Trojan Remover me esta detectando este malware, que es? y que hay que ejecutar?

Iniciado por win_7, 20 Marzo 2021, 20:08 PM

0 Miembros y 1 Visitante están viendo este tema.

win_7



tambien cuando sale el "malware" me sale una ventana y la que esta preeseleccionada es esta:

disabled file by renaming it

y sale tambien deleted y mas opciones

PD: lo que he hecho, bueno como lo tenía puesto es: renombrar el archivo/malware. Esta bien?

ha finalizado el scaneo, aqui el log:

https://www.sendspace.com/file/8gjo96

win_7

***** THE SYSTEM HAS BEEN RESTARTED *****
20/3/2021 22:41:49: Trojan Remover has been restarted
20/3/2021 22:41:49: Trojan Remover closed
************************************************************


***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:03:30 20 març 2021
Using Database v10584
Operating System:  Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868]
System up since: 19:41:03 19 març 2021
File System:       NTFS
UAC is ENABLED [highest level]
UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
Automatic Daily Updates are enabled
Automatic Program Updates are enabled

************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
! Exception in routine frmScan.FindRat
EFOpenError - Cannot open file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\78CEE867-61CB-41FC-89DC-801F6530CF70\MpSigStub.exe". Acceso denegado
- processing HeurList line 226
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll - appears to contain Trashed.File
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll: 0 processes terminated
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll has been renamed to C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll.vir
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll - appears to contain Trashed.File
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll: 0 processes terminated
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll has been renamed to C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.868.1.0\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_10.0.19041.844_none_88b2caa82590cdb4\f\snmpincl.dll.vir
------------------------------
363404 files scanned
Scan completed at: 22:36:32 20 març 2021
2 Malware files detected
Total Scan time: 5 hrs, 33 mins, 2 secs
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
20/3/2021 22:36:52: restart commenced
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:02:34 20 març 2021
Using Database v10584
Operating System:  Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868]
System up since: 19:41:03 19 març 2021
File System:       NTFS
UAC is ENABLED [highest level]
UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
Controlled Folder Access is enabled
Automatic Daily Updates are enabled
Automatic Program Updates are enabled

************************************************************
17:02:34: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
17:02:34: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:02:35: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\explorer.exe
C:\Windows\explorer.exe (verified signer: [Microsoft Windows])
4704744 bytes
Created:  24/2/2021 23:10
Modified: 24/2/2021 23:10
Company:  Microsoft Corporation
[91BCFCAB8092A94CB7D60509BA75ED1C]
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\System32\userinit.exe,]
File: C:\Windows\Sysnative\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
34816 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[582A919CA5F944AA83895A5C633C122C]
----------
Scan cancelled by User
Windows Registry scan stopped at user request
The ShellExecuteHooks were not scanned
Hidden Registry Entries were not scanned for
The ScreenSaver was not checked
The Windows Registry Active Setup keys were not scanned
The ServiceDLLs registry keys were not scanned
The Services registry keys were not scanned
The Winlogon\Notify DLLs were not scanned
The ContextMenuHandlers were not scanned
The Browser Helper Objects were not scanned
The Delayed Load ShellServiceObjects were not scanned
The SharedTaskScheduler DLLs were not scanned
The Imagefile Debuggers were not scanned
The AppInit_DLLs were not scanned
The Security Provider DLLs were not scanned
The User Startup Groups were not scanned
The Scheduled Tasks were not scanned
The ShellIconOverlayIdentifiers were not scanned
The Device Drivers were not scanned
Malware Registry Entry Checks: not done
Heuristic Scans were not carried out
Shortcut Hijack Checks not carried out
Running Processes were not scanned
The HOSTS files were not checked
The check on Explorer.exe was not carried out
Internet Explorer settings were not checked.

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:02:38 20 març 2021
Total Scan time: 0 mins, 4 secs
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.5.2975. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 16:59:41 20 març 2021
Using Database v10584
Operating System:  Windows 10 Home x64 [November 2020 Update (Ver 20H2), Build: 10.0.19042.868]
System up since: 19:41:03 19 març 2021
File System:       NTFS
UAC is ENABLED [highest level]
UserData directory: C:\Users\Florenci\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Florenci\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
Controlled Folder Access is enabled
Automatic Daily Updates are enabled
Automatic Program Updates are enabled

************************************************************
16:59:41: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
16:59:41: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:59:42: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\explorer.exe
C:\Windows\explorer.exe (verified signer: [Microsoft Windows])
4704744 bytes
Created:  24/2/2021 23:10
Modified: 24/2/2021 23:10
Company:  Microsoft Corporation
[91BCFCAB8092A94CB7D60509BA75ED1C]
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\System32\userinit.exe,]
File: C:\Windows\Sysnative\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
34816 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[582A919CA5F944AA83895A5C633C122C]
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [CCleaner Smart Cleaning]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR]
C:\Program Files\CCleaner\CCleaner64.exe
32726088 bytes
Created:  5/3/2021 13:14
Modified: 5/3/2021 13:14
Company:  Piriform Software Ltd
[E81A2D29BA58989D6B0EF3948E7F3AEE]
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
16:59:48: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SecurityHealth]
Value Data: [%windir%\system32\SecurityHealthSystray.exe]
C:\Windows\System32\SecurityHealthSystray.exe
86016 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[783C99AFD4C2AE6950FA5694389D2CFA]
--------------------
Value Name: [RtHDVCpl]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11779176 bytes
Created:  7/4/2011 10:38
Modified: 18/2/2011 10:39
Company:  Realtek Semiconductor
[9F153BC9D4D72F6A84AD71D22ABB82BE]
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
16:59:49: Scanning ----- ShellExecuteHooks -----
No ShellExecuteHook entries found to scan

************************************************************
16:59:49: Scanning ----- 64-Bit ShellExecuteHooks -----
No 64-Bit ShellExecuteHook entries found to scan

************************************************************
16:59:49: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
No Hidden File-loading x64 Registry Entries found
----------

************************************************************
16:59:50: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:59:50: Scanning ----- Registry Active Setup Keys -----

