Serveur minecraft

Besoin d'aide. Ordinateur infecté par un virus persistant. – Resoudre les problemes d’un serveur MineCraft

Le 22 mars 2020 - 87 minutes de lecture

Merci pour la réponse rapide ci-dessous sont les journaux demandés:

Fixlog créé:

Correction du résultat de Farbar Recovery Scan Tool (x64) Version: 12-01-2020

Ran by OWL (13-01-2020 23:42:43) Course: 1

Exécution à partir de C: Users OWL Desktop

Profils chargés: OWL (Profils disponibles: JJAG & OWL)

Mode de démarrage: Normal

==============================================

contenu de la liste de correctifs:

*****************

début

CreateRestorePoint:

FermerProcessus:

ShortcutTarget: MEGAsync.lnk -> C: Users OWL AppData Local MEGAsync MEGAsync.exe (aucun fichier)

Tâche: 001FD37A-44BA-4615-BE3D-0908D087B063 – System32 Tasks caproncapron => C: Program Files (x86) Failing Undetectable.exe

Tâche: 0C613A82-1680-4825-9152-7D5CE1919786 – System32 Tasks enregistre sed inchedsaves sed inched => C: Users JJAG AppData Local Undetectable.exe

Tâche: 16561E3C-1E2C-4125-BB4F-9B6089E14DFF – System32 Tasks lucy_bavaria => C: Users JJAG AppData Local Ibex.exe

Tâche: 4BA060D1-33E1-45C9-9AE3-A27EAF9A10EA – System32 Tasks lilienthal_revokedlilienthal_revoked => C: Program Files (x86) Homosexually Undetectable.exe

Tâche: 54003798-E56B-49BC-A656-01E18BEFA773 – System32 Tasks lilienthal_revoked => C: Program Files (x86) Homosexually Undetectable.exe

Tâche: 9C269D53-0F3F-431C-B497-4798AC21278A – System32 Tasks unutterable kourou => C: Program Files (x86) Homosexually Ibex.exe

Tâche: 9C725AC5-8D9D-41D6-BE44-522E16C78866 – System32 Tasks informinformed => C: Program Files (x86) Envisions depictions.exe

Tâche: 9E1C977E-5E3D-42CB-A699-DF6C5927928A – System32 Tasks saves sed inched => C: Users JJAG AppData Local Undetectable.exe

Tâche: A940258F-F2AA-499F-8CA0-D83BAE45C58E – System32 Tasks missionaries-zinn => C: Program Files (x86) clanging Ibex.exe

Tâche: CA3A20AF-AD57-42D0-80B8-D1E592D9B666 – System32 Tasks capron => C: Program Files (x86) Failing Undetectable.exe

Tâche: CE27F6DF-1F6E-4BC3-9306-FE7C0CD6FB57 – System32 Tasks CORVALLIS => C: Program Files CORVALLIS CORVALLIS.exe

Tâche: D42E0014-8435-415C-ACA8-241DD7941243 – System32 Tasks missionaries-zinnmissionaries-zinn => C: Program Files (x86) clanging Ibex.exe

Tâche: F9880159-277A-4A7E-8AD1-7336550285E4 – System32 Tasks lucy_bavarialucy_bavaria => C: Users JJAG AppData Local Ibex.exe

Tâche: FEB06AA5-61D8-4469-BEEC-ADFCCF576469 – System32 Tasks Informed => C: Program Files (x86) Envisions depictions.exe

Tâche: C: WINDOWS Tasks CORVALLIS.job => C: Program Files CORVALLIS CORVALLIS.exe

BHO: avast! Sécurité en ligne -> 8E5E2654-AD2D-48bf-AC2D-D17F00898D06 -> Aucun fichier

BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> 451C804F-C205-4F03-B48E-537EC94937BF -> Aucun fichier

BHO-x32: Gestionnaire de cache de documents Office -> B4F3A835-0E21-4959-BA22-42B3008E02FF -> C: PROGRA ~ 2 MICROS ~ 1 Office14 URLREDIR.DLL => Aucun fichier

Gestionnaire: WSWSVCUchrome – {1CA93FF0-A218-44F1 – Aucun fichier

FF Plugin-x32: @ microsoft.com / OfficeAuthz, version = 14.0 -> C: PROGRA ~ 2 MICROS ~ 1 Office14 NPAUTHZ.DLL [No File]

FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: PROGRA ~ 2 MICROS ~ 1 Office14 NPSPWRAP.DLL [No File]

S3 mracsvc; C: Windows System32 mracsvc.exe [11132176 2018-10-15] (Mail.Ru LLC -> LLC Mail.Ru)

S3 mracdrv; C: WINDOWS System32 drivers mracdrv.sys [10348560 2018-10-15] (Mail.Ru LLC -> LLC Mail.Ru)

U3 idsvc; pas ImagePath

C: Program Files (x86) Failing Undetectable.exe

C: Users JJAG AppData Local Undetectable.exe

C: Users JJAG AppData Local Ibex.exe

C: Program Files (x86) Homosexually Undetectable.exe

C: Program Files (x86) Homosexuellement Ibex.exe

C: Program Files (x86) Envisions depictions.exe

C: Program Files (x86) clanging Ibex.exe

C: Program Files CORVALLIS CORVALLIS.exe

C: Windows System32 mracsvc.exe

C: WINDOWS System32 drivers mracdrv.sys

VirusTotal: G: Program Files (x86) launcher.exe

VirusTotal: E: dwnldz rcsetup153 (1) .exe

VirusTotal: C: Users JJAG Desktop scs1507.exe

VirusTotal: C: Games Sshock2 SHOCK2.EXE

Redémarrer:

Fin

*****************

Erreur: (0) Impossible de créer un point de restauration.

Les processus se sont clôturés avec succès.

"C: Users OWL AppData Local MEGAsync MEGAsync.exe" => introuvable

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain 001FD37A-44BA-4615-BE3D-0908D087B063" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 001FD37A-44BA-4615-BE3D-0908D087B063" => supprimé avec succès

C: WINDOWS System32 Tasks caproncapron => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree caproncapron" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain 0C613A82-1680-4825-9152-7D5CE1919786" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 0C613A82-1680-4825-9152-7D5CE1919786" => supprimé avec succès

C: WINDOWS System32 Tasks enregistre sed inchedsaves sed inched => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree enregistre sed inchedsaves sed inched" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon 16561E3C-1E2C-4125-BB4F-9B6089E14DFF" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 16561E3C-1E2C-4125-BB4F-9B6089E14DFF" => supprimé avec succès

C: WINDOWS System32 Tasks lucy_bavaria => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree lucy_bavaria" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain 4BA060D1-33E1-45C9-9AE3-A27EAF9A10EA" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 4BA060D1-33E1-45C9-9AE3-A27EAF9A10EA" => supprimé avec succès

C: WINDOWS System32 Tasks lilienthal_revokedlilienthal_revoked => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree lilienthal_revokedlilienthal_revoked" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon 54003798-E56B-49BC-A656-01E18BEFA773" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 54003798-E56B-49BC-A656-01E18BEFA773" => supprimé avec succès

C: WINDOWS System32 Tasks lilienthal_revoked => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree lilienthal_revoked" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon 9C269D53-0F3F-431C-B497-4798AC21278A" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 9C269D53-0F3F-431C-B497-4798AC21278A" => supprimé avec succès

C: WINDOWS System32 Tasks unutterable kourou => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree unutterable kourou" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain 9C725AC5-8D9D-41D6-BE44-522E16C78866" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 9C725AC5-8D9D-41D6-BE44-522E16C78866" => supprimé avec succès

C: WINDOWS System32 Tasks informinformed => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree informinformed" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon 9E1C977E-5E3D-42CB-A699-DF6C5927928A" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks 9E1C977E-5E3D-42CB-A699-DF6C5927928A" => supprimé avec succès

C: WINDOWS System32 Tasks saves sed inched => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree saves sed inched" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon A940258F-F2AA-499F-8CA0-D83BAE45C58E" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks A940258F-F2AA-499F-8CA0-D83BAE45C58E" => supprimé avec succès

C: WINDOWS System32 Tasks missionaries-zinn => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree missionaries-zinn" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon CA3A20AF-AD57-42D0-80B8-D1E592D9B666" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks CA3A20AF-AD57-42D0-80B8-D1E592D9B666" => supprimé avec succès

C: WINDOWS System32 Tasks capron => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree capron" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon CE27F6DF-1F6E-4BC3-9306-FE7C0CD6FB57" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks CE27F6DF-1F6E-4BC3-9306-FE7C0CD6FB57" => supprimé avec succès

C: WINDOWS System32 Tasks CORVALLIS => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree CORVALLIS" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain D42E0014-8435-415C-ACA8-241DD7941243" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks D42E0014-8435-415C-ACA8-241DD7941243" => supprimé avec succès

C: WINDOWS System32 Tasks missionaries-zinnmissionaries-zinn => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree missionaries-zinnmissionaries-zinn" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Plain F9880159-277A-4A7E-8AD1-7336550285E4" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks F9880159-277A-4A7E-8AD1-7336550285E4" => supprimé avec succès

C: WINDOWS System32 Tasks lucy_bavarialucy_bavaria => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree lucy_bavarialucy_bavaria" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Logon FEB06AA5-61D8-4469-BEEC-ADFCCF576469" => supprimé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tasks FEB06AA5-61D8-4469-BEEC-ADFCCF576469" => supprimé avec succès

C: WINDOWS System32 Tasks Informé => déplacé avec succès

"HKLM Software Microsoft Windows NT CurrentVersion Schedule TaskCache Tree informé" => supprimé avec succès

C: WINDOWS Tasks CORVALLIS.job => déplacé avec succès

HKLM SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects 8E5E2654-AD2D-48bf-AC2D-D17F00898D06 => supprimé avec succès

HKLM Software Classes CLSID 8E5E2654-AD2D-48bf-AC2D-D17F00898D06 => supprimé avec succès

HKLM SOFTWARE Wow6432Node Microsoft Windows CurrentVersion Explorer Browser Helper Objects 451C804F-C205-4F03-B48E-537EC94937BF => supprimé avec succès

HKLM Software Wow6432Node Classes CLSID 451C804F-C205-4F03-B48E-537EC94937BF => supprimé avec succès

HKLM SOFTWARE Wow6432Node Microsoft Windows CurrentVersion Explorer Browser Helper Objects B4F3A835-0E21-4959-BA22-42B3008E02FF => supprimé avec succès

HKLM Software Wow6432Node Classes CLSID B4F3A835-0E21-4959-BA22-42B3008E02FF => supprimé avec succès

HKLM Software Classes PROTOCOLS Handler WSWSVCUchrome => supprimé avec succès

Gestionnaire: WSWSVCUchrome – {1CA93FF0-A218-44F1 – Aucun fichier => n'a pas pu supprimer .: chemin d'accès incorrect.

HKLM Software Wow6432Node MozillaPlugins @ microsoft.com / OfficeAuthz, version = 14.0 => supprimé avec succès

HKLM Software Wow6432Node MozillaPlugins @ microsoft.com / SharePoint, version = 14.0 => supprimé avec succès

HKLM System CurrentControlSet Services mracsvc => supprimé avec succès

mracsvc => service supprimé avec succès

HKLM System CurrentControlSet Services mracdrv => supprimé avec succès

mracdrv => service supprimé avec succès

HKLM System CurrentControlSet Services idsvc => supprimé avec succès

idsvc => service supprimé avec succès

"C: Program Files (x86) Failing Undetectable.exe" => introuvable

"C: Users JJAG AppData Local Undetectable.exe" => introuvable

"C: Users JJAG AppData Local Ibex.exe" => introuvable

"C: Program Files (x86) Homosexually Undetectable.exe" => introuvable

"C: Program Files (x86) Homosexually Ibex.exe" => introuvable

"C: Program Files (x86) Envisions depictions.exe" => introuvable

"C: Program Files (x86) clanging Ibex.exe" => introuvable

"C: Program Files CORVALLIS CORVALLIS.exe" => introuvable

C: Windows System32 mracsvc.exe => déplacé avec succès

C: WINDOWS System32 drivers mracdrv.sys => déplacé avec succès

"VirusTotal: G: Program Files (x86) launcher.exe" => introuvable

"VirusTotal: E: dwnldz rcsetup153 (1) .exe" => introuvable

"VirusTotal: C: Users JJAG Desktop scs1507.exe" => introuvable

"VirusTotal: C: Games Sshock2 SHOCK2.EXE" => introuvable

Le système avait besoin d'un redémarrage.

