Les connexions sortantes JUCYSH.com et UGYPLYSH.com sont arrêtées par Malwarebytes – Serveur d’impression
Obtention de plusieurs popups de Malwarebytes indiquant que les connexions sortantes jucysh.com ou ugyplysh.com sont bloquées. La fenêtre contextuelle indique que les fichiers proviennent de (x86) Google Chrome Application chrome.exe.
Les obtenir en groupes de trois à quatre, puis rien pendant une heure environ.
Aucun autre problème que je peux voir.
FRST.txt
————————————————– ———————–
Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01
Ran par gsgam (administrateur) sur LITTLEDOG (LENOVO 20HRCTO1WW) (25-01-2020 00:00:25)
Exécution à partir de C: Users gsgam Downloads
Profils chargés: gsgam (Profils disponibles: gsgam)
Plateforme: Windows 10 Pro version 1909 18363.535 (X64) Langue: anglais (États-Unis)
Navigateur par défaut: Chrome
Mode de démarrage: Normal
==================== Processus (sur liste blanche) =================
(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)
(Accès refusé) [File not signed] C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C: Program Files CONEXANT SAII CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C: Windows System32 CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C: Program Files CONEXANT SAII SmartAudio.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C: Program Files CONEXANT cAudioFilterAgent CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C: Windows System32 SASrv.exe
(EMC Corporation -> EMC) C: Program Files (x86) Intel Entry Storage System sohoclient.exe
(EMC Corporation) [File not signed] C: Program Files (x86) Intel Entry Storage System retrospect retrorun.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.422 GoogleCrashHandler.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.422 GoogleCrashHandler64.exe
(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSAService.exe
(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSATray.exe
(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSAUpdateService.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Fichiers communs Intel WirelessCommon RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe
(Groupe des sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe
(Groupe des sous-systèmes intégrés Intel et des blocs IP -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components LMS LMS.exe
(Intel® Online Connect -> Intel Corporation) C: Program Files Intel Intel® Online Connect ioc.exe
(Intel® Online Connect Access -> Intel® Corporation) C: Program Files Intel Intel® Online Connect Access IntelTechnologyAccessService.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxEM.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxext.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed IntelCpHeciSvc.exe
(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK SurSvc.exe
(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK x64 esrv.exe
(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK x64 esrv_svc.exe
(Produits de développement logiciel Intel® -> Intel Corporation) C: Windows System32 DriverStore FileRepository sgx_psw.inf_amd64_fd0b4b97d35097fa aesm_service.exe
(Intel® Trust Services -> Intel® Corporation) C: Program Files Intel Intel® Management Engine Components iCLS SocketHeciServer.exe
(Solutions de connectivité sans fil Intel® -> Intel Corporation) C: Windows System32 ibtsiva.exe
(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository fn.inf_amd64_97db46da3c44bbbb driver tphkload.exe
(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository FN531F ~ 1.INF driver shtctky.exe
(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository FN531F ~ 1.INF driver tposd.exe
(Lenovo -> Lenovo Group Limited) C: Windows SysWOW64 Lenovo PowerMgr EasyResume.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo ImController PluginHost Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files Lenovo ImController PluginHost Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files Lenovo ImController Service Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C: Windows SysWOW64 Lenovo PowerMgr PowerMgr.exe
(Lenovo -> Lenovo.) C: Windows System32 ibmpmsvc.exe
(Lenovo -> Lenovo.) C: Windows System32 LPlatSvc.exe
(Lenovo -> Lenovo.) C: Windows System32 LPlatSvc.exe
(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbam.exe
(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C: ProgramData Malwarebytes MBAMService ctlrupdate mbupdatr.exe
(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft Office 15 ClientX64 AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft Office 15 ClientX64 officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft SQL Server 90 Shared sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C: Users gsgam AppData Local Microsoft OneDrive 19.222.1110.0006 FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C: Users gsgam AppData Local Microsoft OneDrive OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C: Windows Microsoft.NET Framework64 v3.0 WPF PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe
(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe HxOutlook.exe
(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe HxTsr.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe GameBar.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows SystemApps Microsoft.Windows.Cortana_cw5n1h2txyewy RemindersServer.exe
(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPHelper.exe
(TEFINCOM S.A. ->) C: Program Files (x86) NordVPN nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C: Program Files (x86) NordVPN NordVPN.exe
==================== Registre (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM-x32 … Exécuter: [Intel Driver & Support Assistant] => C: Program Files (x86) Intel Driver and Support Assistant DSATray.exe [139624 2019-12-13] (Clé de signature IDSA Production -> Intel)
HKU S-1-5-21-625891914-868822999-3065747768-1001 … Run: [Epic Privacy Browser Installer] => C: Users gsgam AppData Local Epic Privacy Browser Installer EpicUpdate.exe [509096 2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]
HKU S-1-5-21-625891914-868822999-3065747768-1001 … Run: [NordVPN] => C: Program Files (x86) NordVPN NordVPN.exe [1951264 2020-01-23] (TEFINCOM S.A.-> NordVPN)
HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 79.0.3945.130 Installer chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
Démarrage: C: Users gsgam AppData Roaming Microsoft Windows Start Menu Programs Startup Intel Entry Storage System.lnk [2020-01-15]
ShortcutTarget: Intel Entry Storage System.lnk -> C: Program Files (x86) Intel Entry Storage System sohoclient.exe (EMC Corporation -> EMC)
==================== Tâches planifiées (liste blanche) ============
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera déplacé que s'il est répertorié séparément.)
