Serveur d'impression

Les connexions sortantes JUCYSH.com et UGYPLYSH.com sont arrêtées par Malwarebytes – Serveur d’impression

Par Titanfall , le 25 mars 2020 - 64 minutes de lecture

Obtention de plusieurs popups de Malwarebytes indiquant que les connexions sortantes jucysh.com ou ugyplysh.com sont bloquées. La fenêtre contextuelle indique que les fichiers proviennent de (x86) Google Chrome Application chrome.exe.

Les obtenir en groupes de trois à quatre, puis rien pendant une heure environ.

Aucun autre problème que je peux voir.

FRST.txt

————————————————– ———————–

Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01

Ran par gsgam (administrateur) sur LITTLEDOG (LENOVO 20HRCTO1WW) (25-01-2020 00:00:25)

Exécution à partir de C: Users gsgam Downloads

Profils chargés: gsgam (Profils disponibles: gsgam)

Plateforme: Windows 10 Pro version 1909 18363.535 (X64) Langue: anglais (États-Unis)

Navigateur par défaut: Chrome

Mode de démarrage: Normal

==================== Processus (sur liste blanche) =================

(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)

(Accès refusé) [File not signed] C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe

(Conexant Systems LLC -> Conexant Systems, Inc.) C: Program Files CONEXANT SAII CxUtilSvc.exe

(Conexant Systems, Inc. -> Conexant Systems Inc.) C: Windows System32 CxAudMsg64.exe

(Conexant Systems, Inc. -> Conexant Systems, Inc) C: Program Files CONEXANT SAII SmartAudio.exe

(Conexant Systems, Inc. -> Conexant Systems, Inc.) C: Program Files CONEXANT cAudioFilterAgent CAudioFilterAgent64.exe

(Conexant Systems, Inc. -> Conexant Systems, Inc.) C: Windows System32 SASrv.exe

(EMC Corporation -> EMC) C: Program Files (x86) Intel Entry Storage System sohoclient.exe

(EMC Corporation) [File not signed] C: Program Files (x86) Intel Entry Storage System retrospect retrorun.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.422 GoogleCrashHandler.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.422 GoogleCrashHandler64.exe

(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSAService.exe

(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSATray.exe

(Clé de signature IDSA Production -> Intel) C: Program Files (x86) Intel Driver and Support Assistant DSAUpdateService.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Fichiers communs Intel WirelessCommon RegSrvc.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe

(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe

(Groupe des sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe

(Groupe des sous-systèmes intégrés Intel et des blocs IP -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components LMS LMS.exe

(Intel® Online Connect -> Intel Corporation) C: Program Files Intel Intel® Online Connect ioc.exe

(Intel® Online Connect Access -> Intel® Corporation) C: Program Files Intel Intel® Online Connect Access IntelTechnologyAccessService.exe

(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxEM.exe

(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed igfxext.exe

(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed IntelCpHDCPSvc.exe

(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki132701.inf_amd64_f25b376c781866ed IntelCpHeciSvc.exe

(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK SurSvc.exe

(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK x64 esrv.exe

(Produits de développement logiciel Intel® ->) C: Program Files Intel SUR QUEENCREEK x64 esrv_svc.exe

(Produits de développement logiciel Intel® -> Intel Corporation) C: Windows System32 DriverStore FileRepository sgx_psw.inf_amd64_fd0b4b97d35097fa aesm_service.exe

(Intel® Trust Services -> Intel® Corporation) C: Program Files Intel Intel® Management Engine Components iCLS SocketHeciServer.exe

(Solutions de connectivité sans fil Intel® -> Intel Corporation) C: Windows System32 ibtsiva.exe

(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository fn.inf_amd64_97db46da3c44bbbb driver tphkload.exe

(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository FN531F ~ 1.INF driver shtctky.exe

(Lenovo -> Lenovo Group Limited) C: Windows System32 DriverStore FileRepository FN531F ~ 1.INF driver tposd.exe

(Lenovo -> Lenovo Group Limited) C: Windows SysWOW64 Lenovo PowerMgr EasyResume.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo ImController PluginHost Lenovo.Modern.ImController.PluginHost.Device.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService LenovoVantageService.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files Lenovo ImController PluginHost Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo -> Lenovo Group Ltd.) C: Program Files Lenovo ImController Service Lenovo.Modern.ImController.exe

(Lenovo -> Lenovo) C: Windows SysWOW64 Lenovo PowerMgr PowerMgr.exe

(Lenovo -> Lenovo.) C: Windows System32 ibmpmsvc.exe

(Lenovo -> Lenovo.) C: Windows System32 LPlatSvc.exe

(Lenovo -> Lenovo.) C: Windows System32 LPlatSvc.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbam.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe

(Malwarebytes Inc -> Malwarebytes) C: ProgramData Malwarebytes MBAMService ctlrupdate mbupdatr.exe

(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft Office 15 ClientX64 AppVShNotify.exe

(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft Office 15 ClientX64 officeclicktorun.exe

(Microsoft Corporation -> Microsoft Corporation) C: Program Files Microsoft SQL Server 90 Shared sqlwriter.exe

(Microsoft Corporation -> Microsoft Corporation) C: Users gsgam AppData Local Microsoft OneDrive 19.222.1110.0006 FileCoAuth.exe

(Microsoft Corporation -> Microsoft Corporation) C: Users gsgam AppData Local Microsoft OneDrive OneDrive.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows Microsoft.NET Framework64 v3.0 WPF PresentationFontCache.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe

(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe HxOutlook.exe

(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe HxTsr.exe

(Microsoft Corporation) C: Program Files WindowsApps Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe GameBar.exe

(Microsoft Corporation) C: Program Files WindowsApps Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe GameBarFT.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MusNotifyIcon.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 wlanext.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows SystemApps Microsoft.Windows.Cortana_cw5n1h2txyewy RemindersServer.exe

(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPEnh.exe

(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPEnhService.exe

(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPHelper.exe

(TEFINCOM S.A. ->) C: Program Files (x86) NordVPN nordvpn-service.exe

(TEFINCOM S.A. -> NordVPN) C: Program Files (x86) NordVPN NordVPN.exe

==================== Registre (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM-x32 … Exécuter: [Intel Driver & Support Assistant] => C: Program Files (x86) Intel Driver and Support Assistant DSATray.exe [139624 2019-12-13] (Clé de signature IDSA Production -> Intel)

HKU S-1-5-21-625891914-868822999-3065747768-1001 … Run: [Epic Privacy Browser Installer] => C: Users gsgam AppData Local Epic Privacy Browser Installer EpicUpdate.exe [509096 2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]

HKU S-1-5-21-625891914-868822999-3065747768-1001 … Run: [NordVPN] => C: Program Files (x86) NordVPN NordVPN.exe [1951264 2020-01-23] (TEFINCOM S.A.-> NordVPN)

HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 79.0.3945.130 Installer chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)

Démarrage: C: Users gsgam AppData Roaming Microsoft Windows Start Menu Programs Startup Intel Entry Storage System.lnk [2020-01-15]

ShortcutTarget: Intel Entry Storage System.lnk -> C: Program Files (x86) Intel Entry Storage System sohoclient.exe (EMC Corporation -> EMC)

==================== Tâches planifiées (liste blanche) ============

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera déplacé que s'il est répertorié séparément.)