==== Fin du Fixlog 23:42:45 ====

FRST:

Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2020

Ran par OWL (administrateur) sur B00M-P3WT0R (13-01-2020 23:49:49)

Exécution à partir de C: Users OWL Desktop

Profils chargés: OWL (Profils disponibles: JJAG & OWL)

Plateforme: Windows 10 Pro version 1909 18363.535 (X64) Langue: anglais (États-Unis)

Navigateur par défaut: Edge

Mode de démarrage: Normal

==================== Processus (sur liste blanche) =================

(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C: Program Files (x86) Common Files Adobe ARM 1.0 armsvc.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSettings.exe

(Advanced Micro Devices, Inc. -> AMD) C: Windows System32 DriverStore FileRepository͆453.inf_amd64_bc963e4e92e4ff40 B346420 atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C: Windows System32 DriverStore FileRepository͆453.inf_amd64_bc963e4e92e4ff40 B346420 atiesrxx.exe

(AMD) [File not signed] C: Program Files AMD Performance Profile Client AUEPLauncher.exe

(AMD) [File not signed] C: Program Files AMD Performance Profile Client AUEPMaster.exe

(AMD) [File not signed] C: Program Files AMD Performance Profile Client AUEPUF.exe

(Incorporation ASROCK ->) C: Program Files (x86) ASRock Utility A-Tuning Bin IOMonitorSrv.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(Brave Software, Inc. -> Brave Software, Inc.) C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe

(BUFFALO INC.) [File not signed] C: Program Files (x86) BUFFALO NASNAVI nassvc.exe

(CHENGDU YIWO Tech Development Co., Ltd. ->) C: Program Files (x86) EaseUS Todo Backup bin TodoBackupService.exe

(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C: Program Files (x86) EaseUS Todo Backup bin Agent.exe

(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C: Program Files Samsung USB Drivers 28_ssconn2 conn ss_conn_service2.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C: Program Files EnigmaSoft SpyHunter ShKernel.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C: Program Files EnigmaSoft SpyHunter ShMonitor.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C: Program Files EnigmaSoft SpyHunter SpyHunter5.exe

(Intel Corporation – Micrologiciel Intel® Management Engine -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe

(Intel Corporation – Firmware du moteur de gestion Intel® -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components FWService IntelMeFWService.exe

(Intel Corporation – Micrologiciel Intel® Management Engine -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components LMS LMS.exe

(Intel Corporation – Intel® Rapid Storage Technology -> Intel Corporation) C: Program Files Intel Intel® Rapid Storage Technology IAStorDataMgrSvc.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C: Users OWL AppData Local Microsoft OneDrive OneDrive.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows Microsoft.NET Framework64 v4.0.30319 SMSvcHost.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows Microsoft.NET Framework64 v4.0.30319 SMSvcHost.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 mqsvc.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 schtasks.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 spaceman.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 vds.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C: Program Files Realtek Audio HDA RAVCpl64.exe

(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C: Program Files Samsung USB Drivers 27_ssconn conn ss_conn_service.exe

(Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C: Program Files (x86) iSkysoft IAF 2.4.3.227 IsAppService.exe

==================== Registre (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM … Run: [RTHDVCPL] => C: Program Files Realtek Audio HDA RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKU S-1-5-21-526169441-3370718946-2259949942-1162 … RunOnce: [Application Restart #2] => C: Program Files (x86) BraveSoftware Brave-Browser Application brave.exe [1916560 2019-06-27] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 79.0.3945.117 Installer chrmstp.exe [2020-01-07] (Google LLC -> Google LLC)

HKLM Software Microsoft Active Setup Installed Components: [AFE6A462-C574-4B8A-AF43-4CC60DF4563B] -> C: Program Files (x86) BraveSoftware Brave-Browser Application 75.0.66.99 Installer chrmstp.exe [2019-07-12] (Brave Software, Inc.) [File not signed]

HKLM Software … Authentication Credential Providers: [3AFAB1A7-F3DB-4DED-B51B-25E34D21D798] -> C: WINDOWS system32 USBKeyCredentialProvider.dll [2014-07-31] (Incorporation ASROCK ->)

HKLM Software … Authentication Credential Providers: [503739d0-4c5e-4cfd-b3ba-d881334f0df2] ->

Démarrage: C: Users JJAG AppData Roaming Microsoft Windows Start Menu Programs Startup MEGAsync.lnk [2019-08-24]

ShortcutTarget: MEGAsync.lnk -> C: Users OWL AppData Local MEGAsync MEGAsync.exe (aucun fichier)

GroupPolicy: Restriction? <==== ATTENTION

==================== Tâches planifiées (liste blanche) ============

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

Tâche: 018587C3-AA9F-4920-A4CD-83A90986D0AD – System32 Tasks 3E549E52-368E-4BF8-B45E-7F14D3F2FAB6 => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 01D7D51F-53FF-4150-A708-CA6695608405 – Tâche de mise à jour System32 Tasks MEGA MEGAsync S-1-5-21-526169441-3370718946-2259949942-1000 => C: Users JJAG AppData Local MEGAsync MEGAupdater.exe [615160 2019-09-02] (Mega Limited -> Mega Limited)

Tâche: 022C32F4-0C5B-4B95-9207-724902530F11 – System32 Tasks Microsoft Windows Media Center DispatchRecoveryTasks => C: WINDOWS ehome ehPrivJob.exe

Tâche: 04FE2A24-9E70-4FC0-9D6A-9CD74DFE72C1 – System32 Tasks 328E268A-69BC-4D2F-B50D-275A7C0B1E9A => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 0D1760B3-F9FE-4D9B-8D87-6DF861DD8C6D – System32 Tasks SafeZone prévu Autoupdate 1475027896 => C: Program Files AVAST Software SZBrowser launcher.exe

Tâche: 180BBBED-EF7C-44D2-86C4-1E388FAD5F17 – System32 Tasks EA502867-33D5-49BC-B933-DC190FC3C587 => E: dwnldz mb3-setup-37469.37469-3.8.3.2965-1.0.613- 1.0.11270.exe [64333800 2019-08-28] (Malwarebytes Corporation -> Malwarebytes)

Tâche: 1C6172F8-53BA-4F0F-9C04-4C839B30E7F4 – System32 Tasks EA757601-B666-4AC4-9340-74A044244175 => C: Games Sshock2 SHOCK2.EXE

Tâche: 1DCD2E85-83A2-464E-A409-70136ABF08DC – System32 Tasks Games UpdateCheck_S-1-5-21-526169441-3370718946-2259949942-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE5

Tâche: 20465750-ED20-45C5-9906-465FE8626512 – System32 Tasks 5EEEB279-0CB0-441E-A167-B441F53808AA => C: Windows system32 pcalua.exe -a C: Users JJAG Desktop Sims3_1.6.6.002002_from_1.0.631.00002 (1) .exe -d C: Users JJAG Desktop

Tâche: 240B698A-0533-48DF-B8C5-36D62735445C – System32 Tasks Microsoft Windows Media Center PvrScheduleTask => C: WINDOWS ehome mcupdate.exe

Tâche: 24AFC750-2D45-4DA6-B3D8-FF07158F7B9D – System32 Tasks Microsoft Windows SideShow GadgetManager => FF87090D-4A9A-4f47-879B-29A80C355D61

Tâche: 24E5E0C7-53AD-42EF-8900-B79E8C08768D – System32 Tasks 53DD572E-91FC-4B49-8093-18ACA978ADF8 => C: Windows system32 pcalua.exe -a G: setup.exe – d G:

Tâche: 2735D01D-76B7-4AEA-AB6C-27082391AEC4 – System32 Tasks 5C5F7DAD-FACF-45A8-8192-7CEDD1B64AF1 => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 2C04924D-7A4C-435E-99C2-610D6C28B12D – System32 Tasks E2E7CB76-2EB0-4CB2-BBCD-3F65C9D44FCF => C: Windows system32 pcalua.exe -a C: Users JJAG Desktop Domination_install_1.1.1.6.exe -d C: Users JJAG Desktop

Tâche: 2C2F68CA-8DDF-4B67-A684-267413D1B70D – System32 Tasks BraveSoftwareUpdateTaskMachineCore => C: Program Files (x86) BraveSoftware Update BraveUpdate.exe [159368 2019-07-12] (Brave Software, Inc. -> BraveSoftware Inc.)

Tâche: 2CDAA618-9A87-450E-A0F9-FCBB264B47A5 – System32 Tasks Microsoft Windows Media Center OCURActivate => C: WINDOWS ehome ehPrivJob.exe

Tâche: 2D1FF361-5FC3-4FA0-8C97-7AC2F2FF1783 – System32 Tasks Microsoft Windows Media Center ObjectStoreRecoveryTask => C: WINDOWS ehome mcupdate.exe

Tâche: 2E2BB0E1-0619-4778-84DF-CCE60331F5A0 – System32 Tasks 151CA858-D44C-4470-A0C5-E5FC785B3D3E => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 2FD28EF0-5479-4616-82A6-8BF14B7910CB – System32 Tasks Microsoft Windows Media Center PBDADiscoveryW1 => C: WINDOWS ehome ehPrivJob.exe

Tâche: 34C270A3-2C4F-4C76-9114-E7567794BE2C – System32 Tasks BEFF8373-328B-40C1-B703-9D2C031C8D90 => C: Windows system32 pcalua.exe -a C: Users JJAG Downloads Domination_install_1.1.1.6.exe -d C: Users JJAG Downloads

Tâche: 3553E593-7EB4-4D34-BFB8-A5A3E610CC7C – System32 Tasks 9DF8E528-B238-4DC5-9FA8-FB7550AC2817 => E: dwnldz rcsetup153.exe

Tâche: 36789684-5E0D-451E-9DC4-6DC6D0E56F8E – System32 Tasks 586F8A18-7F8A-4D6F-A880-9C1FD2CE7FFE => G: Program Files (x86) launcher.exe <==== ATTENTION

Tâche: 384ACF98-D16F-41FC-A558-7667E2A842CF – System32 Tasks Microsoft Windows Media Center PeriodicScanRetry => C: WINDOWS ehome MCUpdate.exe

Tâche: 3B8B23F1-9DA7-4C53-B574-E4F6D333169C – System32 Tasks 0185E367-318D-41C9-9D22-EC816AE8FE1C => C: Windows system32 pcalua.exe -a D: SPORESetup.exe – d D:

Tâche: 3CA0301B-8888-406E-A9A3-B71A8F41AD1A – System32 Tasks 96C25C6C-A968-4D8A-9175-A669432B8775 => C: Program Files (x86) Symantec Norton PartitionMagic 8.0 PMagic.exe

Tâche: 3DEAE040-BC65-43F8-9C34-F932EEA18BA9 – System32 Tasks D2A39763-7DF2-4D1B-8767-814A6758DE5F => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 417CBD1D-572E-48E3-87E8-A5660674BD0F – System32 Tasks Microsoft Windows Media Center RecordingRestart => C: WINDOWS ehome ehrec.exe

Tâche: 41DBE814-B440-4129-888C-68F306EBF67D – System32 Tasks Microsoft Windows Media Center OCURDiscovery => C: WINDOWS ehome ehPrivJob.exe

Tâche: 4261C004-B34A-45A1-8943-4604A6A7CAD3 – System32 Tasks IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C: Program Files (x86) Intel Intel® Update Manager bin iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)

Tâche: 44D0CA6D-3A62-4D7E-A47E-6D84868550A5 – System32 Tasks StartCN => C: Program Files AMD CNext CNext cncmd.exe [61112 2019-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Tâche: 45040C33-A8EF-43B1-AAA6-A684D54363FC – System32 Tasks Microsoft Windows Media Center ActivateWindowsSearch => C: WINDOWS ehome ehPrivJob.exe

Tâche: 46F07DED-2AB5-4E0C-8D90-4587C6413AD2 – System32 Tasks 7316FEEB-F3BC-45B8-AEC9-8076BB97795C => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 486D715E-6AA2-44CF-BC48-B6990CBB53C6 – System32 Tasks Microsoft Windows Shell WindowsParentalControlsMigration => 343D770D-7788-47c2-B62A-B7C4CED925CB

Tâche: 48D34394-DECB-49C6-BCAB-7DA044B6D141 – System32 Tasks Microsoft Windows SideShow SessionAgent => 45F26E9E-6199-477F-85DA-AF1EDfE067B1

Tâche: 48ED6BFA-3B05-4315-8570-6718576816B9 – System32 Tasks F76EC954-0E74-474C-81E6-15846DF98353 => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 4A6C9ED4-5B7C-4A83-91F9-D8F28BCE9A3A – System32 Tasks IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C: Program Files (x86) Intel Intel® Update Manager bin iumsvc .EXE [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)

Tâche: 4BB5B9E2-12FC-4A58-A3C4-C620B4E63782 – System32 Tasks Microsoft Windows Media Center PBDADiscovery => C: WINDOWS ehome ehPrivJob.exe

Tâche: 4E1B88F5-8E6A-4E80-B6C2-04EFAB5AD380 – System32 Tasks Microsoft Windows Media Center UpdateRecordPath => C: WINDOWS ehome ehPrivJob.exe

Tâche: 4F4A0C2B-D2F9-420A-9903-752F535B6AB4 – System32 Tasks Kingston SSD Toolbox => C: Program Files (x86) Kingston SSD Toolbox Kingston SSD Toolbox.exe