Tâche: 003703C6-C359-4F1E-9A95-FAC4996D3023 – System32 Tasks Microsoft Windows Conexant SA2 => C: Program Files CONEXANT SAII SACpl.exe [1831744 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Tâche: 01666D96-A0BC-4306-A3BE-433E99644687 – System32 Tasks Microsoft Windows rempl shell-usoscan => C: Program Files rempl remsh.exe
Tâche: 0174AE44-338F-4978-834C-96AA9A370B10 – System32 Tasks IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAsset .EXE [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)
Tâche: 06C021F4-7318-4CFE-A1AC-49D27B345A7A – System32 Tasks Microsoft Office OfficeTelemetryAgentLogOn => C: Program Files Microsoft Office 15 root Office15 msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 16946E67-0184-4296-A7AA-6EDA568937CD – System32 Tasks Intel Thunderbolt Démarrer l'application Thunderbolt à la connexion si le service est activé => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter. EXE [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)
Tâche: 20B8C7D9-34FD-425E-B767-FE5302AEE9F3 – System32 Tasks Intel Thunderbolt Démarrer l'application Thunderbolt lorsque du matériel est détecté => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter.exe [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)
Tâche: 27FED4C6-3D2B-441A-8941-083962911B90 – System32 Tasks Lenovo Lenovo Platform Task => C: WINDOWS System32 LPlatSvc.exe [892072 2019-12-03] (Lenovo -> Lenovo.)
Tâche: 400F7F70-8774-4D8D-AEC8-1D0A3Fregular26F – System32 Tasks IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)
Tâche: 45DB06C5-AE56-4651-9C6B-A571C46DDB3A – System32 Tasks GoogleUpdateTaskMachineCore1d5781d1511496f => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)
Tâche: 558ECDE9-39F7-4610-A256-B40EBA26214B – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)
Tâche: 56EB38F0-92E0-4BFD-830D-50AEAB292CD9 – System32 Tasks USER_ESRV_SVC_QUEENCREEK => "C: WINDOWS System32 Wscript.exe" // B // NoLogo "C: Program Files Intel SUR QUEENCREEK x64 task.vbs "
Tâche: 646CE883-36BC-4265-B866-56DDBB5A7080 – System32 Tasks Intel Thunderbolt Start Thunderbolt service on boot if driver is up => C: Program Files (x86) Intel Thunderbolt Software \ tbtsvc. EXE [2308800 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)
Tâche: 7533760B-19DE-4686-B29E-C88E4EFED250 – System32 Tasks Lenovo ImController TimeBasedEvents 360a3274-2914-4b5d-939d-efdbe1573b0b => C: Program Files Lenovo ImControllod Service Lenovo. .ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Tâche: 784F1F37-F848-48BA-8EF4-AC92B2FFEC3C – Mises à jour automatiques System32 Tasks Microsoft Office Office => C: Program Files Microsoft Office 15 ClientX64 OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 7E7DC8A8-5493-4751-8581-393FFEF35F28 – System32 Tasks IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)
Tâche: 880B7313-3A2F-4B90-965B-528C3EA28ED5 – System32 Tasks IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)
Tâche: 881AFC19-7BD3-4E1B-B3EE-8C6D383B85ED – System32 Tasks HPCustParticipation HP Deskjet 3520 series => C: Program Files HP HP Deskjet 3520 series Bin HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Tâche: 8D6FE808-414C-4748-ACFD-0A1FDF023385 – System32 Tasks Intel Thunderbolt Start Thunderbolt application on switch user if service is up => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter .EXE [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)
Tâche: 8F460757-EE58-4D60-B32D-22480C99ADA3 – System32 Tasks IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C: Program Files (x86) Intel Intel® Update Manager bin iumsvc .EXE
Tâche: 8FB9EB1B-EB11-44D4-A6D6-A4E7DB64325D – System32 Tasks GoogleUpdateTaskMachineUA1d5781d15158d21 => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)
Tâche: 93CA08D3-88C4-4C7B-8DA4-20EC735757F2 – Tâche de mise à jour System32 Tasks Microsoft Windows Live SOXE Extractor Definitions => 3519154C-227E-47F3-9CC9-12C3F05817F1
Tâche: 9B5B2FC4-78C5-4D8D-8A13-F85C283B700E – System32 Tasks Lenovo ImController Lenovo iM Controller Scheduled Maintenance =>% windir% system32 sc.exe START ImControllerService
Tâche: AE5DB63A-C9D8-432B-AD40-22A3CF60CFF3 – System32 Tasks Microsoft VisualStudio VSIX Auto Update 14 => C: Program Files (x86) Microsoft Visual Studio 14.0 Common7 IDE VSIXAutoUpdate.exe [139448 2016-06-20] (Microsoft Corporation -> Microsoft Corporation)
Tâche: B3E6F43E-9199-4283-A36C-A0B2E3BC4A95 – System32 Tasks Lenovo Power Management Driver PnP Task => C: WINDOWS System32 ibmpmsvc.exe [891048 2019-12-03] (Lenovo -> Lenovo.)