************************************************************
16:59:50: Scanning ----- 64-Bit Registry Active Setup Keys -----
Key:  {8A69D345-D564-463c-AFF1-A69D9E530F96}
Path: "C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel
C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe (verified signer: [Google LLC])
2839656 bytes
Created:  19/3/2021 19:19
Modified: 19/3/2021 19:19
Company:  Google LLC
[2DE9F8D5D7F562B678CFF4F284445B04]
----------

************************************************************
16:59:52: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
17:00:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AnyDesk
ImagePath:  "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
Service Display Name: AnyDesk Service
Service Start Type: Disabled
C:\Program Files (x86)\AnyDesk\AnyDesk.exe (verified signer: [philandro Software GmbH])
3743464 bytes
Created:  17/2/2021 21:22
Modified: 9/3/2021 20:00
Company:  philandro Software GmbH
[64D3B02073AA813C69CF0CA52182FA37]
----------
Key:       ESRV_SVC_QUEENCREEK
ImagePath:  "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe" "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
Service Display Name: Energy Server Service queencreek
Service Start Type: Disabled
C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (verified signer: [Intel(R) System Usage Report])
999752 bytes
Created:  15/12/2020 14:37
Modified: 15/12/2020 14:37
Company: 
[406C19A815FE7C361B3A2333CD58A2DB]
----------
Key:       GoogleChromeElevationService
ImagePath:  "C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\elevation_service.exe"
Service Display Name: Google Chrome Elevation Service
Service Start Type: Manual
C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\elevation_service.exe (verified signer: [Google LLC])
1509488 bytes
Created:  19/3/2021 19:19
Modified: 11/3/2021 23:31
Company:  Google LLC
[C4890B0B3D29DD4B52AB8000D223FE7D]
----------
Key:       gupdate
ImagePath:  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Service Display Name: Servei de Google Update (gupdate)
Service Start Type: Disabled
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
153168 bytes
Created:  10/6/2017 14:42
Modified: 10/6/2017 14:42
Company:  Google Inc.
[0545A3EB959CFA4790D267BFB8C1ACA4]
----------
Key:       gupdatem
ImagePath:  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
Service Display Name: Servei de Google Update (gupdatem)
Service Start Type: Disabled
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
153168 bytes
Created:  10/6/2017 14:42
Modified: 10/6/2017 14:42
Company:  Google Inc.
[0545A3EB959CFA4790D267BFB8C1ACA4]
----------
Key:       HidGuardian
ImagePath:  \SystemRoot\System32\drivers\HidGuardian.sys
Service Display Name: @oem27.inf,%HidGuardian.SVCDESC%;HidGuardian Service
Service Start Type: Manual
C:\Windows\System32\drivers\HidGuardian.sys (verified signer: [Wohlfeil.IT e.U.])
35728 bytes
Created:  2/12/2018 13:41
Modified: 2/12/2018 13:41
Company:  Benjamin Höglinger-Stelzer
[9E593C108C4A1F86122FD5375F9B75B9]
----------
Key:       Intel(R) SUR QC SAM
ImagePath:  "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"
Service Display Name: Intel(R) SUR QC Software Asset Manager
Service Start Type: Disabled
C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (verified signer: [Intel(R) System Usage Report])
3098912 bytes
Created:  5/11/2020 11:20
Modified: 5/11/2020 11:20
Company:  Intel Corporation
[09AAF35CDAF82C2A448ADA8EAF63D12C]
----------
Key:       MozillaMaintenance
ImagePath:  "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
Service Display Name: Mozilla Maintenance Service
Service Start Type: Disabled
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (verified signer: [Mozilla Corporation])
242160 bytes
Created:  23/10/2018 18:43
Modified: 19/3/2021 19:09
Company:  Mozilla Foundation
[2C8598CD76958DE4F9DD128DA734EAE9]
----------
Key:       NEWDRIVER
ImagePath:  \??\C:\WINDOWS\SysWow64\WinVDEdrv6.sys
Service Display Name: NEWDRIVER
Service Start Type: Automatic
C:\WINDOWS\SysWow64\WinVDEdrv6.sys (verified signer: [NewSoftwares.net Inc. SDN. BHD.])
197648 bytes
Created:  22/3/2016 23:08
Modified: 22/3/2016 23:08
Company:  [no info]
[2D446F342467128EA389CF44EC79C2BA]
----------
Key:       SystemUsageReportSvc_QUEENCREEK
ImagePath:  "C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe"
Service Display Name: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK
Service Start Type: Disabled
C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (verified signer: [Intel(R) System Usage Report])
185672 bytes
Created:  15/12/2020 14:37
Modified: 15/12/2020 14:37
Company: 
[29D4473036FB5939AD39AECABE697E80]
----------
Key:       TTDrv
ImagePath:  \??\C:\KOPLAYER\vbox\TTDrv.sys
Service Display Name: TianTian Support Driver
Service Start Type: System
C:\KOPLAYER\vbox\TTDrv.sys (verified signer: [Fuzhou kaopu Network Co.,Ltd.])
317040 bytes
Created:  18/7/2019 20:38
Modified: 1/11/2017 10:06
Company:  Oracle Corporation
[FB5BA2ADB865329C97D16A9A8CD6BCB7]
----------
Key:       USER_ESRV_SVC_QUEENCREEK
ImagePath:  "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe" "--run_as_user_process"
Service Display Name: User Energy Server Service queencreek
Service Start Type: Disabled
C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (verified signer: [Intel(R) System Usage Report])
999752 bytes
Created:  15/12/2020 14:37
Modified: 15/12/2020 14:37
Company: 
[406C19A815FE7C361B3A2333CD58A2DB]
----------

************************************************************
17:00:55: Scanning ----- ContextMenuHandlers -----
Key:   Glary Utilities
CLSID: {B3C418F8-922B-4faf-915E-59BC14448CF7}
Path:  C:\Program Files (x86)\Glary Utilities 5\ContextHandler.dll
C:\Program Files (x86)\Glary Utilities 5\ContextHandler.dll (verified signer: [Glarysoft LTD])
138672 bytes
Created:  4/3/2020 5:25
Modified: 4/3/2020 5:25
Company:  Glarysoft Ltd
[BAAEC2D7DF821CB4AF2D43AC5B7FC755]
----------
Key:   IXnView
CLSID: {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}
Path:  C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll
C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll
1736704 bytes
Created:  25/5/2018 18:59
Modified: 19/2/2015 10:25
Company: 
[8B145F0093C1E3CE13C94FC449790073]
----------
Key:   WinRAR32
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path:  C:\Program Files\WinRAR\rarext32.dll
C:\Program Files\WinRAR\rarext32.dll (verified signer: [win.rar GmbH])
493376 bytes
Created:  22/3/2016 22:22
Modified: 24/10/2020 15:02
Company:  Alexander Roshal
[69729447193AC06F232BF6DC86C29ED1]
----------