Tâche: 57C3F39D-6A75-4B2B-A653-FEBB6C6B9FE7 – System32 Tasks 04E55847-AED5-45ED-B817-462F8F136EB7 => E: dwnldz rcsetup153 (1) .exe

Tâche: 5B42DD9C-5A26-4F27-BB95-34603F0997E5 – System32 Tasks Microsoft Windows Shell WindowsParentalControls => DFA14C43-F385-4170-99CC-1B7765FA0E4A

Tâche: 5C652317-FC20-4080-BC7C-AA6D122D324B – Tâche de mise à jour System32 Tasks Microsoft Windows Live SOXE Extractor Definitions => 3519154C-227E-47F3-9CC9-12C3F05817F1

Tâche: 5E70A440-1D86-43F5-84B6-C72AA0103F1C – System32 Tasks Microsoft Windows Media Center ConfigureInternetTimeService => C: WINDOWS ehome ehPrivJob.exe

Tâche: 605626FD-D91F-4F14-BDEB-3895EDD0B731 – System32 Tasks 1C6845D6-3CAE-492D-A920-C726D48C2AD5 => C: Windows system32 pcalua.exe -a C: Users JJAG Bureau scs1507.exe -d C: Users JJAG Desktop

Tâche: 61D91425-E490-40FD-8C9A-32D360644A28 – System32 Tasks unutterable kourouunutterable kourou => C: Program Files (x86) Homosexually Ibex.exe

Tâche: 62F31E9C-BCD5-415F-9B9E-AC8BD93BA043 – System32 Tasks AMDLinkUpdate => C: Program Files AMD CIM BIN64 InstallManagerApp.exe [468992 2019-09-03] (Advanced Micro Devices, Inc.) [File not signed]

Tâche: 6B8E5587-3C3F-4EE1-A55B-2D47357ED377 – System32 Tasks Microsoft Windows Media Center ReindexSearchRoot => C: WINDOWS ehome ehPrivJob.exe

Tâche: 6B90A49E-EB9A-4FAA-9157-6D473297B16B – System32 Tasks Microsoft Windows Media Center InstallPlayReady => C: WINDOWS ehome ehPrivJob.exe

Tâche: 7A5EE066-0B98-45D1-BC47-643C014DCDEA – System32 Tasks E6505B3C-9234-4A23-8427-601D9145A13C => C: Windows system32 pcalua.exe -a D: DoWNL0AdZ Toon. Boom.StoryBoard.Pro.v8.1.0.4108.[F.B] StoryboardPro_Trial.exe -d D: DoWNL0AdZ Toon.Boom.StoryBoard.Pro.v8.1.0.4108.[F.B]

Tâche: 7C7C9197-F038-42CD-8212-2F7D6DBDC00A – System32 Tasks 554AA649-B798-4649-8D78-87D9CE950F1C => C: Windows system32 pcalua.exe -a G: autorun.exe – d G:

Tâche: 7DB2A67B-C335-4E6A-88F5-FEC1DA744BB7 – System32 Tasks 056A9A34-8C5F-4D5E-B731-CA576E574F7E => C: Users JJAG Desktop eclipse eclipse.exe

Tâche: 85AA8E1F-FD39-42DD-BDF5-251F233E793E – System32 Tasks Microsoft Windows Media Center MediaCenterRecoveryTask => C: WINDOWS ehome mcupdate.exe

Tâche: 8AF44F0D-BCEB-4CCF-88D3-96F422BEDAA9 – System32 Tasks 3C23679E-CC08-4D75-949C-E5E40DF4EB82 => C: Windows system32 pcalua.exe -a D: DoWNL0AdZ Antichamber Binaries UnSetup.exe -d D: DoWNL0AdZ Antichamber Binaries

Tâche: 8C16175D-53A9-4E73-A2CE-61742FF63CAD – System32 Tasks 5BC55AA5-2D2B-493A-80AA-5B89D67A23DE => E: dwnldz rcsetup153 (1) .exe

Tâche: 9209B194-9590-466A-98C9-1DE184EFAD52 – System32 Tasks 48C82E03-44FF-49FD-80C3-3B6D0E719DC1 => E: dwnldz mb3-setup-37469.37469-3.8.3.2965-1.0.613 1.0.11270.exe [64333800 2019-08-28] (Malwarebytes Corporation -> Malwarebytes)

Tâche: 976AD7B9-5C77-4DD9-BAAA-B85795845B3D – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2017-12-12] (Google Inc -> Google Inc.)

Tâche: 9957557E-A93D-463B-BAF6-3D9C9409AD6F – System32 Tasks AMDInstallUEP => C: Program Files AMD InstallUEP AMDInstallUEP.exe [2356736 2019-04-14] () [File not signed]

Tâche: A2286CE0-0F55-48C4-9DAC-5B60262C38DB – System32 Tasks BraveSoftwareUpdateTaskMachineUA => C: Program Files (x86) BraveSoftware Update BraveUpdate.exe [159368 2019-07-12] (Brave Software, Inc. -> BraveSoftware Inc.)

Tâche: A233E047-3F23-440C-ACDD-41CD186027A0 – System32 Tasks Microsoft Windows SideShow AutoWake => E51DFD48-AA36-4B45-BB52-E831F02E8316

Tâche: A9584CEE-8EDD-45BD-A4F1-69F660FFEB81 – System32 Tasks ModifyLinkUpdate => C: Program Files AMD CIM Bin64 InstallManagerApp.exe [468992 2019-09-03] (Advanced Micro Devices, Inc.) [File not signed]

Tâche: B0CBAB43-44FC-469B-A4CE-87426761FDCE – System32 Tasks Microsoft Windows PerfTrack BackgroundConfigSurveyor => EA9155A3-8A39-40b4-8963-D3C761B18371

Task: B342F0CB-B540-4DC8-AF57-2F19A313E99E – System32TasksMicrosoftWindowsSideShowSystemDataProviders => 7CCA6768-8373-4D28-8876-83E8B4E3A969

Task: B43B7DEB-8BB8-471D-ABB2-F71C11DBEE64 – System32Tasks890B87B1-5DE7-4BD5-B1CC-788E78D89E1E => C:GamesSshock2SHOCK2.EXE

Task: B6F2572D-A958-4FB7-8093-DD226E29FB56 – System32TasksAVAST SoftwareAvast settings backup => C:Program FilesCommon FilesAVavast! Antivirusbackup.exe

Task: BAA4D7E6-7BDC-4F77-9B3A-BFC7FFA80187 – System32Tasks9C50D8FE-0039-49CC-A198-8A671C4A3EA9 => C:UsersJJAGDesktopeclipseeclipse.exe

Task: BD19E99B-6409-4ED1-B6DE-E74A89262D6F – System32TasksMicrosoftWindowsMedia CenterPvrRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: C02ED385-FACB-4F74-B8F4-B70F0C339756 – System32TasksMicrosoftWindowsMedia CenterPBDADiscoveryW2 => C:WINDOWSehomeehPrivJob.exe

Task: CA4B434C-030F-41E9-BE7C-68A64A54D6C5 – System32TasksMicrosoftWindowsMedia CenterRegisterSearch => C:WINDOWSehomeehPrivJob.exe

Task: CBBA9263-2097-495A-98DE-5360B0DF197F – System32TasksMicrosoftWindowsMedia CenterSqlLiteRecoveryTask => C:WINDOWSehomemcupdate.exe

Task: CFA1E5B6-584D-4784-9B86-72F09B740BD5 – System32TasksMicrosoftMicrosoft AntimalwareMicrosoft Antimalware Scheduled Scan => C:Program FilesMicrosoft Security Client\MpCmdRun.exe

Task: D2D52E10-1B57-4497-BA55-A1980CB1D6C3 – System32Tasks47B6DAB2-C9DB-4535-9045-327925D70FFB => E:dwnldzrcsetup153 (1).exe

Task: D38ACD7A-70AD-4726-98CB-F32393D4AB35 – System32TasksE4B1FC4A-28E3-41A3-BBCD-8589DE5BF026 => C:Windowssystem32pcalua.exe -a C:UsersJJAGDownloadsvcredist_x86.exe -d C:UsersJJAGDownloads

Task: D50B4962-E75C-486A-91A2-C05F4173660F – System32Tasks6563EAB6-C90A-4CB0-93C6-C1A43D3BCCC5 => C:Windowssystem32pcalua.exe -a "G:CDdNero 2016 Platinum v17.0.02000 + Crack [TechTools.net]Nero 2016 Platinum v17.0.02000 + Crack [TechTools.net]setup_contentpack.exe" -d "G:CDdNero 2016 Platinum v17.0.02000 + Crack [TechTools.net]Nero 2016 Platinum v17.0.02000 + Crack [TechTools.net]"

Task: D6F1BB6E-D3C6-4B27-9CA1-F26655CBDDB8 – System32TasksStartCNBM => C:Program FilesAMDCNextCNextcncmd.exe [61112 2019-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: DA70D56B-E940-4AD4-A812-FA7D73EA972A – System32TasksA4DE8692-555C-4B7F-8692-E714F982E88C => C:UsersJJAGDesktopeclipseeclipse.exe

Task: DC166B8C-5AEC-4A89-9393-F9B54EE327C6 – System32Tasks8B64F6CB-916E-43D5-86DF-1C424C809450 => C:UsersJJAGDesktopeclipseeclipse.exe

Task: DCAF2043-E35C-4878-A31F-B98A74D8FB73 – System32TasksMicrosoftWindowsMedia Centermcupdate => C:WINDOWSehomemcupdate.exe

Task: DE06DA82-A28D-4482-AE44-4022DEB91645 – System32TasksStartDVR => C:Program FilesAMDCNextCNextRSServCmd.exe [68280 2019-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: DFD47274-C06B-471E-AF76-007D104E00C9 – System32TasksMicrosoftWindowsMobilePCHotStart => 06DA0625-9701-43da-BFD7-FBEEA2180A1E

Task: E8E2E695-B4F3-4166-88A6-A5FCBD2C95A9 – System32TasksAsrSP.exe => C:Program Files (x86)ASRock UtilityA-TuningBinAsrSP.exe [2461960 2014-05-27] (ASROCK Incorporation -> )

Task: F584C5B8-C5AA-4EB4-AB62-56CD4E9D534A – System32TasksSidebarExecute => C:Program FilesWindows Sidebarsidebar.exe

Task: F82539FB-01C7-4D44-B22C-4CBEE85ABAE7 – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2017-12-12] (Google Inc -> Google Inc.)

Task: F9439CDA-C04C-40C2-8FB2-CF0D1A4ECC69 – System32TasksEA776C43-07B3-4E5D-86D3-82A998D6052D => C:Windowssystem32pcalua.exe -a C:UsersJJAGDownloadsforge-1.8-11.14.3.1450-installer-win.exe -d C:UsersJJAGDownloads

Task: FE4BBADB-D0C2-4091-AC5C-9B28DF138E50 – System32TasksMicrosoftWindowsMedia CenterehDRMInit => C:WINDOWSehomeehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 64.19.96.69 64.19.96.72

Tcpip..Interfaces88C5E5B-9439-4154-A937-B50A865E7A32: [DhcpNameServer] 192.168.42.129

Tcpip..Interfaces4610ADD3-88E8-47C9-A32B-56591EB2098D: [DhcpNameServer] 64.19.96.69 64.19.96.72

Tcpip..InterfacesF834D23B-3967-4D1F-9650-95C81D80D47C: [DhcpNameServer] 192.168.50.1

Internet Explorer:

==================

BHO: SteadyVideoBHO Class -> 6C680BAE-655C-4E3D-8FC4-E6A520C3D928 -> C:Program FilesAMDSteadyVideoSteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

BHO: Groove GFS Browser Helper -> 72853161-30C5-4D22-B7F9-0BBC1D38A37E -> C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:Program FilesJavajre1.8.0_91binssv.dll [2016-04-22] (Oracle America, Inc. -> Oracle Corporation)

BHO: Office Document Cache Handler -> B4F3A835-0E21-4959-BA22-42B3008E02FF -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:Program FilesJavajre1.8.0_91binjp2ssv.dll [2016-04-22] (Oracle America, Inc. -> Oracle Corporation)

FireFox:

========

FF DefaultProfile: 6abof1xn.default

FF ProfilePath: C:UsersOWLAppDataRoamingMozillaFirefoxProfiles6abof1xn.default [2019-08-28]

FF ProfilePath: C:UsersOWLAppDataRoamingMozillaFirefoxProfiles50jp6tk2.default-release [2020-01-13]

FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_25_0_0_171.dll [2017-05-18] (Adobe Systems Incorporated -> )

FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:Program FilesJavajre1.8.0_91bindtpluginnpDeployJava1.dll [2016-04-22] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:Program FilesJavajre1.8.0_91binplugin2npjp2.dll [2016-04-22] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~1Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:Program FilesUnityWebPlayer64loader-x64npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)

FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:Program FilesVideoLANVLCnpvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_25_0_0_171.dll [2017-05-18] (Adobe Systems Incorporated -> )