Tâche: B6D631A8-6450-47D6-ACDC-8FEB85E129C3 – System32 Tasks Microsoft Windows Conexant AFA => C: Program Files CONEXANT cAudioFilterAgent SACpl.exe [1823232 2016-07-05] (Conexant Systems, Inc.) [File not signed]
Tâche: C99F7DAD-A306-405E-8389-85ABCC6C7AE3 – Microsoft Windows UNP RunCampaignManager -> Aucun fichier <==== ATTENTION
Tâche: CEACEC83-1356-4A81-9A97-663670A7870F – System32 Tasks Lenovo Power Manager Background monitor => C: WINDOWS SysWOW64 Lenovo PowerMgr PowerMgr.exe [113024 2019-11-12] (Lenovo -> Lenovo)
Tâche: CF1C86D1-6CCC-4415-A798-AB1B7299DEAD – System32 Tasks Lenovo ImController Lenovo iM Controller Monitor => C: WINDOWS system32 ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Tâche: D241F223-22B1-48AF-9DAA-C92B37304F62 – System32 Tasks Lenovo ImController Plugins LenovoSystemUpdatePlugin_WeeklyTask =>% windir% System32 reg.exe add hklm SOFTWARE Lenovo SystemUpdulerPlugin t reg_dword / d 1 / f / reg: 32
Tâche: D36C7399-2F9F-4426-B63D-1BDA285AF0C4 – Tâche System32 Tasks Lenovo Power Manager Uninstall => C: WINDOWS SysWOW64 Lenovo PowerMgr PowerMgrInst.exe [59776 2019-11-12] (Lenovo ->)
Tâche: D4794C43-7820-4CEE-BEE4-6B03E2D3775D – System32 Tasks Lenovo Vantage Lenovo.Vantage.ServiceMaintainance =>% systemroot% system32 sc.exe démarrer LenovoVantageService
Tâche: E66A10C0-5A62-4FF6-BDDA-C092F84EA63E – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Microsoft Office 15 ClientX64 OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Tâche: EEE4AA24-94C5-4DE3-A822-97725F5F8507 – System32 Tasks Microsoft Office OfficeTelemetryAgentFallBack => C: Program Files Microsoft Office 15 root Office15 msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Tâche: F4E3C4A9-60A6-4E14-B204-BB511412CBED – System32 Tasks Lenovo ImController TimeBasedEvents 75f1276b-ef72-45a9-8f28-ec8f73e0c05c => C: Program Files Lenovo ImControll.M .ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Tâche: F64AA104-8A0B-4F22-8395-E88D39A9CC52 – System32 Tasks Intel Thunderbolt Démarrer le service Thunderbolt lorsque le matériel est détecté => sc.exe démarre ThunderboltService
Tâche: FE37CAAB-7AD0-4D83-BE93-CA6A7A5A4B64 – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)
(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (liste blanche) ====================
(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)
Tcpip Paramètres: [DhcpNameServer] 192.168.1.1
Tcpip .. Interfaces 7c6a8c44-8519-415e-9284-5f11fab26e2e: [DhcpNameServer] 172.16.1.4
Tcpip .. Interfaces cfc9e413-0c39-454b-b2e8-6dd0828394a5: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU S-1-5-21-625891914-868822999-3065747768-1001 Software Microsoft Internet Explorer Main, page de démarrage = hxxp: //lenovo17swin10.msn.com/? Pc = LJSE
HKU S-1-5-21-625891914-868822999-3065747768-1001 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //lenovo17swin10.msn.com/? Pc = LJSE
SearchScopes: HKU S-1-5-21-625891914-868822999-3065747768-1001 -> DefaultScope 86F5EC55-FD66-4E14-9FE0-5475A39A76E2 URL =
SearchScopes: HKU S-1-5-21-625891914-868822999-3065747768-1001 -> 86F5EC55-FD66-4E14-9FE0-5475A39A76E2 URL =
BHO: Skype for Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX64 Microsoft Office Office15 OCHelper.dll [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Aide au navigateur Microsoft SkyDrive Pro -> D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX64 Microsoft Office Office15 GROOVEEX.DLL [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Assistant de navigateur Skype Entreprise -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files Microsoft Office 15 root Office15 OCHelper.dll [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Aide au navigateur Microsoft SkyDrive Pro -> D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF -> C: Program Files Microsoft Office 15 root Office15 GROOVEEX.DLL [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf – D924BDC6-C83A-4BD5-90D0-095128A113D1 – C: Program Files Microsoft Office 15 root Office15 MSOSB.DLL [2018-01-26] (Microsoft Corporation -> Microsoft Corporation)
Bord:
======
DownloadDir: C: Users gsgam Downloads
Extension Edge: (LastPass: Gestionnaire de mots de passe gratuit) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C: Program Files WindowsApps LastPass.LastPassFreePasswordManager_4.40.1.0_qeufal [2020-01-17]