Tâche: 003703C6-C359-4F1E-9A95-FAC4996D3023 – System32 Tasks Microsoft Windows Conexant SA2 => C: Program Files CONEXANT SAII SACpl.exe [1831744 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

Tâche: 01666D96-A0BC-4306-A3BE-433E99644687 – System32 Tasks Microsoft Windows rempl shell-usoscan => C: Program Files rempl remsh.exe

Tâche: 0174AE44-338F-4978-834C-96AA9A370B10 – System32 Tasks IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAsset .EXE [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)

Tâche: 06C021F4-7318-4CFE-A1AC-49D27B345A7A – System32 Tasks Microsoft Office OfficeTelemetryAgentLogOn => C: Program Files Microsoft Office 15 root Office15 msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Tâche: 16946E67-0184-4296-A7AA-6EDA568937CD – System32 Tasks Intel Thunderbolt Démarrer l'application Thunderbolt à la connexion si le service est activé => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter. EXE [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)

Tâche: 20B8C7D9-34FD-425E-B767-FE5302AEE9F3 – System32 Tasks Intel Thunderbolt Démarrer l'application Thunderbolt lorsque du matériel est détecté => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter.exe [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)

Tâche: 27FED4C6-3D2B-441A-8941-083962911B90 – System32 Tasks Lenovo Lenovo Platform Task => C: WINDOWS System32 LPlatSvc.exe [892072 2019-12-03] (Lenovo -> Lenovo.)

Tâche: 400F7F70-8774-4D8D-AEC8-1D0A3Fregular26F – System32 Tasks IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)

Tâche: 45DB06C5-AE56-4651-9C6B-A571C46DDB3A – System32 Tasks GoogleUpdateTaskMachineCore1d5781d1511496f => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)

Tâche: 558ECDE9-39F7-4610-A256-B40EBA26214B – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)

Tâche: 56EB38F0-92E0-4BFD-830D-50AEAB292CD9 – System32 Tasks USER_ESRV_SVC_QUEENCREEK => "C: WINDOWS System32 Wscript.exe" // B // NoLogo "C: Program Files Intel SUR QUEENCREEK x64 task.vbs "

Tâche: 646CE883-36BC-4265-B866-56DDBB5A7080 – System32 Tasks Intel Thunderbolt Start Thunderbolt service on boot if driver is up => C: Program Files (x86) Intel Thunderbolt Software \ tbtsvc. EXE [2308800 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)

Tâche: 7533760B-19DE-4686-B29E-C88E4EFED250 – System32 Tasks Lenovo ImController TimeBasedEvents 360a3274-2914-4b5d-939d-efdbe1573b0b => C: Program Files Lenovo ImControllod Service Lenovo. .ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)

Tâche: 784F1F37-F848-48BA-8EF4-AC92B2FFEC3C – Mises à jour automatiques System32 Tasks Microsoft Office Office => C: Program Files Microsoft Office 15 ClientX64 OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

Tâche: 7E7DC8A8-5493-4751-8581-393FFEF35F28 – System32 Tasks IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)

Tâche: 880B7313-3A2F-4B90-965B-528C3EA28ED5 – System32 Tasks IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)

Tâche: 881AFC19-7BD3-4E1B-B3EE-8C6D383B85ED – System32 Tasks HPCustParticipation HP Deskjet 3520 series => C: Program Files HP HP Deskjet 3520 series Bin HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)

Tâche: 8D6FE808-414C-4748-ACFD-0A1FDF023385 – System32 Tasks Intel Thunderbolt Start Thunderbolt application on switch user if service is up => C: Program Files (x86) Intel Thunderbolt Software \ ConditionalAppStarter .EXE [225984 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)

Tâche: 8F460757-EE58-4D60-B32D-22480C99ADA3 – System32 Tasks IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C: Program Files (x86) Intel Intel® Update Manager bin iumsvc .EXE

Tâche: 8FB9EB1B-EB11-44D4-A6D6-A4E7DB64325D – System32 Tasks GoogleUpdateTaskMachineUA1d5781d15158d21 => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)

Tâche: 93CA08D3-88C4-4C7B-8DA4-20EC735757F2 – Tâche de mise à jour System32 Tasks Microsoft Windows Live SOXE Extractor Definitions => 3519154C-227E-47F3-9CC9-12C3F05817F1

Tâche: 9B5B2FC4-78C5-4D8D-8A13-F85C283B700E – System32 Tasks Lenovo ImController Lenovo iM Controller Scheduled Maintenance =>% windir% system32 sc.exe START ImControllerService

Tâche: AE5DB63A-C9D8-432B-AD40-22A3CF60CFF3 – System32 Tasks Microsoft VisualStudio VSIX Auto Update 14 => C: Program Files (x86) Microsoft Visual Studio 14.0 Common7 IDE VSIXAutoUpdate.exe [139448 2016-06-20] (Microsoft Corporation -> Microsoft Corporation)

Tâche: B3E6F43E-9199-4283-A36C-A0B2E3BC4A95 – System32 Tasks Lenovo Power Management Driver PnP Task => C: WINDOWS System32 ibmpmsvc.exe [891048 2019-12-03] (Lenovo -> Lenovo.)

Tâche: B6D631A8-6450-47D6-ACDC-8FEB85E129C3 – System32 Tasks Microsoft Windows Conexant AFA => C: Program Files CONEXANT cAudioFilterAgent SACpl.exe [1823232 2016-07-05] (Conexant Systems, Inc.) [File not signed]

Tâche: C99F7DAD-A306-405E-8389-85ABCC6C7AE3 – Microsoft Windows UNP RunCampaignManager -> Aucun fichier <==== ATTENTION

Tâche: CEACEC83-1356-4A81-9A97-663670A7870F – System32 Tasks Lenovo Power Manager Background monitor => C: WINDOWS SysWOW64 Lenovo PowerMgr PowerMgr.exe [113024 2019-11-12] (Lenovo -> Lenovo)

Tâche: CF1C86D1-6CCC-4415-A798-AB1B7299DEAD – System32 Tasks Lenovo ImController Lenovo iM Controller Monitor => C: WINDOWS system32 ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.)