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:Program Files (x86)IntelIntel® Management Engine ComponentsIPTnpIntelWebAPIIPT.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel® Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:Program Files (x86)BraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-07-12] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:Program Files (x86)BraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-07-12] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.35.422npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.35.422npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeReader 11.0ReaderAIRnppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:

=======

CHR Notifications: Default -> hxxps://www.youtube.com

CHR Profile: C:UsersOWLAppDataLocalGoogleChromeUser DataDefault [2020-01-12]

CHR Extension: (Avira Browser Safety) – C:UsersOWLAppDataLocalGoogleChromeUser DataDefaultExtensionsflliilndjeohchalpbbcdekjklbdgfkk [2019-11-06]

CHR Extension: (Chrome Web Store Payments) – C:UsersOWLAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2019-11-06]

CHR Extension: (Chrome Media Router) – C:UsersOWLAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-06]

CHR HKLM…ChromeExtension: [flliilndjeohchalpbbcdekjklbdgfkk]

CHR HKLM-x32…ChromeExtension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:WINDOWSSystem32DriverStoreFileRepository͆453.inf_amd64_bc963e4e92e4ff40B346420atiesrxx.exe [508632 2019-09-04] (Advanced Micro Devices, Inc. -> AMD)

S4 AMD FUEL Service; C:Program FilesAMDATI.ACEFuelFuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]

R2 ASRockIOMon; C:Program Files (x86)ASRock UtilityA-TuningBinIOMonitorSrv.exe [463112 2014-07-31] (ASROCK Incorporation -> )

R2 AUEPLauncher; C:Program FilesAMDPerformance Profile ClientAUEPLauncher.exe [43008 2019-09-03] (AMD) [File not signed]

R2 EaseUS Agent; C:Program Files (x86)EaseUSTodo BackupbinAgent.exe [40104 2019-09-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

R2 EsgShKernel; C:Program FilesEnigmaSoftSpyHunterShKernel.exe [11780320 2019-11-26] (EnigmaSoft Limited -> EnigmaSoft Limited)

S4 GalaxyCommunication; C:ProgramDataGOG.comGalaxyredistsGalaxyCommunication.exe [6920248 2015-09-02] (GOG Limited -> GOG.com)

S4 Intel® Capability Licensing Service TCP IP Interface; C:Program FilesInteliCLS ClientSocketHeciServer.exe [887232 2014-01-31] (Intel® Trusted Connect Service -> Intel® Corporation)

R2 Intel® ME Service; C:Program Files (x86)IntelIntel® Management Engine ComponentsFWServiceIntelMeFWService.exe [131544 2014-03-20] (Intel Corporation – Intel® Management Engine Firmware -> Intel Corporation)

R2 IsAppService; C:Program Files (x86)IskysoftIAF2.4.3.227IsAppService.exe [492296 2017-06-19] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)

S3 iumsvc; C:Program Files (x86)IntelIntel® Update Managerbiniumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)

R2 jhi_service; C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe [154584 2014-03-20] (Intel Corporation – Intel® Management Engine Firmware -> Intel Corporation)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [6960640 2020-01-12] (Malwarebytes Inc -> Malwarebytes)

R2 NasPmService; C:Program Files (x86)BUFFALONASNAVInassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]

S4 PnkBstrA; C:WindowsSysWOW64PnkBstrA.exe [76888 2013-06-02] (Even Balance, Inc. -> )

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5796168 2019-09-04] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ShMonitor; C:Program FilesEnigmaSoftSpyHunterShMonitor.exe [519904 2019-11-26] (EnigmaSoft Limited -> EnigmaSoft Limited)

S3 ss_conn_launcher_service; C:WINDOWSSystem32SamsungEasySetupss_conn_launcher.exe [182112 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R2 ss_conn_service; C:Program FilesSamsungUSB Drivers27_ssconnconnss_conn_service.exe [752224 2019-08-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)

R2 ss_conn_service2; C:Program FilesSamsungUSB Drivers28_ssconn2connss_conn_service2.exe [780328 2019-08-16] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 WsAppService; C:Program Files (x86)WondershareWAF2.4.3.233WsAppService.exe [493792 2017-11-07] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdiox64; C:WINDOWSSystem32DRIVERSamdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R3 amdkmdag; C:WINDOWSSystem32DriverStoreFileRepository͆453.inf_amd64_bc963e4e92e4ff40B346420atikmdag.sys [60632792 2019-09-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 amdkmdap; C:WINDOWSSystem32DriverStoreFileRepository͆453.inf_amd64_bc963e4e92e4ff40B346420atikmpag.sys [598232 2019-09-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

S0 amd_sata; C:WINDOWSSystem32driversamd_sata.sys [82560 2012-02-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

S0 amd_xata; C:WINDOWSSystem32driversamd_xata.sys [42624 2012-02-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

U5 androidusb; C:WindowsSystem32Driversandroidusb.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)

R2 AODDriver4.3; C:Program FilesAMDATI.ACEFuelamd64AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R1 AsrAppCharger; C:WINDOWSSystem32DRIVERSAsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows ® Win 7 DDK provider)

S3 AsrDrv101; C:WindowsSysWOW64DriversAsrDrv101.sys [22280 2015-08-22] (ASROCK Incorporation -> ASRock Incorporation)

R0 AsrRamDisk; C:WINDOWSSystem32driversAsrRamDisk.sys [40200 2013-08-02] (ASROCK Incorporation -> ASRock Inc.)

R3 AtiHDAudioService; C:WINDOWSsystem32driversAtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)

S3 CMUSBDAC; C:WINDOWSsystem32DRIVERSCMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)

S3 dg_ssudbus; C:WINDOWSsystem32DRIVERSssudbus.sys [135520 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 dtlitescsibus; C:WINDOWSSystem32driversdtlitescsibus.sys [30264 2015-11-11] (Disc Soft Ltd -> Disc Soft Ltd)

R3 EnigmaFileMonDriver; C:WINDOWSSystem32driversEnigmaFileMonDriver.sys [68424 2020-01-13] (EnigmaSoft Limited -> EnigmaSoft Limited)

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [153312 2020-01-12] (Malwarebytes Corporation -> Malwarebytes)

R0 EUBAKUP; C:WINDOWSSystem32driverseubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

R0 EUBKMON; C:WINDOWSSystem32driversEUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 EUDSKACS; C:WINDOWSsystem32driverseudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

R1 EUFDDISK; C:WINDOWSsystem32driversEuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

S3 HTCAND64; C:WINDOWSSystem32DriversANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)

S3 htcnprot; C:WINDOWSsystem32DRIVERShtcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)

S3 HtcVCom32; C:WINDOWSSystem32DRIVERSHtcVComV64.sys [121800 2010-03-08] (Sqa.com(Test) -> QUALCOMM Incorporated)

R3 ikbevent; C:WINDOWSSystem32DRIVERSikbevent.sys [22216 2014-05-27] (Intel CASE -> )

R3 imsevent; C:WINDOWSSystem32DRIVERSimsevent.sys [22728 2014-05-27] (Intel CASE -> )

S3 INETMON; C:WindowsSystem32DriversINETMON.sys [25800 2014-05-27] (Intel CASE -> )

R3 ISCT; C:WINDOWSSystem32driversISCTD.sys [44744 2014-05-27] (Intel CASE -> )

R1 ISODrive; C:Program Files (x86)UltraISOdriversISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

R0 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [218288 2020-01-12] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [20936 2020-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [226448 2020-01-13] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [73584 2020-01-13] (Malwarebytes Corporation -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248968 2020-01-13] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [105112 2020-01-13] (Malwarebytes Inc -> Malwarebytes)

R3 MEIx64; C:WINDOWSsystem32DRIVERSTeeDriverx64.sys [129312 2014-09-30] (Intel Corporation – Embedded Subsystems and IP Blocks Group -> Intel Corporation)

S3 pbfilter; C:Program FilesPeerBlockpbfilter.sys [22600 2014-01-04] (PeerBlock, LLC -> )

R3 rt640x64; C:WINDOWSSystem32driversrt640x64.sys [662528 2019-03-18] (Microsoft Windows -> Realtek )

S3 silabenm; C:WINDOWSSystem32DRIVERSsilabenm.sys [27336 2013-10-24] (Silicon Laboratories -> Silicon Laboratories) [File not signed]

S0 sptd; C:WINDOWSSystem32Driverssptd.sys [381608 2015-11-11] (Disc Soft Ltd -> Duplex Secure Ltd.)

S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [166752 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 ss_conn_usb_driver2; C:WINDOWSSystem32Driversss_conn_usb_driver2.sys [43360 2019-08-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 tap-tb-0901; C:WINDOWSSystem32DRIVERStap-tb-0901.sys [38656 2016-09-21] (TunnelBear, Inc. -> The OpenVPN Project)

R1 veracrypt; C:WINDOWSSystem32driversveracrypt.sys [829320 2019-09-04] (IDRIX -> IDRIX)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

S3 wdm_usb; C:WINDOWSsystem32DRIVERSusb2ser.sys [151184 2016-07-15] (NGO -> MBB)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-13 23:44 – 2020-01-13 23:44 – 000073584 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2020-01-13 23:43 – 2020-01-13 23:43 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2020-01-13 23:43 – 2020-01-13 23:43 – 000226448 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2020-01-13 23:43 – 2020-01-13 23:43 – 000105112 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2020-01-13 23:42 – 2020-01-13 23:42 – 000013026 _____ C:UsersOWLDesktopFixlog.txt

2020-01-12 20:47 – 2020-01-12 20:47 – 000000000 ___HD C:OneDriveTemp

2020-01-12 17:18 – 2020-01-12 17:19 – 000065480 _____ C:UsersOWLDesktopAddition.txt

2020-01-12 17:17 – 2020-01-13 23:50 – 000038485 _____ C:UsersOWLDesktopFRST.txt

2020-01-12 17:17 – 2020-01-13 23:50 – 000000000 ____D C:FRST

2020-01-12 17:10 – 2020-01-12 17:10 – 002573312 _____ (Farbar) C:UsersOWLDesktopFRST64.exe

2020-01-12 13:58 – 2020-01-12 13:58 – 000000000 ____D C:UsersDefaultAppDataLocalD3DSCache

2020-01-12 13:58 – 2020-01-12 13:58 – 000000000 ____D C:UsersDefaultAppDataLocalAMD

2020-01-12 13:58 – 2020-01-12 13:58 – 000000000 ____D C:UsersDefault UserAppDataLocalD3DSCache

2020-01-12 13:58 – 2020-01-12 13:58 – 000000000 ____D C:UsersDefault UserAppDataLocalAMD

2020-01-12 07:53 – 2020-01-12 07:53 – 000000000 ____D C:UsersOWLAppDataLocalmbam

2020-01-12 07:52 – 2020-01-12 07:52 – 000218288 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2020-01-12 07:52 – 2020-01-12 07:52 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2020-01-12 07:52 – 2020-01-12 07:52 – 000002039 _____ C:UsersPublicDesktopMalwarebytes.lnk

2020-01-12 07:52 – 2020-01-12 07:52 – 000000000 ____D C:UsersOWLAppDataLocalmbamtray

2020-01-12 07:52 – 2020-01-12 07:52 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes

2020-01-12 07:52 – 2020-01-12 07:52 – 000000000 ____D C:ProgramDataMalwarebytes

2020-01-12 07:52 – 2020-01-12 07:51 – 000020936 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2020-01-12 07:50 – 2020-01-12 07:50 – 000000000 ____D C:Program FilesMalwarebytes

2020-01-11 23:52 – 2020-01-11 23:52 – 000000000 ____D C:UsersOWLAppDataLocalOneDrive

2020-01-09 06:59 – 2020-01-09 06:59 – 001163359 _____ C:UsersOWLDesktoparbatel-of-magick.pdf

2020-01-09 06:53 – 2020-01-09 06:53 – 000162628 _____ C:UsersOWLDesktop1_Rs97e7a9heiZnl51Rw_E7A.jpeg

2020-01-08 15:53 – 2020-01-12 00:11 – 000000000 ____D C:UsersOWLAppDataRoamingvlc

2020-01-08 15:52 – 2020-01-08 15:52 – 000000000 ____D C:UsersOWLAppDataRoamingdvdcss

2020-01-07 22:51 – 2020-01-07 22:51 – 000000000 ____D C:easeus_tb_cloud

2020-01-07 22:08 – 2020-01-08 15:51 – 000000000 ____D C:UsersOWLAppDataRoamingImgBurn

2020-01-04 22:31 – 2020-01-04 22:31 – 000056087 _____ C:UsersOWLDesktopSC212134233.jpeg

2020-01-03 02:53 – 2020-01-03 02:58 – 000001745 _____ C:UsersOWLDocumentsmofth j0ke.txt

2019-12-24 11:08 – 2019-12-24 11:08 – 000000000 ____D C:ProgramDataEmsisoft

2019-12-24 11:05 – 2019-12-24 20:17 – 000000000 ____D C:EEK

2019-12-20 08:35 – 2019-12-20 08:35 – 000006835 _____ C:UsersOWLDesktopimages (1).jpeg