FireFox:
========
Plugin FF: @ Microsoft.com / NpCtrl, version = 1.0 -> c: Program Files Microsoft Silverlight 5.1.50918.0 npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
Plugin FF: @ videolan.org / vlc, version = 3.0.8 -> C: Program Files VideoLAN VLC npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @ microsoft.com / Lync, version = 15.0 -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX86 Mozilla Firefox plugins npmeetingjoinpluginoc.dll [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @ Microsoft.com / NpCtrl, version = 1.0 -> c: Program Files (x86) Microsoft Silverlight 5.1.50918.0 npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files Microsoft Office 15 root Office15 NPSPWRAP.DLL [2018-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @ microsoft.com / WLPG, version = 16.4.3528.0331 -> C: Program Files (x86) Windows Live Photo Gallery NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @ tools.google.com / Google Update; version = 3 -> C: Program Files (x86) Google Update 1.3.35.422 npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @ tools.google.com / Google Update; version = 9 -> C: Program Files (x86) Google Update 1.3.35.422 npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin HKU S-1-5-21-625891914-868822999-3065747768-1001: @ updates.epicbrowser.com / Epic Privacy Browser Installer; version = 3 -> C: Users gsgam AppData Local Epic Privacy Browser Installer 1.3.27.13 npEpicUpdate3.dll [2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]
Plugin FF HKU S-1-5-21-625891914-868822999-3065747768-1001: @ updates.epicbrowser.com / Epic Privacy Browser Installer; version = 9 -> C: Users gsgam AppData Local Epic Privacy Browser Installer 1.3.27.13 npEpicUpdate3.dll [2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]
Chrome:
=======
CHR DefaultProfile: Par défaut
Notifications CHR: Par défaut -> hxxps: //all3dp.com; hxxps: //fossbytes.com; hxxps: //gopro.com; hxxps: //offerup.com; hxxps: //openbuildspartstore.pushassist.com; hxxps: //push-cgedfig-5037.pushails.com; hxxps: //www.digitaltrends.com; hxxps: //www.facebook.com; hxxps: //www.myminifactory.com; hxxps: //www.reddit.com; hxxps: //www.tomsguide.com
Profil CHR: C: Users gsgam AppData Local Google Chrome User Data Default [2020-01-25]
Extension CHR: (diapositives) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-01-27]
Extension CHR: (Docs) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-01-27]
Extension CHR: (Google Drive) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2018-01-27]
Extension CHR: (YouTube) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-27]
Extension CHR: (MockFlow) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions cldcgifnkcmflfjfbhedkdfecbaakmcd [2019-03-23]
Extension CHR: (BotCheck.me) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions dljbmlbmdokgjliodlmkajmdbjdkkphd [2019-05-13]
Extension CHR: (Sheets) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2018-01-27]
Extension CHR: (Zoom +) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions gadfkeikojdjckcjckjaenohmfmkaokd [2019-03-23]
Extension CHR: (Google Docs hors ligne) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]
Extension CHR: (LastPass: Free Password Manager) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions hdokiejnpimakedhajhdlcegeplioahd [2020-01-15]
Extension CHR: (Enregistrer dans Pocket) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions niloccemoadcdkdjlinkgdfekeahmflj [2019-07-24]
Extension CHR: (Paiements Chrome Web Store) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
Extension CHR: (Accessibility Insights for Web) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pbjjkligggfmakdaogkfomddhfmpjeni [2020-01-10]
Extension CHR: (Gmail) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-17]
Extension CHR: (Chrome Media Router) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
Profil CHR: C: Users gsgam AppData Local Google Chrome User Data Guest Profile [2019-10-26]
Profil CHR: C: Users gsgam AppData Local Google Chrome User Data System Profile [2019-10-26]
==================== Services (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera déplacé que s'il est répertorié séparément.)