Tâche: D241F223-22B1-48AF-9DAA-C92B37304F62 – System32 Tasks Lenovo ImController Plugins LenovoSystemUpdatePlugin_WeeklyTask =>% windir% System32 reg.exe add hklm SOFTWARE Lenovo SystemUpdulerPlugin t reg_dword / d 1 / f / reg: 32

Tâche: D36C7399-2F9F-4426-B63D-1BDA285AF0C4 – Tâche System32 Tasks Lenovo Power Manager Uninstall => C: WINDOWS SysWOW64 Lenovo PowerMgr PowerMgrInst.exe [59776 2019-11-12] (Lenovo ->)

Tâche: D4794C43-7820-4CEE-BEE4-6B03E2D3775D – System32 Tasks Lenovo Vantage Lenovo.Vantage.ServiceMaintainance =>% systemroot% system32 sc.exe démarrer LenovoVantageService

Tâche: E66A10C0-5A62-4FF6-BDDA-C092F84EA63E – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Microsoft Office 15 ClientX64 OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

Tâche: EEE4AA24-94C5-4DE3-A822-97725F5F8507 – System32 Tasks Microsoft Office OfficeTelemetryAgentFallBack => C: Program Files Microsoft Office 15 root Office15 msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Tâche: F4E3C4A9-60A6-4E14-B204-BB511412CBED – System32 Tasks Lenovo ImController TimeBasedEvents 75f1276b-ef72-45a9-8f28-ec8f73e0c05c => C: Program Files Lenovo ImControll.M .ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)

Tâche: F64AA104-8A0B-4F22-8395-E88D39A9CC52 – System32 Tasks Intel Thunderbolt Démarrer le service Thunderbolt lorsque le matériel est détecté => sc.exe démarre ThunderboltService

Tâche: FE37CAAB-7AD0-4D83-BE93-CA6A7A5A4B64 – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-27] (Google Inc -> Google Inc.)

(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

==================== Internet (liste blanche) ====================

(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)

Tcpip Paramètres: [DhcpNameServer] 192.168.1.1

Tcpip .. Interfaces 7c6a8c44-8519-415e-9284-5f11fab26e2e: [DhcpNameServer] 172.16.1.4

Tcpip .. Interfaces cfc9e413-0c39-454b-b2e8-6dd0828394a5: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU S-1-5-21-625891914-868822999-3065747768-1001 Software Microsoft Internet Explorer Main, page de démarrage = hxxp: //lenovo17swin10.msn.com/? Pc = LJSE

HKU S-1-5-21-625891914-868822999-3065747768-1001 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //lenovo17swin10.msn.com/? Pc = LJSE

SearchScopes: HKU S-1-5-21-625891914-868822999-3065747768-1001 -> DefaultScope 86F5EC55-FD66-4E14-9FE0-5475A39A76E2 URL =

SearchScopes: HKU S-1-5-21-625891914-868822999-3065747768-1001 -> 86F5EC55-FD66-4E14-9FE0-5475A39A76E2 URL =

BHO: Skype for Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX64 Microsoft Office Office15 OCHelper.dll [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)

BHO: Aide au navigateur Microsoft SkyDrive Pro -> D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX64 Microsoft Office Office15 GROOVEEX.DLL [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Assistant de navigateur Skype Entreprise -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files Microsoft Office 15 root Office15 OCHelper.dll [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Aide au navigateur Microsoft SkyDrive Pro -> D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF -> C: Program Files Microsoft Office 15 root Office15 GROOVEEX.DLL [2019-11-19] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf – D924BDC6-C83A-4BD5-90D0-095128A113D1 – C: Program Files Microsoft Office 15 root Office15 MSOSB.DLL [2018-01-26] (Microsoft Corporation -> Microsoft Corporation)

Bord:

======

DownloadDir: C: Users gsgam Downloads

Extension Edge: (LastPass: Gestionnaire de mots de passe gratuit) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C: Program Files WindowsApps LastPass.LastPassFreePasswordManager_4.40.1.0_qeufal [2020-01-17]

FireFox:

========

Plugin FF: @ Microsoft.com / NpCtrl, version = 1.0 -> c: Program Files Microsoft Silverlight 5.1.50918.0 npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Plugin FF: @ videolan.org / vlc, version = 3.0.8 -> C: Program Files VideoLAN VLC npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)

FF Plugin-x32: @ microsoft.com / Lync, version = 15.0 -> C: Program Files Microsoft Office 15 root VFS ProgramFilesX86 Mozilla Firefox plugins npmeetingjoinpluginoc.dll [2018-01-28] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @ Microsoft.com / NpCtrl, version = 1.0 -> c: Program Files (x86) Microsoft Silverlight 5.1.50918.0 npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files Microsoft Office 15 root Office15 NPSPWRAP.DLL [2018-01-26] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @ microsoft.com / WLPG, version = 16.4.3528.0331 -> C: Program Files (x86) Windows Live Photo Gallery NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @ tools.google.com / Google Update; version = 3 -> C: Program Files (x86) Google Update 1.3.35.422 npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

FF Plugin-x32: @ tools.google.com / Google Update; version = 9 -> C: Program Files (x86) Google Update 1.3.35.422 npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

FF Plugin HKU S-1-5-21-625891914-868822999-3065747768-1001: @ updates.epicbrowser.com / Epic Privacy Browser Installer; version = 3 -> C: Users gsgam AppData Local Epic Privacy Browser Installer 1.3.27.13 npEpicUpdate3.dll [2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]

Plugin FF HKU S-1-5-21-625891914-868822999-3065747768-1001: @ updates.epicbrowser.com / Epic Privacy Browser Installer; version = 9 -> C: Users gsgam AppData Local Epic Privacy Browser Installer 1.3.27.13 npEpicUpdate3.dll [2018-01-27] (Google Inc (TEST) -> Navigateur de confidentialité Epic) [File not signed]

Chrome:

=======

CHR DefaultProfile: Par défaut

Notifications CHR: Par défaut -> hxxps: //all3dp.com; hxxps: //fossbytes.com; hxxps: //gopro.com; hxxps: //offerup.com; hxxps: //openbuildspartstore.pushassist.com; hxxps: //push-cgedfig-5037.pushails.com; hxxps: //www.digitaltrends.com; hxxps: //www.facebook.com; hxxps: //www.myminifactory.com; hxxps: //www.reddit.com; hxxps: //www.tomsguide.com

Profil CHR: C: Users gsgam AppData Local Google Chrome User Data Default [2020-01-25]

Extension CHR: (diapositives) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-01-27]

Extension CHR: (Docs) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-01-27]

Extension CHR: (Google Drive) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2018-01-27]

Extension CHR: (YouTube) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-27]

Extension CHR: (MockFlow) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions cldcgifnkcmflfjfbhedkdfecbaakmcd [2019-03-23]

Extension CHR: (BotCheck.me) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions dljbmlbmdokgjliodlmkajmdbjdkkphd [2019-05-13]