2019-12-20 08:30 – 2019-12-20 08:30 – 000006193 _____ C:UsersOWLDesktopimages.jpeg

2019-12-20 08:28 – 2019-12-20 08:28 – 000088483 _____ C:UsersOWLDesktopdownload.html

2019-12-20 02:34 – 2019-12-20 02:35 – 000941740 _____ C:UsersOWLDesktopWindows6.0-KB933246-x64.msu

2019-12-20 01:48 – 2019-12-20 01:48 – 000001193 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSamsung DeX.lnk

2019-12-20 01:48 – 2019-12-20 01:48 – 000001181 _____ C:UsersPublicDesktopSamsung DeX.lnk

2019-12-18 01:39 – 2019-12-18 01:39 – 000000000 ____D C:UsersOWLAppDataLocalElevatedDiagnostics

2019-12-18 01:26 – 2020-01-13 23:28 – 000000000 ____D C:UsersOWLDesktopcleaned

2019-12-17 22:59 – 2019-12-17 23:00 – 000000198 _____ C:UsersOWLDesktopDocument1.txt

2019-12-16 00:51 – 2019-12-16 00:51 – 000000000 ____D C:UsersOWLDocumentsMixpad Projects

2019-12-16 00:50 – 2019-12-16 00:50 – 000000000 ____D C:UsersOWLAppDataRoamingNCH Software

2019-12-15 22:37 – 2019-12-18 01:26 – 000000000 ____D C:UsersOWLAppDataRoamingAudacity

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-13 23:49 – 2019-03-18 22:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2020-01-13 23:44 – 2019-11-26 05:00 – 000068424 _____ (EnigmaSoft Limited) C:WINDOWSsystem32DriversEnigmaFileMonDriver.sys

2020-01-13 23:44 – 2019-10-11 08:20 – 000003100 _____ C:WINDOWSsystem32TasksAMDLinkUpdate

2020-01-13 23:44 – 2019-09-06 23:30 – 000000000 ___RD C:UsersOWLOneDrive

2020-01-13 23:43 – 2019-09-04 14:16 – 000000006 ____H C:WINDOWSTasksSA.DAT

2020-01-13 23:43 – 2019-03-18 22:37 – 000786432 _____ C:WINDOWSsystem32configBBI

2020-01-13 23:43 – 2019-03-18 22:37 – 000032768 _____ C:WINDOWSsystem32configELAM

2020-01-13 23:43 – 2016-08-25 10:23 – 000065536 _____ C:WINDOWSsystem32spu_storage.bin

2020-01-13 23:42 – 2019-09-06 23:30 – 000000000 ____D C:UsersOWLAppDataLocalPlaceholderTileLogoFolder

2020-01-13 23:28 – 2019-09-04 14:11 – 000937152 _____ C:WINDOWSsystem32PerfStringBackup.INI

2020-01-13 23:27 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSAppReadiness

2020-01-13 23:27 – 2019-03-18 22:50 – 000000000 ____D C:WINDOWSINF

2020-01-12 20:47 – 2019-09-06 23:08 – 000000000 ____D C:UsersOWLAppDataLocalD3DSCache

2020-01-12 20:46 – 2019-10-11 08:34 – 000000000 ____D C:Program Files (x86)Mozilla Firefox

2020-01-12 20:46 – 2012-11-17 23:14 – 000000000 ___HD C:Program Files (x86)Mozilla Maintenance Service

2020-01-12 17:38 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSLiveKernelReports

2020-01-12 17:09 – 2019-08-28 12:34 – 000000000 ____D C:UsersOWLAppDataLocalLowMozilla

2020-01-12 17:09 – 2012-11-17 20:05 – 000001159 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2020-01-12 16:03 – 2019-09-04 14:09 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2020-01-12 14:04 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSsystem32NDF

2020-01-12 13:46 – 2019-09-06 23:08 – 000000000 ____D C:UsersOWLAppDataLocalPackages

2020-01-12 13:46 – 2019-03-18 22:52 – 000000000 ___HD C:Program FilesWindowsApps

2020-01-12 12:23 – 2019-08-30 23:22 – 000000000 ____D C:Program Files (x86)Microsoft Office

2020-01-12 10:15 – 2013-08-14 02:00 – 000000000 ____D C:WINDOWSsystem32MRT

2020-01-12 10:11 – 2012-12-24 23:13 – 129221664 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2020-01-12 08:02 – 2019-09-06 23:08 – 000000000 ____D C:UsersOWLAppDataLocalConnectedDevicesPlatform

2020-01-12 08:00 – 2019-08-28 21:26 – 000000000 ____D C:UsersOWLAppDataLocalsekipxh

2020-01-12 08:00 – 2019-08-28 12:31 – 000000000 ____D C:UsersOWLAppDataLocaldsomnkp

2020-01-12 08:00 – 2018-11-11 06:09 – 000000000 ____D C:UsersJJAGAppDataLocalsbrogti

2020-01-12 08:00 – 2018-08-12 23:32 – 000000000 ____D C:UsersJJAGAppDataLocalcsnxwhr

2020-01-12 08:00 – 2018-06-20 18:04 – 000000000 ____D C:Program FilesN2IzZWUzYjFh

2020-01-12 08:00 – 2017-08-22 15:14 – 000000000 ____D C:UsersJJAGDesktopBFG

2020-01-12 08:00 – 2017-07-01 00:22 – 000000000 ____D C:UsersJJAGDesktopjDe

2020-01-12 08:00 – 2012-11-19 00:45 – 000000000 ____D C:UsersJJAGDesktopPrograms

2020-01-12 07:53 – 2019-09-06 23:13 – 000000000 ____D C:UsersOWLAppDataLocalcache

2020-01-12 07:52 – 2019-03-18 22:52 – 000000000 ___HD C:WINDOWSELAMBKUP

2020-01-07 15:58 – 2017-12-12 18:11 – 000002319 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2020-01-07 15:58 – 2017-12-12 18:11 – 000002278 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2019-12-20 02:15 – 2019-09-04 14:42 – 000000000 ____D C:ProgramDataPackages

2019-12-20 01:57 – 2019-09-04 14:17 – 000000000 __RHD C:UsersPublicAccountPictures

2019-12-20 01:48 – 2013-02-11 08:44 – 000000000 ____D C:ProgramDataPackage Cache

2019-12-18 01:52 – 2019-11-13 11:17 – 000000000 ____D C:UsersOWLDesktop2g dup

2019-12-14 17:23 – 2019-09-06 23:08 – 000000000 ___RD C:UsersOWL3D Objects

2019-12-14 17:06 – 2019-09-04 14:12 – 000000000 ____D C:UsersOWL

2019-12-14 17:05 – 2019-09-04 14:09 – 000450680 _____ C:WINDOWSsystem32FNTCACHE.DAT

2019-12-14 16:55 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSSystemResources

2019-12-14 16:55 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSShellExperiences

2019-12-14 16:55 – 2019-03-18 22:52 – 000000000 ____D C:WINDOWSbcastdvr

==================== Files in the root of some directories ========

2013-09-01 18:49 – 2013-09-01 18:49 – 000021494 ____H () C:Program Files (x86)x0409.ini

2013-09-01 18:49 – 2013-09-01 18:49 – 000003584 ____H () C:Program Files (x86)1033.MST

2019-05-22 06:36 – 2014-09-27 13:15 – 000800824 _____ (Microsoft Corporation) C:UsersOWLAppDataRoamingDPInst.exe

2019-05-22 06:36 – 2014-09-27 13:15 – 000106496 _____ (Microsoft Corporation) C:UsersOWLAppDataRoaminggacutil.exe

2019-05-22 06:36 – 2014-09-27 13:15 – 000000181 _____ () C:UsersOWLAppDataRoaminggacutil.exe.config

2019-05-22 06:36 – 2014-09-27 13:15 – 000036352 _____ (Microsoft Corporation) C:UsersOWLAppDataRoamingPnPutil.exe

2019-05-22 06:36 – 2013-06-25 17:49 – 000002036 _____ () C:UsersOWLAppDataLocalinstaller.log

==================== FLock ==============================

2016-08-26 00:05 C:UsersJJAGGoogle Drive

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2020

Ran by OWL (13-01-2020 23:51:39)

Running from C:UsersOWLDesktop

Windows 10 Pro Version 1909 18363.535 (X64) (2019-09-04 20:16:51)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-526169441-3370718946-2259949942-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-526169441-3370718946-2259949942-503 – Limited – Disabled)

Guest (S-1-5-21-526169441-3370718946-2259949942-501 – Limited – Disabled)

HomeGroupUser$ (S-1-5-21-526169441-3370718946-2259949942-1161 – Limited – Enabled)

JJAG (S-1-5-21-526169441-3370718946-2259949942-1000 – Administrator – Enabled) => C:UsersJJAG

OWL (S-1-5-21-526169441-3370718946-2259949942-1162 – Administrator – Enabled) => C:UsersOWL

WDAGUtilityAccount (S-1-5-21-526169441-3370718946-2259949942-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B

AS: Microsoft Security Essentials (Disabled – Up to date) CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34

AS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC ACM Codec 1.9 (HKLM-x32…AACACM) (Version: 1.9 – fccHandler)

Adobe Flash Player 25 NPAPI (HKLM-x32…Adobe Flash Player NPAPI) (Version: 25.0.0.171 – Adobe Systems Incorporated)

Adobe Reader XI (HKLM-x32…AC76BA86-7AD7-1033-7B44-AB0000000001) (Version: 11.0.00 – Adobe Systems Incorporated)

aioprnt (HKLM…645A454-AD44-4F0D-99CF-6B762735AD1F) (Version: 5.3.1.0 – Eastman Kodak Company) Hidden

aioscnnr (HKLM-x32…376348C2-E372-48BC-A138-E896757BD86A) (Version: 5.7.5.30 – Your Company Name) Hidden

aioscnnr (HKLM-x32…EF53BFAB-4C10-40DB-A82D-9B07111715C6) (Version: 7.6.13.10 – Your Company Name) Hidden

AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 19.9.1 – Advanced Micro Devices, Inc.)

Application Profiles (HKLM-x32…63059735-CA97-FDFB-0E7A-3B8D81572EFD) (Version: 2.0.4888.34279 – Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32…E4FB0B39-C991-4EE7-95DD-1A1A7857D33D) (Version: 1.14.3.0 – Asmedia Technology)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32…61942EF5-2CD8-47D4-869C-2E9A8BB085F1) (Version: 1.3.4.000 – Asmedia Technology)

Battle.net (HKLM-x32…Battle.net) (Version:  – Blizzard Entertainment)

Branding64 (HKLM…EE2AFCE4-0238-4DE0-A140-1647021627C1) (Version: 1.00.0001 – Advanced Micro Devices, Inc.) Hidden

Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 75.0.66.99 – Brave Software Inc)

BUFFALO NAS Navigator2 (HKLM-x32…UN060501) (Version: 2.82 – Buffalo Inc.)

C4USelfUpdater (HKLM-x32…48B41C3A-9A92-4B81-B653-C97FEB85C910) (Version: 1.00.0000 – Your Company Name) Hidden

Catalyst Control Center Next Localization BR (HKLM…E9FCBCA6-B640-BC24-2421-269E77FD02EB) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (HKLM…3177480E-9364-D504-6944-30074551E934) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (HKLM…44FE1644-EDE2-181E-1306-30A38EC9954C) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (HKLM…39722D5E-22CC-AD1A-2DCF-F6A82EAA11EA) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (HKLM…72F286EC-9E02-9BB4-05E4-7474557AAA77) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (HKLM…CCC54BB5-5278-2E3E-7F99-401CDF93B9A2) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (HKLM…61D499A4-7054-6BE0-565F-D426740D4796) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (HKLM…899D78B5-6CC0-555D-7943-327447DCBE7D) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (HKLM…B0F6C9EE-EC57-D6D8-96F9-C490B0198547) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (HKLM…C22DDF07-59F5-BA4E-7058-7E894E4C960B) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (HKLM…7318F79A-D1D5-74EF-5F0E-21D8BC79413D) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (HKLM…233F1B62-FC39-A7BD-B2E9-43EF05CA97E0) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (HKLM…25679A80-0DF7-EFBA-2686-3333B3AA9220) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (HKLM…305C1CE5-C4F8-C65B-E334-B193AECFF49C) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (HKLM…94AEEE03-D17F-9E1A-95DF-9DD9B2906189) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (HKLM…8829CC83-C9A5-B471-5796-55FE6099FD3B) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (HKLM…6C36F215-AE3A-9BA3-779B-B9E44518A5FB) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (HKLM…56A90BB4-F4B4-5106-CB1A-9ECCCE13DC3E) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (HKLM…235371F3-FF77-AC03-0856-12AD9D6239F4) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (HKLM…2C8498CD-BA4F-D820-3C2D-36F1152C71D3) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (HKLM…19D9E938-3CD5-438F-04FE-782C7BE308A0) (Version: 2016.0321.1015.16463 – Advanced Micro Devices, Inc.) Hidden

center (HKLM-x32…56BA241F-580C-43D2-8403-947241AAE633) (Version: 7.8.0.0 – Eastman Kodak Company) Hidden

Command & Conquer Generals (HKLM-x32…6F80017-8F98-4C94-B868-52358569FC32) (Version: 0.50.0000 – Electronic Arts) Hidden

D3DX10 (HKLM-x32…E09C4DB7-630C-4F06-A631-8EA7239923AF) (Version: 15.4.2368.0902 – Microsoft) Hidden

DAEMON Tools Lite (HKLM…DAEMON Tools Lite) (Version: 10.1.0.0074 – Disc Soft Ltd)

EaseUS Todo Backup Free 11.5 (HKLM-x32…EaseUS Todo Backup_is1) (Version: 11.5 – CHENGDU YIWO Tech Development Co., Ltd)

Epic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

essentials (HKLM-x32…BE94C681-68E2-4561-8ABC-8D2E799168B4) (Version: 7.8.0.0 – Eastman Kodak Company) Hidden

FileASSASSIN (HKLM-x32…FileASSASSIN) (Version: 1.06 – Malwarebytes)

Google Chrome (HKLM-x32…Google Chrome) (Version: 79.0.3945.117 – Google LLC)

Google Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.421 – Google LLC) Hidden

Google Update Helper (HKLM-x32…A92DAB39-4E2C-4304-9AB6-BC44E68B55E2) (Version: 1.3.21.169 – Google Inc.) Hidden

ImgBurn (HKLM-x32…ImgBurn) (Version: 2.5.8.0 – LIGHTNING UK!)