************************************************************
17:00:58: Scanning ----- Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan

************************************************************
17:00:58: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:   Glary Utilities
CLSID: {B3C418F8-922B-4faf-915E-59BC14448CF7}
Path:  C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll
C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll (verified signer: [Glarysoft LTD])
86448 bytes
Created:  4/3/2020 5:27
Modified: 4/3/2020 5:27
Company:  Glarysoft Ltd
[A7FBACC13D7376DFBD074DA51417B915]
----------
Key:   Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path:  C:\PROGRA~2\TROJAN~1\TRSHLE~1.DLL
C:\PROGRA~2\TROJAN~1\TRSHLE~1.DLL (verified signer: [Simply Super Software])
3605096 bytes
Created:  20/3/2021 16:52
Modified: 25/10/2018 14:12
Company:  Simply Super Software
[BC168257A6D847002C942F725E6C4D45]
----------
Key:   WinRAR
CLSID: {B41DB860-64E4-11D2-9906-E49FADC173CA}
Path:  C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll (verified signer: [win.rar GmbH])
567616 bytes
Created:  22/3/2016 22:22
Modified: 24/10/2020 15:02
Company:  Alexander Roshal
[F7D8ABC30B1D8851D3BE5158EEB62967]
----------

************************************************************
17:01:00: Scanning ----- 64-Bit Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan

************************************************************
17:01:01: Scanning ----- Browser Helper Objects -----

************************************************************
17:01:01: Scanning ----- 64-Bit Browser Helper Objects -----

************************************************************
17:01:01: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
17:01:01: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
17:01:01: Scanning ----- ShellServiceObjects -----
CLSID: {003e0278-eca8-4bb8-a256-3689ca1c2600}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5}
File: %SystemRoot%\System32\SndVolSSO.dll
C:\Windows\System32\SndVolSSO.dll (verified signer: [Microsoft Windows])
309760 bytes
Created:  12/1/2021 20:22
Modified: 12/1/2021 20:22
Company:  Microsoft Corporation
[9B9E4C5E758CE818ADE5C4BBC430A909]
----------
CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392}
File: %SystemRoot%\system32\stobject.dll
C:\Windows\System32\stobject.dll (verified signer: [Microsoft Windows])
311808 bytes
Created:  12/1/2021 20:20
Modified: 12/1/2021 20:20
Company:  Microsoft Corporation
[C9B1A2C6664DE4102820CC4C75346BBE]
----------
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {78DE489B-7931-4f14-83B4-C56D38AC9FFA}
File: C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll
C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll (verified signer: [Microsoft Windows])
282624 bytes
Created:  3/2/2021 20:50
Modified: 3/2/2021 20:50
Company:  Microsoft Corporation
[279181A001CD3E57DE8E2A4767B9CB12]
----------
CLSID: {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB}
File: %SystemRoot%\system32\windows.storage.dll
C:\Windows\System32\windows.storage.dll (verified signer: [Microsoft Windows])
7965496 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[ECFB27091304F40243BC3396E0A4378D]
----------
CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5}
File: %SystemRoot%\System32\hcproviders.dll
C:\Windows\System32\hcproviders.dll (verified signer: [Microsoft Windows])
64000 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[A91995356658BDD21024B590207BBA0C]
----------
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
File: %SystemRoot%\system32\wpdshserviceobj.dll
C:\Windows\System32\wpdshserviceobj.dll (verified signer: [Microsoft Windows])
67072 bytes
Created:  12/1/2021 20:28
Modified: 12/1/2021 20:28
Company:  Microsoft Corporation
[F3F1FC4FF1C2BEB6AFF47224FFC97133]
----------
CLSID: {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F}
File: %SystemRoot%\system32\SettingMonitor.dll
C:\Windows\System32\SettingMonitor.dll (verified signer: [Microsoft Windows])
164864 bytes
Created:  12/1/2021 20:20
Modified: 12/1/2021 20:20
Company:  Microsoft Corporation
[BF754DA7931484BA61D9646B71B18A8E]
----------
CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527}
File: %SystemRoot%\System32\srchadmin.dll
C:\Windows\System32\srchadmin.dll (verified signer: [Microsoft Windows])
218112 bytes
Created:  12/1/2021 20:24
Modified: 12/1/2021 20:24
Company:  Microsoft Corporation
[C2DA20F1F8CAB266E777181C3207AC16]
----------
CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D}
File: C:\Windows\SysWOW64\shdocvw.dll
C:\Windows\SysWOW64\shdocvw.dll (verified signer: [Microsoft Windows])
218112 bytes
Created:  12/1/2021 20:25
Modified: 12/1/2021 20:25
Company:  Microsoft Corporation
[89575AFBEB62052600AEE345864775E5]
----------
CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B}
File: C:\Windows\SysWOW64\bthprops.cpl
C:\Windows\SysWOW64\bthprops.cpl (verified signer: [Microsoft Windows])
221184 bytes
Created:  14/7/2020 19:02
Modified: 14/7/2020 19:02
Company:  Microsoft Corporation
[62569B8D0CEE9C6899E05A5BCF9B3608]
----------
CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B}
File: %SystemRoot%\System32\SyncCenter.dll
C:\Windows\System32\SyncCenter.dll (verified signer: [Microsoft Windows])
520704 bytes
Created:  5/8/2020 21:34
Modified: 5/8/2020 21:34
Company:  Microsoft Corporation
[A1AE89F0BF9A2832A03688FABD6EF098]
----------
CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
File: %SystemRoot%\System32\Actioncenter.dll
C:\Windows\System32\Actioncenter.dll (verified signer: [Microsoft Windows])
322048 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[FEDD74D0894D4D32A1E0FE5B585FCCFE]
----------
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820}
File: %SystemRoot%\System32\hgcpl.dll
C:\Windows\System32\hgcpl.dll (verified signer: [Microsoft Windows])
671744 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[7276B85AF58D78A06D5A3A3C699092A1]
----------