Extension CHR: (Sheets) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2018-01-27]

Extension CHR: (Zoom +) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions gadfkeikojdjckcjckjaenohmfmkaokd [2019-03-23]

Extension CHR: (Google Docs hors ligne) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]

Extension CHR: (LastPass: Free Password Manager) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions hdokiejnpimakedhajhdlcegeplioahd [2020-01-15]

Extension CHR: (Enregistrer dans Pocket) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions niloccemoadcdkdjlinkgdfekeahmflj [2019-07-24]

Extension CHR: (Paiements Chrome Web Store) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]

Extension CHR: (Accessibility Insights for Web) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pbjjkligggfmakdaogkfomddhfmpjeni [2020-01-10]

Extension CHR: (Gmail) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-17]

Extension CHR: (Chrome Media Router) – C: Users gsgam AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]

Profil CHR: C: Users gsgam AppData Local Google Chrome User Data Guest Profile [2019-10-26]

Profil CHR: C: Users gsgam AppData Local Google Chrome User Data System Profile [2019-10-26]

==================== Services (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera déplacé que s'il est répertorié séparément.)

R2 AESMService; C: WINDOWS System32 DriverStore FileRepository sgx_psw.inf_amd64_fd0b4b97d35097fa aesm_service.exe [716824 2019-09-22] (Produits de développement logiciel Intel® -> Intel Corporation)

R2 ClickToRunSvc; C: Program Files Microsoft Office 15 ClientX64 OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

R2 CxUtilSvc; C: Program Files Conexant SAII CxUtilSvc.exe [181584 2019-01-25] (Conexant Systems LLC -> Conexant Systems, Inc.)

S2 DAX2API; C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe [189464 2019-01-21] () [File not signed]

R2 Dolby DAX2 API Service; C: Program Files Dolby Dolby DAX2 DAX2_API DolbyDAX2API.exe [189464 2019-01-21] () [File not signed]

R2 DSAService; C: Program Files (x86) Intel Driver and Support Assistant DSAService.exe [38248 2019-12-13] (Clé de signature IDSA Production -> Intel)

R3 DSAUpdateService; C: Program Files (x86) Intel Driver and Support Assistant DSAUpdateService.exe [145768 2019-12-13] (Clé de signature IDSA Production -> Intel)

R2 ESRV_SVC_QUEENCREEK; C: Program Files Intel SUR QUEENCREEK x64 esrv_svc.exe [885560 2019-05-15] (Produits de développement logiciel Intel® ->)

R2 ibtsiva; C: WINDOWS system32 ibtsiva.exe [530208 2019-09-12] (Solutions de connectivité sans fil Intel® -> Intel Corporation)

R2 ImControllerService; C: Program Files Lenovo ImController Service Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)

Interface IP TCP du service de licence de capacité Intel® R3; C: Program Files Intel Intel® Management Engine Components iCLS SocketHeciServer.exe [870248 2019-06-07] (Intel® Trust Services -> Intel® Corporation)

R3 Intel® Online Connect; C: Program Files Intel Intel® Online Connect ioc.exe [575216 2018-02-22] (Intel® Online Connect -> Intel Corporation)

S2 Intel® Online Connect Helper; C: Program Files Intel Intel® Online Connect iocHelperService.exe [306928 2018-02-22] (Intel® Online Connect -> Intel Corporation)

S3 Intel® Online Connect Software Asset Manager; C: Program Files (x86) Intel Intel® Online Connect Access Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [18152 2016-12-21] (Intel® Software Asset Manager -> Intel Corporation)

S3 Intel® SUR QC SAM; C: Program Files Intel SUR QUEENCREEK Updater bin IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Produits de développement logiciel Intel® -> Intel Corporation)

R2 Intel® TechnologyAccessService; C: Program Files Intel Intel® Online Connect Access IntelTechnologyAccessService.exe [395000 2018-03-01] (Accès Intel® Online Connect -> Intel® Corporation)

S2 Intel® TPM Provisioning Service; C: Program Files Intel Intel® Management Engine Components iCLS TPMProvisioningService.exe [790376 2019-06-07] (Intel® Trust Services -> Intel® Corporation)

R2 jhi_service; C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe [538088 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 Lenovo Instant On; C: WINDOWS SysWOW64 Lenovo PowerMgr EasyResume.exe [2351504 2019-11-12] (Lenovo -> Lenovo Group Limited)

S2 LENOVO.DPRSVC; C: Program Files (x86) Lenovo DPR LENOVO.DPRSVC.EXE [1109608 2016-12-28] (Lenovo -> Lenovo, Japan, Ltd.)

R2 LenovoVantageService; C: Program Files (x86) Lenovo VantageService LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.)

R2 LPlatSvc; C: WINDOWS System32 LPlatSvc.exe [892072 2019-12-03] (Lenovo -> Lenovo.)

R2 MBAMService; C: Program Files Malwarebytes Anti-Malware mbamservice.exe [6960640 2019-12-15] (Malwarebytes Inc -> Malwarebytes)

R2 nordvpn-service; C: Program Files (x86) NordVPN nordvpn-service.exe [222240 2020-01-23] (TEFINCOM S.A. ->)

R2 RetroExpLauncher; C: Program Files (x86) Intel Entry Storage System retrospect retrorun.exe [102400 2007-10-25] (EMC Corporation) [File not signed]

R2 SAService; C: WINDOWS system32 SAsrv.exe [416576 2016-12-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

S3 Sense; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5796168 2019-11-29] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 SynTPEnhService; C: Program Files Synaptics SynTP SynTPEnhService.exe [262704 2019-10-17] (Synaptics Incorporated -> Synaptics Incorporated)

R2 SystemUsageReportSvc_QUEENCREEK; C: Program Files Intel SUR QUEENCREEK SurSvc.exe [205112 2019-05-15] (Produits de développement logiciel Intel® ->)

S3 ThunderboltService; C:Program Files (x86)IntelThunderbolt Softwaretbtsvc.exe [2308800 2018-09-06] (Intel® Client Connectivity Division SW -> Intel Corporation)

R2 TPHKLOAD; C:WINDOWSSystem32DriverStoreFileRepositoryfn.inf_amd64_97db46da3c44bbbbdriverTPHKLOAD.exe [427192 2019-09-28] (Lenovo -> Lenovo Group Limited)

S3 USER_ESRV_SVC_QUEENCREEK; C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe [885560 2019-05-15] (Intel® Software Development Products -> )

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0NisSrv.exe [3206472 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0MsMpEng.exe [103376 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ZeroConfigService; C:Program FilesIntelWiFibinZeroConfigService.exe [3743800 2019-06-24] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:WINDOWSSystem32DriverStoreFileRepositorye1d68x64.inf_amd64_9b04ae4c30c0d829e1d68x64.sys [606688 2019-09-10] (Intel® INTELND1820 -> Intel Corporation)