Intel® Chipset Device Software (HKLM-x32…da2de8c3-61b9-4b3b-916d-6b2fb2b1a90c) (Version: 10.0.21 – Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM…1CEAC85D-2590-4760-800F-8DE5E91F3700) (Version: 10.0.0.1204 – Intel Corporation)

Intel® Rapid Storage Technology (HKLM…409CB30E-E457-4008-9B1A-ED1B9EA21140) (Version: 13.1.0.1058 – Intel Corporation)

Intel® Smart Connect Technology (HKLM…8B90A20-95D3-4725-84B9-AF6553E06C4F) (Version: 5.0.10.2850 – Intel Corporation)

Intel® Update Manager (HKLM-x32…7224B7CE-196C-4E2A-A1AE-1D7BF259FD36) (Version: 3.4.1942 – Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32…240C3DDD-C5E9-4029-9DF7-95650D040CF2) (Version: 3.0.0.16 – Intel Corporation)

Java 8 Update 91 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F86418091F0) (Version: 8.0.910.14 – Oracle Corporation)

JustNN (HKLM-x32…C5D16880-DB0D-11DC-6784-013829E418BE) (Version: 3.0a – Neural Planner Software)

Kingston SSD Toolbox (C:Program Files (x86)Kingston SSD Toolbox) (HKLM-x32…Kingston SSD Toolbox) (Version: 1.0.0.0 – Kingston)

Kodak AIO Printer (HKLM…27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E) (Version: 7.8.1.0 – Eastman Kodak Company) Hidden

KODAK AiO Software (HKLM-x32…E0F274B7-592B-4669-8FB8-8D9825A09858) (Version: 7.8.5.2 – Eastman Kodak Company)

Launcher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Malwarebytes version 4.0.4.49 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.0.4.49 – Malwarebytes)

MEGAsync (HKLM-x32…MEGAsync) (Version:  – Mega Limited)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32…56E962F0-4FB0-3C67-88DB-9EAA6EEFC493) (Version: 4.5.50710 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32…D3517C62-68A5-37CF-92F7-93C029A89681) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32…6A0C6700-EA93-372C-8871-DCCF13D160A4) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32…290FC320-2F5A-329E-8840-C4193BD7A9EE) (Version: 4.5.51209 – Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32…19E8AE59-4D4A-3534-B567-6CC08FA4102E) (Version: 4.5.51651 – Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32…34547E9-D8FA-49E7-8B9C-4C9861FB9146) (Version: 4.6.00127 – Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32…2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65) (Version: 4.6.00081 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32…2F0ECC80-B9E4-4485-8083-CD32F22ABD92) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32…8EEB28EE-5141-411C-9CF0-9952264FE4AF) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32…8BC3EEC9-090F-4C53-A8DA-1BEC913040F9) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-526169441-3370718946-2259949942-1162…OneDriveSetup.exe) (Version: 19.192.0926.0012 – Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32…F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8) (Version: 3.1.0000 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…710f4c1c-cc18-4c49-8cbf-51240c89a1a2) (Version: 8.0.61001 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…7299052b-02a4-4627-81f2-1818da5d550d) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…837b34e3-7c30-493c-8f6a-2b0f04e2912c) (Version: 8.0.59193 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc) (Version: 8.0.59192 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…ad8a2fa1-06e7-4b0d-927d-6e54b3d31028) (Version: 8.0.61000 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…8220EEFE-38CD-377E-8595-13398D740ACE) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32…FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4) (Version: 9.0.21022 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…9A25302D-30C0-39D9-BD6F-21E6EC160475) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM-x32…1F1C2DFC-2D24-3E06-BCB8-725134ADF989) (Version: 9.0.30729.4148 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…9BE518E6-ECC6-35A9-88E4-87755C07200F) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.60610 (HKLM-x32…a1909659-0a08-4554-8af1-2175904903a1) (Version: 11.0.60610.1 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…f65db027-aff3-4070-886a-0d87064aabb1) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40649 (HKLM-x32…35b83883-40fa-423c-ae73-2aff7e1ea820) (Version: 12.0.40649.5 – Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) – 14.0.24215 (HKLM-x32…e2803110-78b3-4664-a479-3611a381656a) (Version: 14.0.24215.1 – Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) – 14.14.26429 (HKLM-x32…80586c77-db42-44bb-bfc8-7aebbb220c00) (Version: 14.14.26429.4 – Microsoft Corporation)

Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32…AAF4238F-7C29-451D-9925-C753271A5728) (Version: 1.0.0 – Microsoft)

Microsoft Visual J# 2.0 Redistributable Package – SE (x64) (HKLM…Microsoft Visual J# 2.0 Redistributable Package – SE (x64)) (Version:  – Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM…Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 – Microsoft Corporation)

Minecraft (HKLM-x32…1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872) (Version: 1.0.3.0 – Mojang)

MixPad Multitrack Recording Software (HKLM-x32…MixPad) (Version: 5.53 – NCH Software)

Movie Maker (HKLM-x32…38F03569-A636-4CF3-BDDE-032C8C251304) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

Movie Maker (HKLM-x32…DD67BE4B-7E62-4215-AFA3-F123A800A389) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

Mozilla Firefox 69.0.3 (x64 en-US) (HKLM…Mozilla Firefox 69.0.3 (x64 en-US)) (Version: 69.0.3 – Mozilla)

Mozilla Maintenance Service (HKLM-x32…MozillaMaintenanceService) (Version: 69.0.3.7221 – Mozilla)

MpcStar 5.4 (HKLM-x32…MpcStar) (Version: 5.4 – www.mpcstar.com)

MSXML 4.0 SP2 (KB954430) (HKLM-x32…86493ADD-824D-4B8E-BD72-8C5DCDC52A71) (Version: 4.20.9870.0 – Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32…F662A8E6-F4DC-41A2-901E-8C11F044BDEC) (Version: 4.20.9876.0 – Microsoft Corporation)

ocr (HKLM-x32…BFBCF96F-7361-486A-965C-54B17AC35421) (Version: 6.2.3.50 – Eastman Kodak Company) Hidden

OpenShot Video Editor version 2.4.4 (HKLM…4BB0DCDC-BC24-49EC-8937-72956C33A470_is1) (Version: 2.4.4 – OpenShot Studios, LLC)

OSM generic routable (HKLM-x32…OSM generic routable) (Version:  – )

Overwatch (HKLM-x32…Overwatch) (Version:  – Blizzard Entertainment)

PartitionMagic (HKLM-x32…6BE2A4A4-99FB-48ED-AE1E-4E850389F804) (Version: 8.00.000 – PowerQuest) Hidden

PowerQuest PartitionMagic 8.0 (HKLM-x32…InstallShield_6BE2A4A4-99FB-48ED-AE1E-4E850389F804) (Version: 8.00.000 – PowerQuest)

PreReq (HKLM-x32…DA5BDB2A-12F0-4343-8351-21AAEB293990) (Version: 6.2.4.0 – Eastman Kodak Company) Hidden

PrintProjects (HKLM-x32…PrintProjects) (Version: 1.0.0.9282 – RocketLife Inc.)

PunkBuster Services (HKLM-x32…PunkBusterSvc) (Version: 0.992 – Even Balance, Inc.)

Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.7209 – Realtek Semiconductor Corp.)

ROBLOX Studio (HKLM-x32…2922D6F1-2865-4EFA-97A9-94EEAB3AFA14) (Version:  – ROBLOX Corporation)

SafeZone Stable 1.51.2220.53 (HKLM-x32…SafeZone 1.51.2220.53) (Version: 1.51.2220.53 – Avast Software) Hidden

Samsung DeX (HKLM-x32…183f73d-18b7-489e-9833-2d68127f7eb8) (Version: 1.0.0.74 – Samsung Electronics Co., Ltd.)

Samsung DeX (HKLM-x32…96AB47B0-C894-4A03-BAE8-343236683C9D) (Version: 1.0.0.74 – Samsung Electronics Co., Ltd.) Hidden

Samsung USB Driver for Mobile Phones (HKLM…D0795B21-0CDA-4a92-AB9E-6E92D8111E44) (Version: 1.7.13.0 – Samsung Electronics Co., Ltd.)

SpyHunter 5 (HKLM-x32…SpyHunter5) (Version: 5.7.24.155 – EnigmaSoft Limited)

Steam (HKLM-x32…48298C9-A4D3-490B-9FF9-AB023A9238F3) (Version: 1.0.0.0 – Valve Corporation)

TechPowerUp GPU-Z (HKLM-x32…TechPowerUp GPU-Z) (Version:  – TechPowerUp)

TextPad 7 (HKLM-x32…9F53AC20-2D32-4341-9DA1-29DD40E2199E) (Version: 7.0.9 – Helios)

Unity Web Player (x64) (All users) (HKLM…UnityWebPlayer) (Version: 4.6.6f2 – Unity Technologies ApS)

VC80CRTRedist – 8.0.50727.6195 (HKLM-x32…933B4015-4618-4716-A828-5289FC03165F) (Version: 1.2.0 – DivX, Inc) Hidden

VeraCrypt (HKLM-x32…VeraCrypt) (Version: 1.23-Hotfix-2 – IDRIX)

VLC media player (HKLM…VLC media player) (Version: 3.0.8 – VideoLAN)

Vuze (HKLM…8461-7759-5462-8226) (Version: 5.7.1.0 – Azureus Software, Inc.)

Windows 7 USB/DVD Download Tool (HKLM-x32…CCF298AF-9CE1-4B26-B251-486E98A34789) (Version: 1.0.30 – Microsoft Corporation)

Windows Driver Package – Android USB Driver (WinUSB) AndroidUsbDeviceClass  (11/11/2016 11.0.0000.00000) (HKLM…4F390F96D29747EB6ED21CEDF0A85F0A52622E03) (Version: 11/11/2016 11.0.0000.00000 – Android USB Driver)

Windows Driver Package – Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM…F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 – Silicon Laboratories)

Windows Driver Package – Silicon Laboratories Inc. (silabser) Ports  (03/28/2016 6.7.3.350) (HKLM…9437A0D535B29915072FCF153C7CA9B5FD547A24) (Version: 03/28/2016 6.7.3.350 – Silicon Laboratories Inc.)

Windows Driver Package – Silicon Laboratories Inc. (silabser) Ports  (09/19/2016 6.7.4.261) (HKLM…9E2C239D42290B984A9E2B350A67AF8BC8BD11B9) (Version: 09/19/2016 6.7.4.261 – Silicon Laboratories Inc.)

Windows Live Essentials (HKLM-x32…WinLiveSuite) (Version: 16.4.3528.0331 – Microsoft Corporation)

WinRAR archiver (HKLM-x32…WinRAR archiver) (Version:  – )

Wondershare Filmora9(Build 9.1.4) (HKLM…Wondershare Filmora9_is1) (Version:  – Wondershare Software)

Wondershare Helper Compact 2.6.0 (HKLM-x32…5363CE84-5F09-48A1-8B6C-6BB590FFEDF2_is1) (Version: 2.6.0 – Wondershare)

Paquets:

=========

Adblock Plus -> C:Program FilesWindowsAppsEyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [2019-12-20] (eyeo GmbH)

Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.316.0_x64__ynb6jyjzte8ga [2019-12-20] (Adobe Inc.)