************************************************************
17:01:07: Scanning ----- 64-Bit ShellServiceObjects -----
CLSID: {003e0278-eca8-4bb8-a256-3689ca1c2600}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5}
File: %SystemRoot%\System32\SndVolSSO.dll
C:\Windows\System32\SndVolSSO.dll (verified signer: [Microsoft Windows])
309760 bytes
Created:  12/1/2021 20:22
Modified: 12/1/2021 20:22
Company:  Microsoft Corporation
[9B9E4C5E758CE818ADE5C4BBC430A909]
----------
CLSID: {4DC9C264-730E-4CF6-8374-70F079E4F82B}
File: %SystemRoot%\System32\pwsso.dll
C:\Windows\System32\pwsso.dll (verified signer: [Microsoft Windows])
32256 bytes
Created:  12/1/2021 20:26
Modified: 12/1/2021 20:26
Company:  Microsoft Corporation
[2B9123E1CEC0857B034AB80D8CC29ECB]
----------
CLSID: {566296fe-e0e8-475f-ba9c-a31ad31620b1}
File: %systemroot%\system32\dxp.dll
C:\Windows\System32\dxp.dll (verified signer: [Microsoft Windows])
516608 bytes
Created:  5/8/2020 21:34
Modified: 5/8/2020 21:34
Company:  Microsoft Corporation
[04294895B1C470D98D666AD5A09C66AF]
----------
CLSID: {578480AA-1B1C-4343-AABD-62C0A273DCB5}
File: C:\Windows\System32\Windows.CloudStore.dll
C:\Windows\System32\Windows.CloudStore.dll (verified signer: [Microsoft Windows])
1946624 bytes
Created:  12/1/2021 20:21
Modified: 12/1/2021 20:21
Company:  Microsoft Corporation
[6EE31349DAB9F1248F3635E9F1CCAEBF]
----------
CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392}
File: %SystemRoot%\system32\stobject.dll
C:\Windows\System32\stobject.dll (verified signer: [Microsoft Windows])
311808 bytes
Created:  12/1/2021 20:20
Modified: 12/1/2021 20:20
Company:  Microsoft Corporation
[C9B1A2C6664DE4102820CC4C75346BBE]
----------
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {78DE489B-7931-4f14-83B4-C56D38AC9FFA}
File: C:\Windows\System32\Windows.FileExplorer.Common.dll
C:\Windows\System32\Windows.FileExplorer.Common.dll (verified signer: [Microsoft Windows])
378880 bytes
Created:  9/3/2021 22:33
Modified: 9/3/2021 22:33
Company:  Microsoft Corporation
[0FB99F3BB5805454BE527E30E9D52A89]
----------
CLSID: {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB}
File: %SystemRoot%\system32\windows.storage.dll
C:\Windows\System32\windows.storage.dll (verified signer: [Microsoft Windows])
7965496 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[ECFB27091304F40243BC3396E0A4378D]
----------
CLSID: {872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac}
File: %SystemRoot%\System32\SystemResetPlatform\SystemResetSSO.dll
C:\Windows\System32\SystemResetPlatform\SystemResetSSO.dll (verified signer: [Microsoft Windows])
31744 bytes
Created:  12/1/2021 20:26
Modified: 12/1/2021 20:26
Company:  Microsoft Corporation
[368442861547973F1BE44184E44688EF]
----------
CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5}
File: %SystemRoot%\System32\hcproviders.dll
C:\Windows\System32\hcproviders.dll (verified signer: [Microsoft Windows])
64000 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[A91995356658BDD21024B590207BBA0C]
----------
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
File: %SystemRoot%\system32\wpdshserviceobj.dll
C:\Windows\System32\wpdshserviceobj.dll (verified signer: [Microsoft Windows])
67072 bytes
Created:  12/1/2021 20:28
Modified: 12/1/2021 20:28
Company:  Microsoft Corporation
[F3F1FC4FF1C2BEB6AFF47224FFC97133]
----------
CLSID: {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F}
File: %SystemRoot%\system32\SettingMonitor.dll
C:\Windows\System32\SettingMonitor.dll (verified signer: [Microsoft Windows])
164864 bytes
Created:  12/1/2021 20:20
Modified: 12/1/2021 20:20
Company:  Microsoft Corporation
[BF754DA7931484BA61D9646B71B18A8E]
----------
CLSID: {C2796011-81BA-4148-8FCA-C6643245113F}
File: %SystemRoot%\System32\pnidui.dll
C:\Windows\System32\pnidui.dll (verified signer: [Microsoft Windows])
2179584 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[2F6FDB3714D5731CDF24B9FA517045C8]
----------
CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527}
File: %SystemRoot%\System32\srchadmin.dll
C:\Windows\System32\srchadmin.dll (verified signer: [Microsoft Windows])
218112 bytes
Created:  12/1/2021 20:24
Modified: 12/1/2021 20:24
Company:  Microsoft Corporation
[C2DA20F1F8CAB266E777181C3207AC16]
----------
CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D}
File: C:\Windows\System32\shdocvw.dll
C:\Windows\System32\shdocvw.dll (verified signer: [Microsoft Windows])
245760 bytes
Created:  12/1/2021 20:24
Modified: 12/1/2021 20:24
Company:  Microsoft Corporation
[979F32B1030D2C8040E04BDD3AD90B1E]
----------
CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B}
File: C:\Windows\System32\bthprops.cpl
C:\Windows\System32\bthprops.cpl (verified signer: [Microsoft Windows])
266752 bytes
Created:  14/7/2020 19:01
Modified: 14/7/2020 19:01
Company:  Microsoft Corporation
[13A9A5E015634F1A33774BD046BE86F2]
----------
CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B}
File: %SystemRoot%\System32\SyncCenter.dll
C:\Windows\System32\SyncCenter.dll (verified signer: [Microsoft Windows])
520704 bytes
Created:  5/8/2020 21:34
Modified: 5/8/2020 21:34
Company:  Microsoft Corporation
[A1AE89F0BF9A2832A03688FABD6EF098]
----------
CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
File: %SystemRoot%\System32\Actioncenter.dll
C:\Windows\System32\Actioncenter.dll (verified signer: [Microsoft Windows])
322048 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[FEDD74D0894D4D32A1E0FE5B585FCCFE]
----------
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
File: %SystemRoot%\system32\shell32.dll
C:\Windows\System32\shell32.dll (verified signer: [Microsoft Windows])
7639536 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[E00CD792AA3031C65F4B58A77E1B745C]
----------
CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820}
File: %SystemRoot%\System32\hgcpl.dll
C:\Windows\System32\hgcpl.dll (verified signer: [Microsoft Windows])
671744 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[7276B85AF58D78A06D5A3A3C699092A1]
----------