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [153312 2019-12-18] (Malwarebytes Corporation -> Malwarebytes)

R3 ibtusb; C:WINDOWSsystem32DRIVERSibtusb.sys [731424 2019-09-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [218288 2019-12-18] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [20936 2019-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [226688 2020-01-16] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [73584 2020-01-16] (Malwarebytes Corporation -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248968 2020-01-16] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [105112 2020-01-16] (Malwarebytes Inc -> Malwarebytes)

R3 MEIx64; C:WINDOWSSystem32DriverStoreFileRepositoryheci.inf_amd64_85021432489d6a1cx64TeeDriverW8x64.sys [266128 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

S1 ndisrd; C:WINDOWSsystem32DRIVERSndisrfl.sys [51256 2018-03-01] (Intel® Online Connect Access -> Intel Corporation)

R3 Netwtw06; C:WINDOWSSystem32driversNetwtw06.sys [8832288 2019-09-13] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

S3 nhi; C:WINDOWSsystem32DRIVERStbt100x.sys [138336 2018-10-08] (Intel® Client Connectivity Division SW -> Intel Corporation)

R1 PMDRVS; C:WINDOWSSystem32driverspmdrvs.sys [37952 2019-12-03] (Lenovo -> Lenovo.)

S3 pmxdrv; C:WINDOWSsystem32driverspmxdrv.sys [43632 2019-10-04] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R3 RTSPER; C:WINDOWSSystem32driversRtsPer.sys [994088 2019-04-26] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)

R3 semav6msr64; C:WINDOWSsystem32driverssemav6msr64.sys [43008 2019-05-15] (Intel Corporation -> )

R3 SensorsSimulatorDriver; C:WINDOWSSystem32driversWUDFRd.sys [297984 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

S3 SGXEPC; C:WINDOWSSystem32driverssgx_driver.sys [52824 2016-05-18] (Intel Corporation -> Windows ® Win 7 DDK provider)

R3 SmbDrvI; C:WINDOWSsystem32DRIVERSSmb_driver_Intel.sys [47152 2019-10-17] (Synaptics Incorporated -> Synaptics Incorporated)

S3 SPUVCbv; C:WINDOWSSystem32DriversSPUVCbv64.sys [901696 2017-07-30] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)

R1 SynaMetSMI; C:WINDOWSSystem32driversSynaSmi.sys [39632 2019-04-03] (Synaptics Inc. -> Windows ® Win 7 DDK provider)

R3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [45664 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [355760 2019-12-09] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [54192 2019-12-09] (Microsoft Windows -> Microsoft Corporation)

R3 XtuAcpiDriver; C:WINDOWSSystem32driversXtuAcpiDriver.sys [63840 2015-06-06] (Intel® Software -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-24 23:59 – 2020-01-24 23:59 – 002580480 _____ (Farbar) C:UsersgsgamDownloadsFRST64 (1).exe

2020-01-24 23:43 – 2020-01-24 23:44 – 000003840 _____ C:UsersgsgamDesktopRkill.txt

2020-01-24 23:43 – 2020-01-24 23:43 – 001802704 _____ (Bleeping Computer, LLC) C:UsersgsgamDownloadsrkill.exe

2020-01-24 13:59 – 2020-01-24 13:59 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNordVPN

2020-01-24 13:59 – 2020-01-24 13:59 – 000000000 ____D C:Program Files (x86)NordVPN

2020-01-23 20:13 – 2020-01-23 20:13 – 000936405 _____ C:UsersgsgamDownloadsoriginal-prusa-i3-mk3-cooling-nozzle.zip

2020-01-22 22:40 – 2020-01-22 22:40 – 000365861 _____ C:UsersgsgamDownloadsSocket_organizer.zip

2020-01-22 22:40 – 2020-01-22 22:40 – 000000000 ____D C:UsersgsgamDownloadsSocket_organizer

2020-01-17 21:25 – 2019-12-09 21:15 – 000492544 _____ (Microsoft Corporation) C:WINDOWSsystem32poqexec.exe

2020-01-17 21:25 – 2019-12-09 20:59 – 000390656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64poqexec.exe

2020-01-17 21:18 – 2020-01-17 21:32 – 000000000 ____D C:UsersgsgamAppDataLocalLowIGDump

2020-01-16 21:57 – 2020-01-16 21:57 – 000000000 ___HD C:OneDriveTemp

2020-01-16 21:56 – 2020-01-16 21:56 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2020-01-16 21:56 – 2020-01-16 21:56 – 000226688 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2020-01-16 21:56 – 2020-01-16 21:56 – 000105112 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2020-01-16 21:56 – 2020-01-16 21:56 – 000073584 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2020-01-15 22:12 – 2020-01-15 22:12 – 000000000 ____D C:UsersgsgamDesktopIntel Entry Storage System

2020-01-15 21:55 – 2020-01-15 21:55 – 000001249 _____ C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsIntel Entry Storage System.lnk

2020-01-15 21:55 – 2020-01-15 21:55 – 000001219 _____ C:UsersgsgamDesktopIntel Entry Storage System.lnk

2020-01-15 21:55 – 2020-01-15 21:55 – 000000000 ____D C:UsersgsgamAppDataLocalsohoclient

2020-01-15 21:54 – 2020-01-16 21:53 – 000000000 ____D C:ProgramDataRetroExp

2020-01-15 21:54 – 2020-01-15 21:55 – 000000000 ___HD C:Program Files (x86)Zero G Registry

2020-01-15 21:54 – 2020-01-15 21:55 – 000000000 ____D C:Program Files (x86)Intel Entry Storage System

2020-01-15 21:54 – 2020-01-15 21:54 – 000000000 ____D C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsEMC Retrospect

2020-01-15 21:53 – 2020-01-15 21:53 – 000000000 ___HD C:UsersgsgamInstallAnywhere

2020-01-15 21:29 – 2020-01-15 21:29 – 031866334 _____ (Macrovision) C:UsersgsgamDownloadssetup.exe

2020-01-10 23:44 – 2020-01-10 23:44 – 001422612 _____ C:UsersgsgamDownloadsDrone_Manual.pdf

2020-01-08 20:40 – 2020-01-15 21:52 – 000000000 ____D C:UsersgsgamAppDataLocalElevatedDiagnostics

2020-01-05 22:27 – 2020-01-05 22:27 – 000000000 ____D C:UsersgsgamDownloadsInfill_40mm_fan_cover

2020-01-05 21:27 – 2020-01-05 21:30 – 000045498 _____ C:UsersgsgamDownloadsAddition.txt

2020-01-05 21:26 – 2020-01-25 00:01 – 000037998 _____ C:UsersgsgamDownloadsFRST.txt

2020-01-05 21:25 – 2020-01-25 00:00 – 000000000 ____D C:FRST

2020-01-05 21:23 – 2020-01-05 21:23 – 002272256 _____ (Farbar) C:UsersgsgamDownloadsFRST64.exe