Avast Online Security -> C:Program FilesWindowsApps51CA791E.AvastOnlineSecurity_19.2.289.0_neutral__s1d0xtrs8dx04 [2020-01-12] (AVAST  Software)

ColorNote Notepad Notes -> C:Program FilesWindowsAppsDBA41F73.ColorNoteNotepadNotes_1.1.0.20_neutral__3jn8vbmxrzmj2 [2019-12-22] (Social & Mobile, Inc.)

DISK FILE SEARCHER -> C:Program FilesWindowsApps10059amls.DISKFILESEARCHER_1.1.96.0_x64__f1b8twdvcf0hc [2019-12-22] (amls) [MS Ad]

Gallery Atelier19 -> C:Program FilesWindowsApps2994419.270618BFCA8F1_2.15.5.0_x64__6hnz285vfva22 [2020-01-12] (アトリエ19)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]

MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation)

Secure Folder, Files and Encrypt -> C:Program FilesWindowsApps15675MedhaChaitanya.FileLockEncrypt_2.1.52.0_x64__44hy61fym8r9t [2019-12-20] (MedhaChaitanya) [MS Ad]

Total PC Cleaner – Free Disk Space Clean Up, Optimize Memory & Windows System -> C:Program FilesWindowsApps64404Softuna.TotalDiskCleaner_2.0.6.0_x64__r1b4jsc7ddp3p [2019-12-20] (Total PC Cleaner)

Windows File Manager -> C:Program FilesWindowsAppsMicrosoft.WindowsFileManager_10.1.3.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-526169441-3370718946-2259949942-1162_ClassesCLSID8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54InprocServer32 -> C:Program Files (x86)TextPad 7Systemshellext64.dll (Helios Software Solutions) [File not signed]

ShellExecuteHooks: Groove GFS Stub Execution Hook – B5A7F190-DDA6-4420-B3BA-52453494E6CD – C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)

ShellExecuteHooks-x32: No Name – B5A7F190-DDA6-4420-B3BA-52453494E6CD –  -> No File

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> 056D528D-CE28-4194-9BA3-BA2E9197FF8C => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> 05B38830-F4E9-4329-978B-1DD28605D202 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> 0596C850-7BDD-4C9D-AFDF-873BE6890637 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ShellIconOverlayIdentifiers: [00avast] -> 472083B0-C522-11CF-8763-00608CC02F24 =>  -> No File

ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> 056D528D-CE28-4194-9BA3-BA2E9197FF8C => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> 05B38830-F4E9-4329-978B-1DD28605D202 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> 0596C850-7BDD-4C9D-AFDF-873BE6890637 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers1: [MEGA (Context menu)] -> 0229E5E7-09E9-45CF-9228-0228EC7D5F17 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers1: [ShellConverter] -> 30A4E07E-068A-4d91-8F05-691283A1336B => C:Program Files (x86)Common FilesAVSMediaActiveXAVSShellConverter64.dll [2013-05-27] (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed]

ContextMenuHandlers1: [SimpleShlExt] -> 45203D3B-3D73-4497-8AFE-D29950AC6C55 => C:Program Files (x86)EaseUSTodo Backupbinx64ImageSh.dll [2019-09-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)

ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext64.dll [2005-06-07] () [File not signed]

ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext.dll [2006-09-14] () [File not signed]

ContextMenuHandlers2: [MEGA (Context menu)] -> 0229E5E7-09E9-45CF-9228-0228EC7D5F17 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers2: [SimpleShlExt] -> 45203D3B-3D73-4497-8AFE-D29950AC6C55 => C:Program Files (x86)EaseUSTodo Backupbinx64ImageSh.dll [2019-09-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)

ContextMenuHandlers2: [UltraISO] -> AD392E40-428C-459F-961E-9B147782D099 => C:Program Files (x86)UltraISOisoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers3: [00avast] -> 472083B0-C522-11CF-8763-00608CC02F24 =>  -> No File

ContextMenuHandlers3-x32: [FAExt] -> 05672D66-9736-42F5-8BEB-FA1DD3CA51C4 => C:Program Files (x86)FileASSASSINFileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]

ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-01-12] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers3: [MEGA (Context menu)] -> 0229E5E7-09E9-45CF-9228-0228EC7D5F17 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers4: [###MegaContextMenuExt] -> 0229E5E7-09E9-45CF-9228-0228EC7D5F17 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers4: [MEGA (Context menu)] -> 0229E5E7-09E9-45CF-9228-0228EC7D5F17 => C:UsersJJAGAppDataLocalMEGAsyncShellExtX64.dll [2019-09-02] (Mega Limited -> )

ContextMenuHandlers4: [SimpleShlExt] -> 45203D3B-3D73-4497-8AFE-D29950AC6C55 => C:Program Files (x86)EaseUSTodo Backupbinx64ImageSh.dll [2019-09-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)

ContextMenuHandlers4: [UltraISO] -> AD392E40-428C-459F-961E-9B147782D099 => C:Program Files (x86)UltraISOisoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers4: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext64.dll [2005-06-07] () [File not signed]

ContextMenuHandlers4-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext.dll [2006-09-14] () [File not signed]

ContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2019-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers5: [Gadgets] -> 6B9228DA-9C15-419e-856C-19E768A13BDC =>  -> No File

ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-01-12] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [UltraISO] -> AD392E40-428C-459F-961E-9B147782D099 => C:Program Files (x86)UltraISOisoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext64.dll [2005-06-07] () [File not signed]

ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program Files (x86)WinRARrarext.dll [2006-09-14] () [File not signed]

ContextMenuHandlers1_S-1-5-21-526169441-3370718946-2259949942-1162: [TextPad] -> 8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54 => C:Program Files (x86)TextPad 7Systemshellext64.dll [2013-02-17] (Helios Software Solutions) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Drivers32-x32: [VIDC.FFDS] => ff_vfw.dll

HKLM…Drivers32: [vidc.tscc] => C:Program Files (x86)MpcStarCodecstscctsccvid.dll [102400 2008-07-08] (TechSmith Corporation) [File not signed]

HKLM…Drivers32: [msacm.aacacm] => C:WindowsSysWOW64AACACM.acm [294912 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::

WMI:subscription__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA « Win32_Processor » AND TargetInstance.LoadPercentage > 99]

WMI:subscriptionCommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\tools\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-09-06 01:09 – 2019-06-28 10:09 – 001291264 _____ () [File not signed] C:Program Files (x86)EaseUSTodo Backupbinlibxml2.dll

2019-09-06 01:09 – 2019-06-28 10:09 – 000055808 _____ () [File not signed] C:Program Files (x86)EaseUSTodo Backupbinzlib1.dll

2012-11-19 05:11 – 2005-06-07 12:26 – 000043008 _____ () [File not signed] C:Program Files (x86)WinRARrarext64.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 003598336 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll

2018-03-13 03:47 – 2018-03-13 03:47 – 000912896 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-core.dll

2018-03-13 03:47 – 2018-03-13 03:47 – 003109888 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-s3.dll

2015-02-19 00:13 – 2015-02-19 00:13 – 000817152 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientDevice.dll

2015-02-19 00:13 – 2015-02-19 00:13 – 003650560 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientPlatform.dll

2015-09-28 22:40 – 2009-05-15 18:36 – 000196608 _____ (BUFFALO INC.) [File not signed] C:Program Files (x86)BUFFALONASNAVInasdmn.dll

2015-09-28 22:40 – 2013-07-09 17:06 – 000323584 _____ (BUFFALO INC.) [File not signed] C:Program Files (x86)BUFFALONASNAVInasexo.dll

2019-09-06 01:09 – 2019-06-28 10:09 – 000892928 _____ (Free Software Foundation) [File not signed] C:Program Files (x86)EaseUSTodo Backupbiniconv.dll

2013-02-17 11:23 – 2013-02-17 11:23 – 000109568 _____ (Helios Software Solutions) [File not signed] C:Program Files (x86)TextPad 7Systemshellext64.dll

2014-05-28 09:10 – 2014-05-28 09:10 – 000526336 _____ (Intel Corporation) [File not signed] C:Program FilesIntelIntel® Rapid Storage TechnologyISDI2.dll

2014-05-28 09:10 – 2014-05-28 09:10 – 000296960 _____ (Intel Corporation) [File not signed] C:Program FilesIntelIntel® Rapid Storage TechnologyPsiData.dll

2017-12-12 17:24 – 2017-06-19 11:12 – 000087040 _____ (Iskysoft) [File not signed] C:Program Files (x86)IskysoftIAF2.4.3.227IsAppCollect.dll

2017-12-12 17:24 – 2017-06-19 11:12 – 000197632 _____ (Iskysoft) [File not signed] C:Program Files (x86)IskysoftIAF2.4.3.227IsAppCommon.dll

2019-09-04 16:52 – 2019-09-04 16:52 – 000113664 _____ (Microsoft Corporation) [File not signed] C:WINDOWSWinSxSamd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8ATL80.DLL

2017-12-12 17:24 – 2015-02-27 10:35 – 000489984 _____ (Newtonsoft) [File not signed] C:Program Files (x86)IskysoftIAF2.4.3.227Newtonsoft.Json.dll

2016-06-06 20:54 – 2013-05-27 16:48 – 000150888 _____ (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed] C:Program Files (x86)Common FilesAVSMediaActiveXAVSShellConverter64.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 001441280 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextplatformsqwindows.dll

2019-09-03 13:05 – 2019-09-03 13:05 – 005999104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 006413824 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 001141760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 000339968 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 004143104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 003840000 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 000332800 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 000349184 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll

2019-01-08 11:31 – 2019-01-08 11:31 – 080959488 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 005622272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000190464 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 002825216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000330752 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000137216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000090112 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll

2019-01-08 11:32 – 2019-01-08 11:32 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:WINDOWSsystem32Driversaqqvctjm.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversbdkvpgwx.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversbeguobyk.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversbianzhrs.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversblmgnbkq.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversboggtzpw.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversbromesid.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driverscbvdlnon.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driverscthpzcjv.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversfutuhqev.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Drivershgekbthg.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Drivershkogcmtq.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Drivershlnccoby.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversigokacqd.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversinwemocx.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversllbfhtcv.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driverslwmdenyo.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversmhcivnrv.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversndyvobkd.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversnmdiivcq.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversocklwpna.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversocwlmjlg.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversrpdhcfkf.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversswzpytnk.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driverstoebvisi.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversupcpwlaq.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversvgwpvarm.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversvypekmfi.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driverswgkiduja.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversxuielazn.sys:changelist [702]

AlternateDataStreams: C:WINDOWSsystem32Driversyasuviuv.sys:changelist [702]

AlternateDataStreams: C:UsersJJAGDesktopLe0T00t.jpg:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopLe0T00t.jpg:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

AlternateDataStreams: C:UsersJJAGDesktopLeo Toot.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopLeo Toot.jpeg:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

AlternateDataStreams: C:UsersJJAGDesktopPay01.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopPay01.jpeg:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

AlternateDataStreams: C:UsersJJAGDesktopPay02.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopPay02.jpeg:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

AlternateDataStreams: C:UsersJJAGDesktopPay03.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopPay03.jpeg:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

AlternateDataStreams: C:UsersJJAGDesktopTardigradeTWaterBear.png:3or4kl4x13tuuug3Byamue2s4b [93]

AlternateDataStreams: C:UsersJJAGDesktopTardigradeTWaterBear.png:4c8cc155-6c1e-11d1-8e41-00c04fb9386d [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 – 2019-08-28 12:26 – 000000852 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Kingston SSD Toolbox;C:ProgramDataOracleJavajavapath;C:Program FilesCommon FilesMicrosoft SharedWindows Live;C:Program Files (x86)Common FilesMicrosoft SharedWindows Live;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)ATI TechnologiesATI.ACECore-Static;C:Program Files (x86)AMDATI.ACECore-Static;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsIPT;C:Program Files (x86)IntelIntel® Management Engine ComponentsIPT;C:Program Files (x86)Windows LiveShared;C:Program Files (x86)GtkSharp2.12bin;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-526169441-3370718946-2259949942-1162Control PanelDesktop\Wallpaper -> C:UsersJJAGDownloadsIMG_20190828_194256_235.jpg

DNS Servers: 64.19.96.69 – 64.19.96.72

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Off)

HKLMsoftwaremicrosoftWindowsCurrentVersionTelephonyProviders => ProviderFileName2 -> ndptsp.tsp (No File)

Windows Firewall is enabled.