R2 AESMService; C: WINDOWS System32 DriverStore FileRepository sgx_psw.inf_amd64_fd0b4b97d35097fa aesm_service.exe [716824 2019-09-22] (Produits de développement logiciel Intel® -> Intel Corporation)
R2 ClickToRunSvc; C: Program Files Microsoft Office 15 ClientX64 OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C: Program Files Conexant SAII CxUtilSvc.exe [181584 2019-01-25] (Conexant Systems LLC -> Conexant Systems, Inc.)
S2 DAX2API; C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe [189464 2019-01-21] () [File not signed]
R2 Dolby DAX2 API Service; C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe [189464 2019-01-21] () [File not signed]
R2 DSAService; C: Program Files (x86) Intel Driver and Support Assistant DSAService.exe [38248 2019-12-13] (Clé de signature IDSA Production -> Intel)
R3 DSAUpdateService; C: Program Files (x86) Intel Driver and Support Assistant DSAUpdateService.exe [145768 2019-12-13] (Clé de signature IDSA Production -> Intel)
R2 ESRV_SVC_QUEENCREEK; C: Program Files Intel SUR QUEENCREEK x64 esrv_svc.exe [885560 2019-05-15] (Produits de développement logiciel Intel® ->)
R2 ibtsiva; C: WINDOWS system32 ibtsiva.exe [530208 2019-09-12] (Solutions de connectivité sans fil Intel® -> Intel Corporation)
R2 ImControllerService; C: Program Files Lenovo ImController Service Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Interface IP TCP du service de licence de capacité Intel® R3; C: Program Files Intel Intel® Management Engine Components iCLS SocketHeciServer.exe [870248 2019-06-07] (Intel® Trust Services -> Intel® Corporation)
R3 Intel® Online Connect; C: Program Files Intel Intel® Online Connect ioc.exe [575216 2018-02-22] (Intel® Online Connect -> Intel Corporation)
S2 Intel® Online Connect Helper; C: Program Files Intel Intel® Online Connect iocHelperService.exe [306928 2018-02-22] (Intel® Online Connect -> Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)
S3 Intel® SUR QC SAM; C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)
R2 Intel® TechnologyAccessService; C: Program Files Intel Intel® Online Connect Access IntelTechnologyAccessService.exe [395000 2018-03-01] (Accès Intel® Online Connect -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C: Program Files Intel Intel® Management Engine Components iCLS TPMProvisioningService.exe [790376 2019-06-07] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe [538088 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Lenovo Instant On; C: WINDOWS SysWOW64 Lenovo PowerMgr EasyResume.exe [2351504 2019-11-12] (Lenovo -> Lenovo Group Limited)
S2 LENOVO.DPRSVC; C: Program Files (x86) Lenovo DPR LENOVO.DPRSVC.EXE [1109608 2016-12-28] (Lenovo -> Lenovo, Japan, Ltd.)
R2 LenovoVantageService; C: Program Files (x86) Lenovo VantageService LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.)
R2 LPlatSvc; C: WINDOWS System32 LPlatSvc.exe [892072 2019-12-03] (Lenovo -> Lenovo.)