2020-01-03 23:14 – 2020-01-05 21:24 – 000000000 ____D C:UsersgsgamDownloadsm3+screw+nut+organizer

2020-01-03 22:59 – 2020-01-03 22:59 – 000000000 ____D C:UsersgsgamDownloadsTool_Box_Socket_Holder_large_part

2020-01-03 21:59 – 2020-01-03 21:59 – 000000000 ____D C:UsersgsgamDownloadsMotorola_E4_Case_and_Model_

2020-01-01 00:16 – 2020-01-01 00:16 – 002035685 _____ C:UsersgsgamDownloadsdell-2009W_User's Guide_en-us.pdf

2020-01-01 00:00 – 2020-01-01 00:00 – 000000000 ____D C:UsersgsgamDownloadsAnti_vibration_base_for_Vibration_Damper_for_Prusa_i3_mk2

2019-12-31 23:50 – 2019-12-31 23:57 – 000000000 ____D C:UsersgsgamDownloadsPrusa_I3_MK2_Vibration_Damper_Rubber_feet

2019-12-31 23:02 – 2019-12-31 23:11 – 000000000 ____D C:AdwCleaner

2019-12-31 23:02 – 2019-12-31 23:02 – 008237744 _____ (Malwarebytes) C:UsersgsgamDownloadsadwcleaner_8.0.1.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-25 00:00 – 2019-03-18 20:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2020-01-24 23:40 – 2019-11-29 01:39 – 000004152 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-ABE3A6B6-9352-4EF8-99A6-A56826C356C4

2020-01-24 23:37 – 2019-11-29 01:30 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2020-01-24 13:59 – 2019-06-12 20:49 – 000002046 _____ C:UsersPublicDesktopNordVPN.lnk

2020-01-24 13:59 – 2019-06-12 20:49 – 000002046 _____ C:ProgramDataDesktopNordVPN.lnk

2020-01-24 13:59 – 2018-12-09 20:14 – 000000000 ____D C:UsersgsgamAppDataLocalNordVPN

2020-01-24 13:59 – 2018-12-09 20:14 – 000000000 ____D C:ProgramDataNordVpn

2020-01-24 13:51 – 2018-01-27 19:29 – 000000000 ____D C:UsersgsgamAppDataLocalEpic Privacy Browser

2020-01-23 22:30 – 2019-08-16 23:15 – 000000000 ____D C:UsersgsgamAppDataRoamingPrusaSlicer

2020-01-22 22:52 – 2018-01-27 18:36 – 000000000 ____D C:WINDOWSsystem32MRT

2020-01-22 22:37 – 2018-01-26 20:08 – 000000000 ____D C:Program FilesMicrosoft Office 15

2020-01-22 22:35 – 2019-03-18 20:52 – 000000000 ____D C:WINDOWSAppReadiness

2020-01-17 21:43 – 2019-03-18 20:37 – 000000000 ____D C:WINDOWSCbsTemp

2020-01-17 21:43 – 2018-01-27 18:36 – 120202352 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2020-01-17 21:20 – 2019-03-18 20:52 – 000000000 ___HD C:Program FilesWindowsApps

2020-01-17 21:14 – 2018-01-25 21:17 – 000000000 ___RD C:UsersgsgamOneDrive

2020-01-16 22:07 – 2018-01-27 19:28 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2020-01-16 22:07 – 2018-01-27 19:28 – 000002267 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2020-01-16 22:07 – 2018-01-27 19:28 – 000002267 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2020-01-16 22:05 – 2019-11-29 01:37 – 000935192 _____ C:WINDOWSsystem32PerfStringBackup.INI

2020-01-16 22:05 – 2019-03-18 20:50 – 000000000 ____D C:WINDOWSINF

2020-01-16 21:56 – 2019-11-29 01:39 – 000000006 ____H C:WINDOWSTasksSA.DAT

2020-01-16 21:56 – 2019-11-29 01:39 – 000000000 ____D C:WINDOWSsystem32TasksLenovo

2020-01-16 21:56 – 2019-03-18 20:37 – 001048576 _____ C:WINDOWSsystem32configBBI

2020-01-16 21:56 – 2018-01-25 21:15 – 000000000 __SHD C:UsersgsgamIntelGraphicsProfiles

2020-01-16 21:53 – 2019-03-18 20:52 – 000000000 ____D C:WINDOWSsystem32NDF

2020-01-15 21:53 – 2019-11-29 01:33 – 000000000 ____D C:Usersgsgam

2020-01-14 23:37 – 2019-11-29 01:39 – 000003364 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-625891914-868822999-3065747768-1001

2020-01-14 23:37 – 2019-11-29 01:33 – 000002410 _____ C:UsersgsgamAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2020-01-12 23:09 – 2019-11-22 21:37 – 000000000 ____D C:WINDOWSTempInst

2020-01-03 21:47 – 2019-03-01 22:44 – 000000000 ____D C:UsersgsgamAppDataRoamingAutodesk

2019-12-31 22:53 – 2019-08-01 21:40 – 000000000 ____D C:UsersgsgamAppDataLocalcache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

————————————————————-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2020 01

Ran by gsgam (25-01-2020 00:01:23)

Running from C:UsersgsgamDownloads

Windows 10 Pro Version 1909 18363.535 (X64) (2019-11-29 09:39:42)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-625891914-868822999-3065747768-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-625891914-868822999-3065747768-503 – Limited – Disabled)

gsgam (S-1-5-21-625891914-868822999-3065747768-1001 – Administrator – Enabled) => C:Usersgsgam

Guest (S-1-5-21-625891914-868822999-3065747768-501 – Limited – Enabled)

HomeGroupUser$ (S-1-5-21-625891914-868822999-3065747768-1003 – Limited – Enabled)

saman (S-1-5-21-625891914-868822999-3065747768-1005 – Limited – Enabled)

WDAGUtilityAccount (S-1-5-21-625891914-868822999-3065747768-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B

AS: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM…32C0D7B2-1046-43AC-98AD-B748E1910916) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden

Active Directory Authentication Library for SQL Server (x86) (HKLM-x32…F40FA676-46B1-4609-85EF-D2F1F79E0C0E) (Version: 13.0.1601.5 – Microsoft Corporation) Hidden

Application Insights Tools for Visual Studio 2015 (HKLM-x32…E4C791E-B78E-477D-BD5A-CDD0985BA6EC) (Version: 7.0.20622.1 – Microsoft Corporation)

Arduino (HKLM-x32…Arduino) (Version: 1.8.9 – Arduino LLC)

Autodesk Fusion 360 (HKUS-1-5-21-625891914-868822999-3065747768-1001…73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.6516 – Autodesk, Inc.)