************************************************************
17:01:15: Scanning -----  SharedTaskScheduler Entries -----
No SharedTaskScheduler entries found to scan

************************************************************
17:01:15: Scanning -----  64-Bit SharedTaskScheduler Entries -----
No 64-Bit SharedTaskScheduler entries found to scan

************************************************************
17:01:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:01:15: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check

************************************************************
17:01:15: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check

************************************************************
17:01:17: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:01:17: Scanning ----- CREDENTIAL PROVIDERS -----
CLSID: {01A30791-40AE-4653-AB2E-FD210019AE88}
File: %systemroot%\system32\mgmtrefreshcredprov.dll
C:\Windows\System32\mgmtrefreshcredprov.dll (verified signer: [Microsoft Windows])
119296 bytes
Created:  12/1/2021 20:27
Modified: 12/1/2021 20:27
Company:  Microsoft Corporation
[0DA7EAF92044E1E21E6737140FCA0248]
----------
CLSID: {1b283861-754f-4022-ad47-a5eaaa618894}
File: %SystemRoot%\system32\SmartcardCredentialProvider.dll
C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows])
803328 bytes
Created:  1/10/2020 19:48
Modified: 1/10/2020 19:48
Company:  Microsoft Corporation
[E2817CA097495731172009DC2E5FF750]
----------
CLSID: {1ee7337f-85ac-45e2-a23c-37c753209769}
File: %SystemRoot%\system32\SmartcardCredentialProvider.dll
C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows])
803328 bytes
Created:  1/10/2020 19:48
Modified: 1/10/2020 19:48
Company:  Microsoft Corporation
[E2817CA097495731172009DC2E5FF750]
----------
CLSID: {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
File: %SystemRoot%\system32\credprovslegacy.dll
C:\Windows\System32\credprovslegacy.dll (verified signer: [Microsoft Windows])
197120 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[343788CB03702D049FDF56341CAF1D28]
----------
CLSID: {25CBB996-92ED-457e-B28C-4774084BD562}
File: %SystemRoot%\system32\credprovs.dll
C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows])
378368 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[15872A76EECC99F087ACBFD88A4DF4A8]
----------
CLSID: {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
File: %systemroot%\system32\TrustedSignalCredProv.dll
C:\Windows\System32\TrustedSignalCredProv.dll (verified signer: [Microsoft Windows])
115712 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[B6B7B10E12BB354D3E2A26028C2A3CFF]
----------
CLSID: {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
File: %SystemRoot%\system32\credprovs.dll
C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows])
378368 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[15872A76EECC99F087ACBFD88A4DF4A8]
----------
CLSID: {48B4E58D-2791-456C-9091-D524C6C706F2}
File: C:\Windows\System32\devicengccredprov.dll
C:\Windows\System32\devicengccredprov.dll (verified signer: [Microsoft Windows])
204800 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[5E88B905E264E511D0C1C4389271FC14]
----------
CLSID: {600e7adb-da3e-41a4-9225-3c0399e88c0c}
File: %systemroot%\system32\cngcredui.dll
C:\Windows\System32\cngcredui.dll (verified signer: [Microsoft Windows])
111104 bytes
Created:  7/12/2019 10:09
Modified: 7/12/2019 10:09
Company:  Microsoft Corporation
[20EBBAD016D2D6F93AC5A59D731534E0]
----------
CLSID: {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
File: %SystemRoot%\system32\credprovs.dll
C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows])
378368 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[15872A76EECC99F087ACBFD88A4DF4A8]
----------
CLSID: {8AF662BF-65A0-4D0A-A540-A338A999D36F}
File: C:\Windows\System32\FaceCredentialProvider.dll
C:\Windows\System32\FaceCredentialProvider.dll (verified signer: [Microsoft Windows])
593408 bytes
Created:  12/1/2021 20:26
Modified: 12/1/2021 20:26
Company:  Microsoft Corporation
[AB110765EA025AD4B1735FFB0D350956]
----------
CLSID: {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
File: %SystemRoot%\system32\SmartcardCredentialProvider.dll
C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows])
803328 bytes
Created:  1/10/2020 19:48
Modified: 1/10/2020 19:48
Company:  Microsoft Corporation
[E2817CA097495731172009DC2E5FF750]
----------
CLSID: {94596c7e-3744-41ce-893e-bbf09122f76a}
File: %SystemRoot%\system32\SmartcardCredentialProvider.dll
C:\Windows\System32\SmartcardCredentialProvider.dll (verified signer: [Microsoft Windows])
803328 bytes
Created:  1/10/2020 19:48
Modified: 1/10/2020 19:48
Company:  Microsoft Corporation
[E2817CA097495731172009DC2E5FF750]
----------
CLSID: {BEC09223-B018-416D-A0AC-523971B639F5}
File: %SystemRoot%\System32\BioCredProv.dll
C:\Windows\System32\BioCredProv.dll (verified signer: [Microsoft Windows])
365568 bytes
Created:  12/1/2021 20:22
Modified: 12/1/2021 20:22
Company:  Microsoft Corporation
[B4AD2CCDCAC7386ACEEB442D7170EAD7]
----------
CLSID: {C5D7540A-CD51-453B-B22B-05305BA03F07}
File: C:\Windows\System32\cxcredprov.dll
C:\Windows\System32\cxcredprov.dll (verified signer: [Microsoft Windows])
116224 bytes
Created:  12/1/2021 20:22
Modified: 12/1/2021 20:22
Company:  Microsoft Corporation
[A96A82EB3259AE0CC102D773CCB1ADE8]
----------
CLSID: {C885AA15-1764-4293-B82A-0586ADD46B35}
File: C:\Windows\System32\FaceCredentialProvider.dll
C:\Windows\System32\FaceCredentialProvider.dll (verified signer: [Microsoft Windows])
593408 bytes
Created:  12/1/2021 20:26
Modified: 12/1/2021 20:26
Company:  Microsoft Corporation
[AB110765EA025AD4B1735FFB0D350956]
----------
CLSID: {cb82ea12-9f71-446d-89e1-8d0924e1256e}
File: %SystemRoot%\system32\credprovslegacy.dll
C:\Windows\System32\credprovslegacy.dll (verified signer: [Microsoft Windows])
197120 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[343788CB03702D049FDF56341CAF1D28]
----------
CLSID: {D6886603-9D2F-4EB2-B667-1971041FA96B}
File: C:\Windows\System32\ngccredprov.dll
C:\Windows\System32\ngccredprov.dll (verified signer: [Microsoft Windows])
657408 bytes
Created:  12/1/2021 20:21
Modified: 12/1/2021 20:21
Company:  Microsoft Corporation
[0F106CEB1C3FA5F00F2CA257DF014FBA]
----------
CLSID: {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
File: %systemroot%\system32\certCredProvider.dll
C:\Windows\System32\certCredProvider.dll (verified signer: [Microsoft Windows])
48128 bytes
Created:  7/12/2019 10:08
Modified: 7/12/2019 10:08
Company:  Microsoft Corporation
[9A129200D537445BB2659C70B0220CE1]
----------
CLSID: {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
File: %SystemRoot%\system32\wlidcredprov.dll
C:\Windows\System32\wlidcredprov.dll (verified signer: [Microsoft Windows])
292352 bytes
Created:  12/1/2021 20:23
Modified: 12/1/2021 20:23
Company:  Microsoft Corporation
[9C6FC597E8710A125E6061FA91C33BA5]
----------
CLSID: {F8A1793B-7873-4046-B2A7-1F318747F427}
File: %systemroot%\system32\fidocredprov.dll
C:\Windows\System32\fidocredprov.dll (verified signer: [Microsoft Windows])
236032 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[B35494F96263A6B0F7FC6DE6A3ADE19A]
----------
CLSID: {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
File: %SystemRoot%\system32\credprovs.dll
C:\Windows\System32\credprovs.dll (verified signer: [Microsoft Windows])
378368 bytes
Created:  24/2/2021 23:11
Modified: 24/2/2021 23:11
Company:  Microsoft Corporation
[15872A76EECC99F087ACBFD88A4DF4A8]
----------
CLSID: {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
File: %SystemRoot%\system32\rasplap.dll
C:\Windows\System32\rasplap.dll (verified signer: [Microsoft Windows])
237056 bytes
Created:  9/3/2021 22:33
Modified: 9/3/2021 22:33
Company:  Microsoft Corporation
[A828D407F1002C5954471DEB35E688A2]
----------