Network Binding:

=============

Local Area Connection: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIGServices: AJRouter => 3

MSCONFIGServices: iphlpsvc => 2

MSCONFIGServices: IpxlatCfgSvc => 3

MSCONFIGServices: KtmRm => 3

MSCONFIGServices: Power => 2

MSCONFIGServices: PrintNotify => 3

MSCONFIGServices: QWAVE => 3

MSCONFIGServices: RasAuto => 3

MSCONFIGServices: RasMan => 2

MSCONFIGServices: RetailDemo => 3

MSCONFIGServices: RmSvc => 3

MSCONFIGServices: RpcLocator => 3

MSCONFIGServices: seclogon => 3

MSCONFIGServices: SensrSvc => 3

MSCONFIGServices: SessionEnv => 3

MSCONFIGServices: SharedAccess => 3

MSCONFIGServices: Spooler => 2

MSCONFIGServices: SSDPSRV => 3

MSCONFIGServices: SstpSvc => 3

MSCONFIGServices: vmicguestinterface => 3

MSCONFIGServices: vmicheartbeat => 3

MSCONFIGServices: vmickvpexchange => 3

MSCONFIGServices: vmicrdv => 3

MSCONFIGServices: vmicshutdown => 3

MSCONFIGServices: vmictimesync => 3

MSCONFIGServices: vmicvmsession => 3

MSCONFIGServices: vmicvss => 3

MSCONFIGServices: VSS => 3

MSCONFIGServices: wcncsvc => 3

MSCONFIGServices: WsAppService => 2

MSCONFIGServices: XblAuthManager => 3

MSCONFIGServices: XblGameSave => 3

MSCONFIGServices: XboxGipSvc => 3

MSCONFIGServices: XboxNetApiSvc => 3

MSCONFIGstartupfolder: C:^Users^JJAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:WindowspssMEGAsync.lnk.Startup

MSCONFIGstartupfolder: C:^Users^JJAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TWC Program Blocker.lnk => C:WindowspssTWC Program Blocker.lnk.Startup

MSCONFIGstartupreg: Arpeggiated => "C:Program Files (x86)clangingIbex.exe" pazs

MSCONFIGstartupreg: BCSSync => "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices

MSCONFIGstartupreg: Birdied => "C:Program Files (x86)HomosexuallyUndetectable.exe" pazs

MSCONFIGstartupreg: Conime => %windir%system32conime.exe

MSCONFIGstartupreg: Consigns => "C:Program Files (x86)FailingUndetectable.exe" pazs

MSCONFIGstartupreg: Cymru => "C:Program Files (x86)clangingIbex.exe" pazs

MSCONFIGstartupreg: EKIJ5000StatusMonitor => C:Windowssystem32spoolDRIVERSx643EKIJ5000MUI.exe

MSCONFIGstartupreg: GoogleDriveSync => "C:Program Files (x86)GoogleDrivegoogledrivesync.exe" /autostart

MSCONFIGstartupreg: Hyndman => "C:Program Files (x86)FailingUndetectable.exe" pazs

MSCONFIGstartupreg: ISCT Tray => C:Program FilesIntelIntel® Smart Connect Technology AgentiSCTsysTray8.exe

MSCONFIGstartupreg: Malaya => "C:Program Files (x86)HomosexuallyUndetectable.exe" pazs

MSCONFIGstartupreg: OfficeSyncProcess => "C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE"

MSCONFIGstartupreg: PlaysTV => "C:Program Files (x86)Raptr IncPlaysTVplaystv_launcher.exe" –startup

MSCONFIGstartupreg: Steam => "C:Program Files (x86)Steamsteam.exe" -silent

MSCONFIGstartupreg: uTorrent => "C:UsersJJAGAppDataRoaminguTorrentuTorrent.exe"  /MINIMIZED

MSCONFIGstartupreg: Wondershare Helper Compact.exe => C:Program FilesCommon FilesWondershareWondershare Helper CompactWSHelper.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User6B02A906-25E3-41FB-90A6-3CEE80B2D5DFC:usersjjagappdataroamingutorrentutorrent.exe] => (Block) C:usersjjagappdataroamingutorrentutorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [TCP Query User759F09D0-5D67-496F-B442-6106ADBCFAD4C:usersjjagappdataroamingutorrentutorrent.exe] => (Block) C:usersjjagappdataroamingutorrentutorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [UDP Query User7DF88CC7-9595-4C17-955B-61E9D8096640C:program files (x86)microsoft officeoffice14groove.exe] => (Block) C:program files (x86)microsoft officeoffice14groove.exe No File

FirewallRules: [TCP Query User0AA046BD-AE78-4619-A388-2F0522276759C:program files (x86)microsoft officeoffice14groove.exe] => (Block) C:program files (x86)microsoft officeoffice14groove.exe No File

FirewallRules: [D7FDC9B4-9889-45EC-9CD0-C36FF48553EE] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [F81995D3-0789-457B-84F3-7D2F2F7879FF] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [9EB9E8CF-8B82-40F3-AB18-734A5C4DB558] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [B31C4FF0-1F7A-4EFA-BE20-0C7DCF2708B7] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [DFA9849A-DA0A-4C98-8340-9E45AFA74038] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [B6CF180C-3C93-4C50-9FED-505628BDAC24] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [51CF52DA-DA93-40D3-9E2E-BF706DCEA204] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [9E085114-D371-41B3-B3CD-D563620932A7] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.18.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [B94EEB28-30EC-4D12-97F4-88B3FE7EDC4F] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

FirewallRules: [253C1AC8-B742-4670-8487-96D1FE7CD331] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

FirewallRules: [7B415409-FB17-4AFA-B925-2DD39CDCBD00] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

FirewallRules: [228A9BB1-3483-4F5D-B8B0-BA71D1E208F9] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

FirewallRules: [BC627D74-6B0C-4681-81F1-56DC8CD39250] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )

FirewallRules: [833E74B7-B98E-4CCC-9BCF-6A340F6650C1] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )

FirewallRules: [26D30260-12EB-434D-90ED-9116E2A59220] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [6AC013BA-96E7-433E-85EC-2C2B23667A84] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User6FDB2562-FE12-45FB-BB2F-613A2D1F7464C:program files (x86)samsungsamsung dexsamsungdex.exe] => (Allow) C:program files (x86)samsungsamsung dexsamsungdex.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

FirewallRules: [UDP Query User2318A441-74E7-4029-84EC-7B02CFF0EB5AC:program files (x86)samsungsamsung dexsamsungdex.exe] => (Allow) C:program files (x86)samsungsamsung dexsamsungdex.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

FirewallRules: [TCP Query UserC5A4A4D9-5A56-4FDF-A3A9-EF7C282F413BC:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe] => (Block) C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [UDP Query User6FAF6834-3EC6-4E2C-92C3-E584C425193DC:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe] => (Block) C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [TCP Query User12CBA19D-FA8F-4EA8-940C-A03BBA5AF7A1C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe] => (Allow) C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [UDP Query User9535C024-2C72-4F65-9C60-FC360C567226C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe] => (Allow) C:program files (x86)bravesoftwarebrave-browserapplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [994B8BA1-F476-4B0E-B765-EC35C4650E72] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )

FirewallRules: [0DEAB2D0-7CD6-4D96-ACED-9FCB8C180C75] => (Allow) C:Program Files (x86)EaseUSTodo BackupbinTodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )

FirewallRules: [EB0186C4-E0F1-4357-A0E0-48ED53F55A71] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [930747A7-5D1D-47E1-9E68-7813B45882C4] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.5.13.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [622E6667-CF92-49C8-8B67-E6FC0B51F50B] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.5.13.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [0E12F539-CB3F-4030-87B9-83E42AAC3B02] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.5.13.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

FirewallRules: [3A1FD38D-1D4E-48B8-BF7F-CFF78ECF6F38] => (Allow) C:Program FilesWindowsAppsSAMSUNGELECTRONICSCoLtd.SamsungFlux_4.5.13.0_x64__wyx1vj98g3asyDesktopAppSamsungFlowDesktop.exe (SAMSUNG ELECTRONICS CO,.LTD. -> )

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:119.14 GB) (Free:21.88 GB) (18%)

Check "VSS" service

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (01/13/2020 11:53:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

Operation:

Instantiating VSS server

Error: (01/13/2020 11:53:01 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID e579ab5f-1cc4-44b4-bed9-de0991ff0623 and name IVssCoordinatorEx2 cannot be started.[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit

]

Operation:

Instantiating VSS server

Error: (01/13/2020 11:51:38 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (3456,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/13/2020 11:39:50 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (3496,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/13/2020 11:31:51 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

Operation:

Instantiating VSS server

Error: (01/13/2020 11:31:51 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID e579ab5f-1cc4-44b4-bed9-de0991ff0623 and name IVssCoordinatorEx2 cannot be started.[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit

]

Operation:

Instantiating VSS server

Error: (01/13/2020 11:31:33 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

Operation:

Instantiating VSS server

Error: (01/13/2020 11:31:33 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID e579ab5f-1cc4-44b4-bed9-de0991ff0623 and name IVssCoordinatorEx2 cannot be started.[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit[0x80070422Theservicecannotbestartedeitherbecauseitisdisabledorbecauseithasnoenableddevicesassociatedwithit

]

Operation:

Instantiating VSS server

System errors:

=============

Error: (01/13/2020 11:43:55 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "1068" attempting to start the service upnphost with arguments "Unavailable" in order to run the server:

204810B9-73B2-11D4-BF42-00B0D0118B56

Error: (01/13/2020 11:43:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The upnphost service depends on the SSDPSRV service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/13/2020 11:43:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NcaSvc service depends on the iphlpsvc service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/13/2020 11:43:48 PM) (Source: volmgr) (EventID: 45) (User: )

Description: The system could not sucessfully load the crash dump driver.

Error: (01/13/2020 11:43:44 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (01/13/2020 11:43:44 PM) (Source: volmgr) (EventID: 45) (User: )

Description: The system could not sucessfully load the crash dump driver.

Error: (01/13/2020 11:43:43 PM) (Source: sptd) (EventID: 4) (User: )

Description: Driver detected an internal error in its data structures for .

Error: (01/13/2020 11:43:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

The service did not start due to a logon failure.

Windows Defender:

===================================

Date: 2020-01-12 07:54:27.699

La description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: DC806C12-EC25-437D-B24F-1E528C9EF60E

Scan Type: Antimalware

Scan Parameters: Full Scan

Date: 2020-01-12 00:39:23.244

La description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:HTML/Brocoiner.AR!MTB

ID: 2147748446

Severity: Severe

Category: Trojan

Path: containerfile:_C:UsersJJAGAppDataLocalupeawhzdata636Cachef_00000b; containerfile:_C:UsersJJAGAppDataLocalupeawhzdata670Cachef_000021; containerfile:_C:UsersJJAGAppDataLocalupeawhzdata696Cachef_000005; file:_C:UsersJJAGAppDataLocalupeawhzdata636Cachef_00000b->(GZip); file:_C:UsersJJAGAppDataLocalupeawhzdata670Cachef_000021->(GZip); file:_C:UsersJJAGAppDataLocalupeawhzdata696Cachef_000005->(GZip)

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.307.2187.0, AS: 1.307.2187.0, NIS: 1.307.2187.0

Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-09 06:44:10.442

La description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: 4C670D10-9387-4A37-8BB5-2595443E9762

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2020-01-09 06:29:54.628

La description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: 39961581-FD13-4731-9F69-F4DD2BE18E3F

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2020-01-09 05:08:49.121

La description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: AFCEBFCA-AA52-4763-B931-1810108AD0D5

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2020-01-13 23:43:06.241

La description:

Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: Behavior Monitoring

Error Code: 0x80508023

Error description: The program could not find the malware and other potentially unwanted software on this device.

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-01-10 17:15:19.719

La description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.307.2093.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16600.7

Error code: 0x80240438

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:

===================================

Date: 2020-01-13 23:44:23.900

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-13 23:24:54.849

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:29:54.891

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:29:24.606

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:28:54.321

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:28:38.464

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:23:50.628

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-12 17:18:48.518

La description:

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32MicrosoftEdgeCP.exe) attempted to load DeviceHarddiskVolume2Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.60 06/13/2016

Motherboard: ASRock H97 Anniversary

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz

Percentage of memory in use: 66%

Total physical RAM: 8143.55 MB

Available physical RAM: 2706.5 MB

Total Virtual: 18383.55 MB

Available Virtual: 12138.46 MB

==================== Drives ================================

Drive c: (PRimArY-Dr1V3-Tr0N) (Fixed) (Total:119.14 GB) (Free:21.88 GB) NTFS

Drive e: (SUP3R D00M) (Fixed) (Total:74.52 GB) (Free:50.87 GB) NTFS

Drive g: ([G-I-R]) (Fixed) (Total:149.04 GB) (Free:1.74 GB) NTFS

Drive v: (Kingston) (Fixed) (Total:220.87 GB) (Free:160.63 GB) NTFS

\?Volume02972d46-ce09-11e9-bacc-806e6f6e6963 (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 0008C57B)

Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)

Partition 2: (Not Active) – (Size=119.1 GB) – (Type=07 NTFS)

==========================================================

Disk: 1 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================

Disk: 2 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: EF38EF38)

Partition 1: (Active) – (Size=74.5 GB) – (Type=07 NTFS)

==========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CAB10BEE)

Partition 1: (Active) – (Size=149 GB) – (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 4.

==================== End of Addition.txt =======================

Commentaires

Laisser un commentaire

Votre commentaire sera révisé par les administrateurs si besoin.