop\Multi-
Drive.lnk
2017-11-19 19:38 - 2017-12-05 00:44 - 000001040 _____
C:\Users\Tosca\Desktop\Nox.lnk
2017-11-19 19:38 - 2017-11-25 07:41 - 000000000 ____D C:\Users\Tosca\.BigNox
2017-11-19 19:11 - 2017-11-25 07:41 - 000000000 ____D C:\Users\Tosca\.android
2017-11-19 19:11 - 2017-11-19 19:38 - 000000000 ____D C:\Program Files (x86)\Bignox
2017-11-19 19:11 - 2017-11-19 19:11 - 000000066 _____ C:\Users\Tosca\inittk.ini
2017-11-19 19:11 - 2017-11-19 19:11 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-19 06:16 - 2017-11-01 19:30 - 002630984 _____

C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-19 06:16 - 2017-11-01 19:15 - 001236026 _____
C:\WINDOWS\system32\perfh00A.dat
2017-12-19 06:16 - 2017-11-01 19:15 - 000286184 _____
C:\WINDOWS\system32\perfc00A.dat
2017-12-19 06:12 - 2017-11-01 19:24 - 000000000 ____D C:\Users\Tosca
2017-12-19 06:11 - 2017-11-01 20:21 - 000047096 _____ (Wellbia.com Co., Ltd.)
C:\WINDOWS\xhunter1.sys
2017-12-19 06:11 - 2017-11-01 19:40 - 000000000 ____D C:\Program Files (x86)\Black
Desert Online
2017-12-19 06:10 - 2017-11-05 07:06 - 000252232 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-19 06:10 - 2017-11-01 19:59 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-19 06:10 - 2017-11-01 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-19 06:10 - 2017-11-01 19:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 06:09 - 2017-11-01 19:09 - 001310720 _____
C:\WINDOWS\system32\config\BBI
2017-12-19 06:09 - 2017-04-20 05:51 - 000000000 ____D C:\AdwCleaner
2017-12-19 06:06 - 2017-11-01 20:53 - 000000000 ____D
C:\Users\Tosca\AppData\Local\CrashDumps
2017-12-19 06:04 - 2017-03-28 00:26 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-12-19 04:49 - 2017-11-01 19:27 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Packages
2017-12-19 00:42 - 2017-11-01 19:29 - 000002270 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-19 00:42 - 2017-11-01 19:29 - 000002258 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-18 18:35 - 2017-11-01 19:19 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2017-12-18 07:36 - 2017-11-01 19:36 - 000002237 _____
C:\Users\Tosca\Desktop\Discord.lnk
2017-12-17 06:51 - 2017-10-03 00:42 - 000000000 ____D C:\Users\Tosca\.VirtualBox
2017-12-15 20:31 - 2017-11-01 19:36 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\discord
2017-12-15 14:54 - 2017-11-06 15:06 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-15 14:54 - 2017-11-01 19:13 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-15 06:15 - 2017-11-01 19:19 - 000385280 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-15 03:07 - 2017-11-01 19:12 - 000000000 ____D C:\WINDOWS\INF
2017-12-15 03:06 - 2017-11-01 19:13 - 000000000 ____D C:\ProgramData\regid.1991-
06.com.microsoft
Files\microsoft shared
2017-12-15 03:03 - 2017-11-01 19:13 - 000000167 _____ C:\WINDOWS\win.ini
Files\System
2017-12-15 02:03 - 2017-06-01 22:05 - 000000000 ____D
C:\Users\Tosca\Desktop\KMSAuto W10 MrLeoky
2017-12-13 04:49 - 2017-07-19 17:38 - 000000000 ____D
C:\Users\Tosca\Documents\Grabaciones de sonido
2017-12-11 23:49 - 2017-11-01 19:36 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Discord
2017-12-11 23:49 - 2017-08-09 00:17 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-07 03:19 - 2017-11-11 19:32 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\TS3Client
2017-12-05 00:44 - 2017-11-02 00:32 - 000001789 _____ C:\Users\Tosca\Desktop\MPC-HC
x64.lnk
2017-12-05 00:44 - 2017-11-01 20:24 - 000001159 _____ C:\Users\Tosca\Desktop\MSI
Afterburner.lnk
2017-12-04 19:06 - 2017-11-01 19:18 - 000000000 ____D C:\Windows.old
2017-12-03 21:50 - 2017-11-01 19:41 - 000000000 ____D
C:\Users\Tosca\AppData\Local\BlackDesertOnline
2017-11-30 13:41 - 2017-11-16 07:45 - 000002457 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-27 12:02 - 2017-11-01 20:24 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-11-27 11:31 - 2017-04-03 18:43 - 000000000 ____D
C:\Users\Tosca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-25 13:08 - 2017-11-17 07:53 - 000000000 ____D
C:\Users\Tosca\AppData\Local\Nox
2017-11-25 07:41 - 2017-11-17 07:53 - 000000000 ____D C:\Users\Tosca\vmlogs
2017-11-24 12:30 - 2017-10-03 00:44 - 000000000 ____D C:\Users\Tosca\VirtualBox VMs
2017-11-23 12:19 - 2017-10-25 03:23 - 000001113 _____ C:\Users\Tosca\Desktop\Nuevo
documento de texto (3).txt
2017-11-22 09:13 - 2017-11-01 19:13 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-19 19:10 - 2017-11-17 07:53 - 000000000 ____D C:\Program Files (x86)\Nox
==================== Files in the root of some directories =======
2017-11-27 12:15 - 2017-11-27 13:45 - 000001843 _____ ()