************************************************************
17:01:23: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
AutorunsDisabled sub-directory found - ignored
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  7/12/2019 10:14
Modified: 7/12/2019 10:12
Company:  [no info]
[7F1698BAB066B764A314A589D338DAAE]
--------------------

************************************************************
17:01:24: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Administrador
[C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
174 bytes
Created:  16/12/2018 8:08
Modified: 16/12/2018 8:08
Company:  [no info]
[7F1698BAB066B764A314A589D338DAAE]
----------
--------------------
Checking Startup Group for: Florenci
[C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  21/3/2016 10:40
Modified: 17/6/2020 16:26
Company:  [no info]
[7F1698BAB066B764A314A589D338DAAE]
----------
--------------------
Checking Startup Group for: UsuariPrivat
[C:\Users\UsuariPrivat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\UsuariPrivat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  27/12/2020 21:53
Modified: 27/12/2020 21:53
Company:  [no info]
[7F1698BAB066B764A314A589D338DAAE]
----------
--------------------

************************************************************
17:01:24: Scanning ----- SCHEDULED TASKS -----
Taskname: CCleaner Update
Target: C:\Program Files\CCleaner\CCUpdate.exe
Parameters:
Schedule:
1. At 8:25:00 every day
2. On system startup
Next Run Time: 20/3/2021 20:25:56
Status: Disabled
Creator: CCleaner Update
Comments:
-----
C:\Program Files\CCleaner\CCUpdate.exe
684976 bytes
Created:  5/3/2021 13:14
Modified: 5/3/2021 13:14
Company:  Piriform
[21D34C75FD0B462067D408BA8B6BF765]
----------
Taskname: CCleanerSkipUAC
Target: "C:\Program Files\CCleaner\CCleaner.exe"
Parameters: $(Arg0)
Schedule:
<Task not scheduled>
Next Run Time:
Status: Ready
Creator: Piriform Software Ltd
Comments:
-----
C:\Program Files\CCleaner\CCleaner.exe
27168840 bytes
Created:  5/3/2021 13:14
Modified: 5/3/2021 13:14
Company:  Piriform Software Ltd
[7ACC4C98CEFF5B0F8A66F56800563FF9]
----------
Taskname: EOSv3 Scheduler onLogOn
Target: C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe
Parameters: LOGON
Schedule:
1. At logon
2. At session unlock
Next Run Time:
Status: Disabled
Creator: Eset Online Scanner
Comments:
-----
C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe - [file not found to scan]
----------
Taskname: EOSv3 Scheduler onTime
Target: C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe
Parameters: SCHED
Schedule:
At 17:50:00 on 7/3/2021
Next Run Time:
Status: Disabled
Creator: Eset Online Scanner
Comments:
-----
C:\Users\Florenci\Desktop\esetonlinescanner_esn.exe - file already scanned
----------
Taskname: GoogleUpdateTaskMachineCore
Target: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Parameters: /c
Schedule:
1. At logon
2. At 7:22:00 every day
Next Run Time: 21/3/2021 7:22:12
Status: Disabled
Creator:
Comments: Manté el programari de Google actualitzat. Si aquesta tasca es desactiva o s'atura, el programari de Google no s'actualitzarà, de manera que no se solucionaran les vulnerabilitats de seguretat que puguin sorgir i algunes funcions podrien deixar de funcionar. Aquesta tasca es desinstal·la automàticament quan no hi ha cap programari de Google que l'utilitzi.
-----
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
153168 bytes
Created:  10/6/2017 14:42
Modified: 10/6/2017 14:42
Company:  Google Inc.
[0545A3EB959CFA4790D267BFB8C1ACA4]
----------
Taskname: GoogleUpdateTaskMachineUA
Target: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Parameters: /ua /installsource scheduler
Schedule:
At 7:22:00 every day
Next Run Time: 20/3/2021 17:22:12
Status: Disabled
Creator:
Comments: Manté el programari de Google actualitzat. Si aquesta tasca es desactiva o s'atura, el programari de Google no s'actualitzarà, de manera que no se solucionaran les vulnerabilitats de seguretat que puguin sorgir i algunes funcions podrien deixar de funcionar. Aquesta tasca es desinstal·la automàticament quan no hi ha cap programari de Google que l'utilitzi.
-----
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - file already scanned
----------
Taskname: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
Target: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"
Parameters: --automatic
Schedule:
At 13:40:00 every day
Next Run Time: 21/3/2021 13:40:51
Status: Disabled
Creator: SYSTEM
Comments: Intel(R) SUR QC Software Asset Manager helps you keep your system up-to-date.
-----
C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
3098912 bytes
Created:  5/11/2020 11:20
Modified: 5/11/2020 11:20
Company:  Intel Corporation
[09AAF35CDAF82C2A448ADA8EAF63D12C]
----------
Taskname: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
Target: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"
Parameters: --automatic
Schedule:
At logon
Next Run Time:
Status: Disabled
Creator: SYSTEM
Comments: Intel(R) SUR QC Software Asset Manager helps you keep your system up-to-date.
-----
C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe - file already scanned
----------
Taskname: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
Target: C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Parameters: --automatic
Schedule:
At 14:12:00 every day
Next Run Time: 21/3/2021 14:12:18
Status: Disabled
Creator: SYSTEM