R2 MBAMService; C: Program Files Malwarebytes Anti-Malware mbamservice.exe [6960640 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C: Program Files (x86) NordVPN nordvpn-service.exe [222240 2020-01-23] (TEFINCOM S.A. ->)
R2 RetroExpLauncher; C: Program Files (x86) Intel Entry Storage System retrospect retrorun.exe [102400 2007-10-25] (EMC Corporation) [File not signed]
R2 SAService; C: WINDOWS system32 SAsrv.exe [416576 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 Sense; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5796168 2019-11-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C: Program Files Synaptics SynTP SynTPEnhService.exe [262704 2019-10-17] (Synaptics Incorporated -> Synaptics Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C: Program Files Intel SUR QUEENCREEK SurSvc.exe [205112 2019-05-15] (Produits de développement logiciel Intel® ->)
S3 ThunderboltService; C:Program Files (x86)IntelThunderbolt Softwaretbtsvc.exe [2308800 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)
R2 TPHKLOAD; C:WINDOWSSystem32DriverStoreFileRepositoryfn.inf_amd64_97db46da3c44bbbbdriverTPHKLOAD.exe [427192 2019-09-28] (Lenovo -> Lenovo Group Limited)
S3 USER_ESRV_SVC_QUEENCREEK; C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe [885560 2019-05-15] (Intel® Software Development Products -> )
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0NisSrv.exe [3206472 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0MsMpEng.exe [103376 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:Program FilesIntelWiFibinZeroConfigService.exe [3743800 2019-06-24] (Intel Corporation -> Intel® Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 e1dexpress; C:WINDOWSSystem32DriverStoreFileRepositorye1d68x64.inf_amd64_9b04ae4c30c0d829e1d68x64.sys [606688 2019-09-10] (Intel® INTELND1820 -> Intel Corporation)
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [153312 2019-12-18] (Malwarebytes Corporation -> Malwarebytes)
R3 ibtusb; C:WINDOWSsystem32DRIVERSibtusb.sys [731424 2019-09-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [218288 2019-12-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [20936 2019-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [226688 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [73584 2020-01-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248968 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [105112 2020-01-16] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:WINDOWSSystem32DriverStoreFileRepositoryheci.inf_amd64_85021432489d6a1cx64TeeDriverW8x64.sys [266128 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S1 ndisrd; C:WINDOWSsystem32DRIVERSndisrfl.sys [51256 2018-03-01] (Intel® Online Connect Access -> Intel Corporation)
R3 Netwtw06; C:WINDOWSSystem32driversNetwtw06.sys [8832288 2019-09-13] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 nhi; C:WINDOWSsystem32DRIVERStbt100x.sys [138336 2018-10-08] (Intel® Client Connectivity Division SW -> Intel Corporation)
R1 PMDRVS; C:WINDOWSSystem32driverspmdrvs.sys [37952 2019-12-03] (Lenovo -> Lenovo.)
S3 pmxdrv; C:WINDOWSsystem32driverspmxdrv.sys [43632 2019-10-04] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 RTSPER; C:WINDOWSSystem32driversRtsPer.sys [994088 2019-04-26] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 semav6msr64; C:WINDOWSsystem32driverssemav6msr64.sys [43008 2019-05-15] (Intel Corporation -> )
R3 SensorsSimulatorDriver; C:WINDOWSSystem32driversWUDFRd.sys [297984 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 SGXEPC; C:WINDOWSSystem32driverssgx_driver.sys [52824 2016-05-18] (Intel Corporation -> Windows ® Win 7 DDK provider)
R3 SmbDrvI; C:WINDOWSsystem32DRIVERSSmb_driver_Intel.sys [47152 2019-10-17] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SPUVCbv; C:WINDOWSSystem32DriversSPUVCbv64.sys [901696 2017-07-30] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
R1 SynaMetSMI; C:WINDOWSSystem32driversSynaSmi.sys [39632 2019-04-03] (Synaptics Inc. -> Windows ® Win 7 DDK provider)