C:\Users\Tosca\AppData\Local\Tempbannercash.tmp
2017-11-27 12:15 - 2017-11-27 12:15 - 000032159 _____ ()
C:\Users\Tosca\AppData\Local\Tempnewscash.tmp
Some files in TEMP:

====================
2017-12-19 04:52 - 2017-12-19 04:52 - 000079736 _____ (AppWork GmbH)
C:\Users\Tosca\AppData\Local\Temp\131581291712901553.exe
2017-11-01 20:21 - 2017-12-19 06:11 - 000000072 _____ ()
C:\Users\Tosca\AppData\Local\Temp\525349cc55ab0b19cb815cf59e960012.dll
2017-11-01 20:21 - 2017-11-01 20:21 - 000000180 _____ ()
C:\Users\Tosca\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-12-19 04:51 - 2017-12-19 04:52 - 036403960 _____ (AppWork GmbH)
C:\Users\Tosca\AppData\Local\Temp\JDSetup131581291190186041.exe
2017-11-01 19:31 - 2017-09-16 18:17 - 000758472 _____ (NVIDIA Corporation)
C:\Users\Tosca\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tosca\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tosca\AppData\Local\Temp\nvStInst.exe
2017-12-19 06:03 - 2017-12-19 06:03 - 000040448 ____N ()
C:\Users\Tosca\AppData\Local\Temp\proxy_vole4075236407097960990.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-12-14 19:57
==================== End of FRST.txt ============================

FRST

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

FRST

Transféré par

Droits d'auteur :

Formats disponibles

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017

Ran by Tosca (administrator) on TOSCA-PC (19-12-2017 06:20:26)

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files\NVIDIA

==================== Registry (Whitelisted) ===========================

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe

(If an item is included in the fixlist, if it is a registry item it will be removed

==================== Services (Whitelisted) ====================

R2 LogiRegistryService; C:\Program Files\Logitech Gaming

===================== Drivers (Whitelisted) ======================

S3 ALSysIO; C:\Users\Tosca\AppData\Local\Temp\ALSysIO64.sys [46384 2017-12-08]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-19 06:20 - 2017-12-19 06:20 - 000020395 _____

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-19 06:16 - 2017-11-01 19:30 - 002630984 _____

==================== Files in the root of some directories =======

2017-11-27 12:15 - 2017-11-27 13:45 - 000001843 _____ ()

Some files in TEMP:

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

LastRegBack: 2017-12-14 19:57

==================== End of FRST.txt ============================

Vous aimerez peut-être aussi