Comments: Intel(R) Update Manager helps you keep your system up-to-date. Keep this task running to be notified automatically when new updates become available.
-----
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe - [file not found to scan]
----------
Taskname: OneDrive Standalone Update Task-S-1-5-21-549940460-2404856339-1566757125-1007
Target: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Parameters:
Schedule:
At 8:00:00 on 1/5/1992
Next Run Time: 21/3/2021 11:03:39
Status: Disabled
Creator: Microsoft Corporation
Comments:
-----
C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe - [file not found to scan]
----------
Taskname: OneDrive Standalone Update Task-S-1-5-21-549940460-2404856339-1566757125-500
Target: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Parameters:
Schedule:
At 4:00:00 on 1/5/1992
Next Run Time: 22/3/2021 3:21:37
Status: Disabled
Creator: Microsoft Corporation
Comments:
-----
C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe - file already scanned
----------
Taskname: Opera scheduled assistant Autoupdate 1611338731
Target: C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe
Parameters: --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Florenci\AppData\Local\Programs\Opera\assistant" $(Arg0)
Schedule:
1. At 19:05:00 every day
2. At logon
Next Run Time: 20/3/2021 19:05:32
Status: Disabled
Creator: FPA-PC\Florenci
Comments: Keeps Opera Browser Assistant up to date
-----
C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe
1793688 bytes
Created:  22/1/2021 19:05
Modified: 18/3/2021 8:00
Company:  Opera Software
[C89EC574BEDCE5EF629F31E06374729D]
----------
Taskname: Opera scheduled Autoupdate 1611338715
Target: C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe
Parameters: --scheduledautoupdate $(Arg0)
Schedule:
1. At 19:17:00 every day
2. At logon
Next Run Time: 20/3/2021 19:17:01
Status: Ready
Creator: FPA-PC\Florenci
Comments: Manté Opera actualitzat.
-----
C:\Users\Florenci\AppData\Local\Programs\Opera\launcher.exe - file already scanned
----------
Taskname: TR_AntiHijack
Target: "C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe"
Parameters:
Schedule:
At logon
Next Run Time:
Status: Ready
Creator: Simply Super Software
Comments: This task starts the Trojan Remover Anti-Hijack component when a user logs on. This component helps protect against screen locker malware.
-----
C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe - [file not found to scan]
----------
Taskname: TR_FastScan_AtLogon
Target: "C:\Program Files (x86)\Trojan Remover\Trjscan.exe"
Parameters: /boot
Schedule:
At logon
Next Run Time:
Status: Ready
Creator: Simply Super Software
Comments: This task starts the Trojan Remover FastScan when a user logs on. The FastScan scans important system areas to check for malware. The scan is delayed so that the task does not impact on system startup time.
-----
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
6499736 bytes
Created:  20/3/2021 16:52
Modified: 20/3/2021 16:58
Company:  Simply Super Software
[267F478536778B6B10B21553D27CE615]
----------
Taskname: TR_FastScan_Daily_Florenci
Target: "C:\Program Files (x86)\Trojan Remover\Trjscan.exe"
Parameters: /silent
Schedule:
At 8:05:00 every day
Next Run Time: 21/3/2021 8:05:00
Status: Ready
Creator: Simply Super Software
Comments: This task starts the Trojan Remover FastScan daily at the given time. The FastScan scans important system areas to check for malware.
-----
C:\Program Files (x86)\Trojan Remover\Trjscan.exe - file already scanned
----------
Taskname: TR_Updater
Target: "C:\Program Files (x86)\Trojan Remover\Trupd.exe"
Parameters: /silent
Schedule:
At 7:50:00 every day
Next Run Time: 21/3/2021 7:50:00
Status: Ready
Creator: Simply Super Software
Comments: This task checks for and installs program and database updates for Trojan Remover.
-----
C:\Program Files (x86)\Trojan Remover\Trupd.exe
6480784 bytes
Created:  20/3/2021 16:52
Modified: 20/3/2021 16:58
Company:  Simply Super Software
[5E3E79C36C68D199C70A83DD9F37575E]
----------
Taskname: USER_ESRV_SVC_QUEENCREEK
Target: "C:\WINDOWS\System32\Wscript.exe"
Parameters: //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Schedule:
At logon
Next Run Time:
Status: Disabled
Creator: Intel(r) Energy Checker
Comments:
-----
C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs
179 bytes
Created:  17/1/2021 11:04
Modified: 17/1/2021 11:04
Company:  [no info]
[36B717542417E7836848CDE4AA85ECC1]
----------
Taskname: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
Target: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Parameters: do-task "308046B0AF4A39CB"
Schedule:
At 19:08:00 every day
Next Run Time: 20/3/2021 19:08:43
Status: Ready
Creator: Mozilla
Comments: La tasca «Agent de navegador per defecte» controla quan el navegador per defecte canvia de Firefox a un altre navegador. Si el canvi es produeix en circumstàncies sospitoses, demanarà als usuaris que tornin a canviar-ho per Firefox dues vegades com a màxim. El Firefox isntal·la aquesta tasca automàticament i es reinstal·la quan s'actualitza el Firefox. Per desactivar aquesta tasca, actualitzeu la preferència «default-browser-agent.enabled» en la pàgina about:config o el paràmetre de política d'empresa «DisableDefaultBrowserAgent» del Firefox.
-----
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
694256 bytes
Created:  4/2/2021 20:51
Modified: 19/3/2021 19:09
Company:  Mozilla Foundation
[97D2F00500F66B6A8D7B88743DDE10C7]
----------