R3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [45664 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [355760 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [54192 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:WINDOWSSystem32driversXtuAcpiDriver.sys [63840 2015-06-06] (Intel® Software -> Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-24 23:59 – 2020-01-24 23:59 – 002580480 _____ (Farbar) C:UsersgsgamDownloadsFRST64 (1).exe
2020-01-24 23:43 – 2020-01-24 23:44 – 000003840 _____ C:UsersgsgamDesktopRkill.txt
2020-01-24 23:43 – 2020-01-24 23:43 – 001802704 _____ (Bleeping Computer, LLC) C:UsersgsgamDownloadsrkill.exe
2020-01-24 13:59 – 2020-01-24 13:59 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNordVPN
2020-01-24 13:59 – 2020-01-24 13:59 – 000000000 ____D C:Program Files (x86)NordVPN
2020-01-23 20:13 – 2020-01-23 20:13 – 000936405 _____ C:UsersgsgamDownloadsoriginal-prusa-i3-mk3-cooling-nozzle.zip
2020-01-22 22:40 – 2020-01-22 22:40 – 000365861 _____ C:UsersgsgamDownloadsSocket_organizer.zip
2020-01-22 22:40 – 2020-01-22 22:40 – 000000000 ____D C:UsersgsgamDownloadsSocket_organizer
2020-01-17 21:25 – 2019-12-09 21:15 – 000492544 _____ (Microsoft Corporation) C:WINDOWSsystem32poqexec.exe
2020-01-17 21:25 – 2019-12-09 20:59 – 000390656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64poqexec.exe
2020-01-17 21:18 – 2020-01-17 21:32 – 000000000 ____D C:UsersgsgamAppDataLocalLowIGDump
2020-01-16 21:57 – 2020-01-16 21:57 – 000000000 ___HD C:OneDriveTemp
2020-01-16 21:56 – 2020-01-16 21:56 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2020-01-16 21:56 – 2020-01-16 21:56 – 000226688 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2020-01-16 21:56 – 2020-01-16 21:56 – 000105112 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2020-01-16 21:56 – 2020-01-16 21:56 – 000073584 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2020-01-15 22:12 – 2020-01-15 22:12 – 000000000 ____D C:UsersgsgamDesktopIntel Entry Storage System
2020-01-15 21:55 – 2020-01-15 21:55 – 000001249 _____ C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsIntel Entry Storage System.lnk
2020-01-15 21:55 – 2020-01-15 21:55 – 000001219 _____ C:UsersgsgamDesktopIntel Entry Storage System.lnk
2020-01-15 21:55 – 2020-01-15 21:55 – 000000000 ____D C:UsersgsgamAppDataLocalsohoclient
2020-01-15 21:54 – 2020-01-16 21:53 – 000000000 ____D C:ProgramDataRetroExp
2020-01-15 21:54 – 2020-01-15 21:55 – 000000000 ___HD C:Program Files (x86)Zero G Registry
2020-01-15 21:54 – 2020-01-15 21:55 – 000000000 ____D C:Program Files (x86)Intel Entry Storage System
2020-01-15 21:54 – 2020-01-15 21:54 – 000000000 ____D C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsEMC Retrospect
2020-01-15 21:53 – 2020-01-15 21:53 – 000000000 ___HD C:UsersgsgamInstallAnywhere
2020-01-15 21:29 – 2020-01-15 21:29 – 031866334 _____ (Macrovision) C:UsersgsgamDownloadssetup.exe
2020-01-10 23:44 – 2020-01-10 23:44 – 001422612 _____ C:UsersgsgamDownloadsDrone_Manual.pdf
2020-01-08 20:40 – 2020-01-15 21:52 – 000000000 ____D C:UsersgsgamAppDataLocalElevatedDiagnostics
2020-01-05 22:27 – 2020-01-05 22:27 – 000000000 ____D C:UsersgsgamDownloadsInfill_40mm_fan_cover
2020-01-05 21:27 – 2020-01-05 21:30 – 000045498 _____ C:UsersgsgamDownloadsAddition.txt
2020-01-05 21:26 – 2020-01-25 00:01 – 000037998 _____ C:UsersgsgamDownloadsFRST.txt
2020-01-05 21:25 – 2020-01-25 00:00 – 000000000 ____D C:FRST
2020-01-05 21:23 – 2020-01-05 21:23 – 002272256 _____ (Farbar) C:UsersgsgamDownloadsFRST64.exe
2020-01-03 23:14 – 2020-01-05 21:24 – 000000000 ____D C:UsersgsgamDownloadsm3+screw+nut+organizer
2020-01-03 22:59 – 2020-01-03 22:59 – 000000000 ____D C:UsersgsgamDownloadsTool_Box_Socket_Holder_large_part
2020-01-03 21:59 – 2020-01-03 21:59 – 000000000 ____D C:UsersgsgamDownloadsMotorola_E4_Case_and_Model_
2020-01-01 00:16 – 2020-01-01 00:16 – 002035685 _____ C:UsersgsgamDownloadsdell-2009W_User's Guide_en-us.pdf
2020-01-01 00:00 – 2020-01-01 00:00 – 000000000 ____D C:UsersgsgamDownloadsAnti_vibration_base_for_Vibration_Damper_for_Prusa_i3_mk2
2019-12-31 23:50 – 2019-12-31 23:57 – 000000000 ____D C:UsersgsgamDownloadsPrusa_I3_MK2_Vibration_Damper_Rubber_feet
2019-12-31 23:02 – 2019-12-31 23:11 – 000000000 ____D C:AdwCleaner