************************************************************
17:01:55: Scanning ----- ShellIconOverlayIdentifiers -----

************************************************************
17:01:55: Scanning ----- 64-Bit ShellIconOverlayIdentifiers -----

************************************************************
17:01:55: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.FMVC
File:  fmcodec.dll
C:\Windows\SysWOW64\fmcodec.dll
77824 bytes
Created:  24/12/2018 8:02
Modified: 18/8/2008 18:18
Company:  Fox Magic Software
[5C8874EE321F4623FFF7A1315039DDBC]
----------

************************************************************
17:01:57: Scanning for ----- MALWARE REGISTRY ENTRIES -----

************************************************************
17:01:57: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: c:\users\florenci\pictures\fondos\img_20201225_155457.jpg
c:\users\florenci\pictures\fondos\img_20201225_155457.jpg
5019719 bytes
Created:  28/12/2020 18:23
Modified: 28/12/2020 18:23
Company:  [no info]
[B157C030794E401FACACE56971FBDEB5]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Command Processor AutoRuns checks completed.
----------
Checks for rogue DNS NameServers completed
----------
BootExcute entries:
Unparsed entry: [autocheck autochk * ]
-----
BootExecute registry entry checks completed
----------
Additional checks completed

************************************************************
17:01:58: Checking ----- Shortcut Hijacks -----
129 Program Shortcuts checked

************************************************************
17:02:07: Scanning ----- RUNNING PROCESSES -----

C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (verified signer: [Skype Software Sarl])
91016584 bytes
Created:  20/2/2021 17:00
Modified: 20/2/2021 17:00
Company:  Skype Technologies S.A.
[1F808255386A83AF44FE39F61A616F7E]
--------------------
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21021.116.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
42496 bytes
Created:  6/3/2021 18:31
Modified: 6/3/2021 18:33
Company: 
[483372509381D6D436E6DE3B14B9DB4C]
--------------------
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1439232 bytes
Created:  20/2/2021 17:02
Modified: 20/2/2021 17:04
Company:  Microsoft Corporation
[1A76813AD4C5072A08B093EFC42136DA]
--------------------
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
93184 bytes
Created:  20/2/2021 17:02
Modified: 20/2/2021 17:04
Company:  Microsoft Corporation
[F43A716FB10240336C1588482A818A52]
--------------------
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxAccounts.exe
222208 bytes
Created:  20/2/2021 17:02
Modified: 20/2/2021 17:03
Company:  Microsoft Corporation
[3A7554BDAA00520B6BE06B29B6E6BA56]
--------------------
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21021.116.0_x64__8wekyb3d8bbwe\YourPhone.exe
24064 bytes
Created:  6/3/2021 18:31
Modified: 6/3/2021 18:32
Company:  Microsoft Corporation
[B0CCAF543144961A227B0B71A56DB17C]
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          7295352
[This is a Trojan Remover component]

************************************************************
17:02:18: Checkin

EdePC

Más parece un Falso Positivo, veamos:

MpSigStub.exe tiene que ver con Windows Defender, aunque es un poco raro que esté también en esa locación, voy a entender que se está actualizando.

snmpincl.dll está en la carpeta C:\Windows\Servicing que es justo donde se van almacenando los archivos de actualización vía Windows Update

Prefiero confiar en que son archivos legítimos, sino ya sería verificar los archivos con los originales de la web de Microsoft, pero esto ya conlleva el tener más conocimientos técnicos sobre el tema para identificar archivos, hashes, versiones, búsquedas en la Windows Catalog OffLine y OnLine, etc.

win_7

Cita de: EdePC en 21 Marzo 2021, 19:29 PM
Más parece un Falso Positivo, veamos:

MpSigStub.exe tiene que ver con Windows Defender, aunque es un poco raro que esté también en esa locación, voy a entender que se está actualizando.

snmpincl.dll está en la carpeta C:\Windows\Servicing que es justo donde se van almacenando los archivos de actualización vía Windows Update

Prefiero confiar en que son archivos legítimos, sino ya sería verificar los archivos con los originales de la web de Microsoft, pero esto ya conlleva el tener más conocimientos técnicos sobre el tema para identificar archivos, hashes, versiones, búsquedas en la Windows Catalog OffLine y OnLine, etc.

Pero has visto el log? Es que como digo la acción preseleccionada a ejecutar con el "malware" bueno toda los demás de ruta similar fue renombrar el archivo. Esta todo bien y correcto?

Hangaro

... que comparta SHA256 de los archivos .. o el mismo analize a VirusTotal "www.virustotal.com" .. por mayor seguridad .. ya que pueden ser sucios haciendo sustitucion de originales ..  :o