2019-12-31 23:02 – 2019-12-31 23:02 – 008237744 _____ (Malwarebytes) C:UsersgsgamDownloadsadwcleaner_8.0.1.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-25 00:00 – 2019-03-18 20:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2020-01-24 23:40 – 2019-11-29 01:39 – 000004152 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-ABE3A6B6-9352-4EF8-99A6-A56826C356C4
2020-01-24 23:37 – 2019-11-29 01:30 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2020-01-24 13:59 – 2019-06-12 20:49 – 000002046 _____ C:UsersPublicDesktopNordVPN.lnk
2020-01-24 13:59 – 2019-06-12 20:49 – 000002046 _____ C:ProgramDataDesktopNordVPN.lnk
2020-01-24 13:59 – 2018-12-09 20:14 – 000000000 ____D C:UsersgsgamAppDataLocalNordVPN
2020-01-24 13:59 – 2018-12-09 20:14 – 000000000 ____D C:ProgramDataNordVpn
2020-01-24 13:51 – 2018-01-27 19:29 – 000000000 ____D C:UsersgsgamAppDataLocalEpic Privacy Browser
2020-01-23 22:30 – 2019-08-16 23:15 – 000000000 ____D C:UsersgsgamAppDataRoamingPrusaSlicer
2020-01-22 22:52 – 2018-01-27 18:36 – 000000000 ____D C:WINDOWSsystem32MRT
2020-01-22 22:37 – 2018-01-26 20:08 – 000000000 ____D C:Program FilesMicrosoft Office 15
2020-01-22 22:35 – 2019-03-18 20:52 – 000000000 ____D C:WINDOWSAppReadiness
2020-01-17 21:43 – 2019-03-18 20:37 – 000000000 ____D C:WINDOWSCbsTemp
2020-01-17 21:43 – 2018-01-27 18:36 – 120202352 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2020-01-17 21:20 – 2019-03-18 20:52 – 000000000 ___HD C:Program FilesWindowsApps
2020-01-17 21:14 – 2018-01-25 21:17 – 000000000 ___RD C:UsersgsgamOneDrive
2020-01-16 22:07 – 2018-01-27 19:28 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2020-01-16 22:07 – 2018-01-27 19:28 – 000002267 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2020-01-16 22:07 – 2018-01-27 19:28 – 000002267 _____ C:ProgramDataDesktopGoogle Chrome.lnk
2020-01-16 22:05 – 2019-11-29 01:37 – 000935192 _____ C:WINDOWSsystem32PerfStringBackup.INI
2020-01-16 22:05 – 2019-03-18 20:50 – 000000000 ____D C:WINDOWSINF
2020-01-16 21:56 – 2019-11-29 01:39 – 000000006 ____H C:WINDOWSTasksSA.DAT
2020-01-16 21:56 – 2019-11-29 01:39 – 000000000 ____D C:WINDOWSsystem32TasksLenovo
2020-01-16 21:56 – 2019-03-18 20:37 – 001048576 _____ C:WINDOWSsystem32configBBI
2020-01-16 21:56 – 2018-01-25 21:15 – 000000000 __SHD C:UsersgsgamIntelGraphicsProfiles
2020-01-16 21:53 – 2019-03-18 20:52 – 000000000 ____D C:WINDOWSsystem32NDF
2020-01-15 21:53 – 2019-11-29 01:33 – 000000000 ____D C:Usersgsgam
2020-01-14 23:37 – 2019-11-29 01:39 – 000003364 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-625891914-868822999-3065747768-1001
2020-01-14 23:37 – 2019-11-29 01:33 – 000002410 _____ C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2020-01-12 23:09 – 2019-11-22 21:37 – 000000000 ____D C:WINDOWSTempInst
2020-01-03 21:47 – 2019-03-01 22:44 – 000000000 ____D C:UsersgsgamAppDataRoamingAutodesk
2019-12-31 22:53 – 2019-08-01 21:40 – 000000000 ____D C:UsersgsgamAppDataLocalcache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt
————————————————————-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2020 01
Ran by gsgam (25-01-2020 00:01:23)
Running from C:UsersgsgamDownloads
Windows 10 Pro Version 1909 18363.535 (X64) (2019-11-29 09:39:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-625891914-868822999-3065747768-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-625891914-868822999-3065747768-503 – Limited – Disabled)
gsgam (S-1-5-21-625891914-868822999-3065747768-1001 – Administrator – Enabled) => C:Usersgsgam
Guest (S-1-5-21-625891914-868822999-3065747768-501 – Limited – Enabled)
HomeGroupUser$ (S-1-5-21-625891914-868822999-3065747768-1003 – Limited – Enabled)
saman (S-1-5-21-625891914-868822999-3065747768-1005 – Limited – Enabled)
WDAGUtilityAccount (S-1-5-21-625891914-868822999-3065747768-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B
AS: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Active Directory Authentication Library for SQL Server (HKLM…32C0D7B2-1046-43AC-98AD-B748E1910916) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32…F40FA676-46B1-4609-85EF-D2F1F79E0C0E) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32…