Azure AD Authentication Connected Service (HKLM-x32…8A1AD070-269F-4A15-AAB5-76AB896EF195) (Version: 14.0.25420 – Microsoft Corporation) Hidden

AzureTools.Notifications (HKLM-x32…1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2) (Version: 2.7.30611.1601 – Microsoft Corporation) Hidden

balenaEtcher 1.5.59 (HKUS-1-5-21-625891914-868822999-3065747768-1001…d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.59 – Balena Inc.)

Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32…37E53780-3944-4A6A-842F-727128E8616E) (Version: 3.0.40218.0 – Microsoft Corporation) Hidden

ChiTuBox 1.5 (HKLM-x32…ChiTuBox 1.5) (Version:  – )

D3DX10 (HKLM-x32…E09C4DB7-630C-4F06-A631-8EA7239923AF) (Version: 15.4.2368.0902 – Microsoft) Hidden

Documentation Manager (HKLM…3EF18AD4-8F08-42FE-B2A4-F2DDB1DFB5D0) (Version: 21.50.1.1 – Intel Corporation) Hidden

Dolby Audio X2 Windows API SDK (HKLM…F290F786-5F69-48D4-B20B-D21C7DE56EF0) (Version: 0.8.8.88 – Dolby Laboratories, Inc.) Hidden

Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32…60018889-9E0F-43E8-9B89-29E8C828B40A) (Version: 5.22.0.3788 – PreEmptive Solutions) Hidden

Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32…2A56910C-69C8-495D-8ED8-9080F0A14E58) (Version: 14.0.41103.0 – Microsoft Corporation)

Epic Privacy Browser (HKUS-1-5-21-625891914-868822999-3065747768-1001…Epic Privacy Browser) (Version: 71.0.3578.98 – Epic)

Google Chrome (HKLM-x32…Google Chrome) (Version: 79.0.3945.130 – Google LLC)

Google Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.421 – Google LLC) Hidden

HP Deskjet 3520 series Basic Device Software (HKLM…A0A03B53-927D-4454-A456-CB0A72A4912F) (Version: 28.0.1315.0 – Hewlett-Packard Co.)

HP Deskjet 3520 series Product Improvement Study (HKLM…14ABDFC2-491B-4AF0-8134-CC5596D0EF57) (Version: 28.0.1315.0 – Hewlett-Packard Co.)

HP Deskjet 3520 series Setup Guide (HKLM-x32…AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E) (Version: 27.0.0 – Hewlett Packard)

IIS 10.0 Express (HKLM…13FD7E30-D2F1-498D-ABC2-A4242DB6610E) (Version: 10.0.1736 – Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM…8274920-8908-45c2-9258-8ad67ff77b09.sdb) (Version:  – )

IIS Express Application Compatibility Database for x86 (HKLM…ad846bae-d44b-4722-abad-f7420e08bcd9.sdb) (Version:  – )

Intel Driver && Support Assistant (HKLM-x32…3EAAD5EA-1D87-442D-8426-FD4FCE62119D) (Version: 19.12.50.5 – Intel) Hidden

Intel Entry Storage System (HKLM-x32…Intel Entry Storage System) (Version: 1.0.0.0 – )

Intel® Chipset Device Software (HKLM-x32…bb0592a7-5772-4736-9d55-2402740085db) (Version: 10.1.1.38 – Intel® Corporation) Hidden

Intel® Computing Improvement Program (HKLM…85B6BF0F-EF1B-4F0F-892D-E68BD798950C) (Version: 2.4.04669 – Intel Corporation)

Intel® Management Engine Components (HKLM…1CEAC85D-2590-4760-800F-8DE5E91F3700) (Version: 1932.12.0.1298 – Intel Corporation)

Intel® Online Connect Software Asset Manager (HKLM-x32…15998D77-1F78-43EE-96D4-1067ECAA2412) (Version: 3.5.2247 – Intel Corporation) Hidden

Intel® Processor Graphics (HKLM-x32…F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA) (Version: 26.20.100.6913 – Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32…C9552825-7BF2-4344-BA91-D3CD46F4C441) (Version: 1.56.87.0 – Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32…5817e4d-5f15-49b4-afec-7edb31fc7dd6) (Version: 1.56.87.0 – Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32…0000050-0210-1033-84C8-B8D95FA3C8C3) (Version: 21.50.0.1 – Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32…8d174f37-ea1a-4e4d-be82-c10521a3c687) (Version: 19.12.50.5 – Intel)

Intel® Online Connect (HKLM-x32…6b556278-d555-4d14-ac99-8ad600578a95) (Version: 1.3.13.0 – Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32…55fdbad7-83d5-40e8-83cb-a53fbd378e01) (Version: 21.30.2 – Intel Corporation)

Intel® Software Installer (HKLM-x32…e2b4037f-6ffc-4200-8b24-fdc8512f0dc9) (Version: 21.50.1.1 – Intel Corporation) Hidden

IrfanView 4.53 (32-bit) (HKLM-x32…IrfanView) (Version: 4.53 – Irfan Skiljan)

Lenovo Active Protection System (HKLM…46A84694-59EC-48F0-964C-7E76E9F8A2ED) (Version: 1.82.00.20 – Lenovo) Hidden

Lenovo Dynamic Power Reduction Utility (HKLM-x32…AE8B5056-56D3-4F92-B31B-BCE3430678EA) (Version: 1.0.0.26 – Lenovo)

Lenovo Power Management Driver (HKLM…Power Management Driver) (Version: 1.67.12.19 – Lenovo) Hidden

Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.1.76.0 – Lenovo Group Ltd.)

Malwarebytes version 4.0.4.49 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.0.4.49 – Malwarebytes)

Meshmixer (HKLM…Meshmixer_x64) (Version: 3.5 – Autodesk, Inc.)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32…56E962F0-4FB0-3C67-88DB-9EAA6EEFC493) (Version: 4.5.50710 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32…D3517C62-68A5-37CF-92F7-93C029A89681) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32…6A0C6700-EA93-372C-8871-DCCF13D160A4) (Version: 4.5.50932 – Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32…19A5926D-66E1-46FC-854D-163AA10A52D3) (Version: 4.5.51641 – Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32…290FC320-2F5A-329E-8840-C4193BD7A9EE) (Version: 4.5.51209 – Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32…19E8AE59-4D4A-3534-B567-6CC08FA4102E) (Version: 4.5.51651 – Microsoft Corporation)

Microsoft .NET Framework 4.6 SDK (HKLM-x32…B5915D37-0637-4A26-A3AA-C5DC9F856370) (Version: 4.6.00081 – Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32…34547E9-D8FA-49E7-8B9C-4C9861FB9146) (Version: 4.6.00127 – Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32…2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65) (Version: 4.6.00081 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32…2F0ECC80-B9E4-4485-8083-CD32F22ABD92) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32…8EEB28EE-5141-411C-9CF0-9952264FE4AF) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32…8BC3EEC9-090F-4C53-A8DA-1BEC913040F9) (Version: 4.6.01055 – Microsoft Corporation)

Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM…c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738) (Version: 1.0.10609.0 – Microsoft Corporation)

Microsoft Help Viewer 2.2 (HKLM-x32…Microsoft Help Viewer 2.2) (Version: 2.2.25420 – Microsoft Corporation)

Microsoft Office Professional 2013 – en-us (HKLM…ProfessionalRetail – en-us) (Version: 15.0.5207.1000 – Microsoft Corporation)

Microsoft Office Professional Plus 2013 – en-us (HKLM…ProPlusRetail – en-us) (Version: 15.0.5207.1000 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-625891914-868822999-3065747768-1001…OneDriveSetup.exe) (Version: 19.222.1110.0006 – Microsoft Corporation)

Microsoft Silverlight (HKLM…89F4137D-6C26-4A84-BDB8-2E5A4BB71E00) (Version: 5.1.50918.0 – Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32…F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8) (Version: 3.1.0000 – Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM…9D573E71-1077-4C7E-B4DB-4E22A5D2B48B) (Version: 11.0.2100.60 – Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM…49D665A2-4C2A-476E-9AB8-FCC425F526FC) (Version: 11.0.2100.60 – Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (HKLM-x32…2774595F-BC2A-4B12-A25B-0C37A37049B0) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (x64) (HKLM…1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM…20CDFE0-C127-4047-B571-37C82396B662) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32…47D08E7A-92A1-489B-B0BF-415516497BCE) (Version: 12.0.2000.8 – Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB  (HKLM…E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (HKLM-x32…F1C8E2F-199A-4946-B3BF-0906DACFD032) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (x64) (HKLM…20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32…8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD) (Version: 13.0.14500.10 – Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM…D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM…78909610-D229-459C-A936-25D92283D3FD) (Version: 4.0.8876.1 – Microsoft Corporation)

Microsoft SQL Server Data Tools – enu (14.0.60519.0) (HKLM-x32…4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F) (Version: 14.0.60519.0 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM…68BA34E8-9B9D-4A74-83F0-7D366B532D75) (Version: 12.0.2402.11 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM…FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80) (Version: 12.0.2402.29 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32…91CE6AA-2753-4F6E-AD1C-0E875744EB54) (Version: 12.0.2402.29 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32…718FFB65-F6E4-4D62-861F-ED10ED32C936) (Version: 12.0.2402.11 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM…96EB5054-C775-4BEF-B7B9-AA96A295EDCD) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM-x32…84C23ECA-FE4D-494F-9247-3EBAD57E7F0C) (Version: 13.0.1601.5 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.60610 (HKLM-x32…95716cce-fc71-413f-8ad5-56c2892d4b3a) (Version: 11.0.60610.1 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 (HKLM-x32…7f51bdb9-ee21-49ee-94d6-90afc321780e) (Version: 12.0.21005.1 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…ce085a78-074e-4823-8dc1-8a721b94b76d) (Version: 12.0.21005.1 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…f65db027-aff3-4070-886a-0d87064aabb1) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.22.27821 (HKLM-x32…5bfc1380-fd35-4b85-9715-7351535d077e) (Version: 14.22.27821.0 – Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) – 14.11.25325 (HKLM-x32…6c6356fe-cbfa-4944-9bed-a9e99f45cb7a) (Version: 14.11.25325.0 – Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM…Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 – Microsoft Corporation)

Microsoft Visual Studio Professional 2015 (HKLM-x32…90ac7cb6-f7f2-49d1-aa5d-d159d8e86e19) (Version: 14.0.23107.178 – Microsoft Corporation)

Microsoft Web Deploy 3.6 (HKLM…94E1227C-08A9-4962-B388-1F05D89AEA75) (Version: 3.1238.1962 – Microsoft Corporation)

Movie Maker (HKLM-x32…38F03569-A636-4CF3-BDDE-032C8C251304) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

Movie Maker (HKLM-x32…DD67BE4B-7E62-4215-AFA3-F123A800A389) (Version: 16.4.3528.0331 – Microsoft Corporation) Hidden

MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32…128C1654-3B9E-4959-8BFB-CE6F09C0A01D) (Version: 14.0.25420 – Microsoft Corporation) Hidden

Multi-Device Hybrid Apps using C# – Templates – ENU (HKLM-x32…12D99739-FFD3-3761-8AA6-F929E0FE407E) (Version: 14.0.23107 – Microsoft Corporation) Hidden

Node.js (HKLM…F69C1A4C-0402-462C-B95D-6BEAED881FA1) (Version: 8.11.1 – Node.js Foundation)

Node.js Tools 1.1.1 for Visual Studio 2015 (HKLM-x32…E6CCE31C-DAEE-41F7-8C26-553C70A637FD) (Version: 1.1.40329.04 – Microsoft Corporation)

NordVPN (HKLM-x32…01BBDAA-7E33-4D56-BD5E-E149FC038555) (Version: 6.26.14 – NordVPN) Hidden

NordVPN (HKLM-x32…NordVPN 6.26.14) (Version: 6.26.14 – NordVPN)

NordVPN network TAP (HKLM-x32…97DEC5D6-2BE9-45BB-BFC5-274B851B486B) (Version: 1.0.1 – NordVPN)

Office 15 Click-to-Run Extensibility Component (HKLM-x32…90150000-008C-0000-0000-0000000FF1CE) (Version: 15.0.5207.1000 – Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (HKLM…90150000-008F-0000-1000-0000000FF1CE) (Version: 15.0.5207.1000 – Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (HKLM-x32…90150000-008C-0409-0000-0000000FF1CE) (Version: 15.0.5207.1000 – Microsoft Corporation) Hidden

OpenSCAD (remove only) (HKLM…OpenSCAD) (Version: 2019.05 – The OpenSCAD Developers)

PreEmptive Analytics Visual Studio Components (HKLM-x32…436A18DD-5F2C-4B3C-985E-AD3C13B0CC25) (Version: 1.2.5134.1 – PreEmptive Solutions) Hidden

Prerequisites for SSDT  (HKLM-x32…21373064-AD95-48DB-A32E-0D9E08EF7355) (Version: 12.0.2000.8 – Microsoft Corporation)

Prerequisites for SSDT  (HKLM-x32…B7E94916-7AE6-4F7F-A377-7A410A42BA19) (Version: 13.0.1601.5 – Microsoft Corporation)

Prusa3D version 2.2.8 (HKLM…Prusa3D_is1) (Version: 2.2.8 – Prusa Research s.r.o.)

PrusaSlicer version 2.1.1 (HKLM…PrusaSlicer_is1) (Version: 2.1.1 – Prusa Research s.r.o.)

Realtek Card Reader (HKLM-x32…5BC2B5AB-80DE-4E83-B8CF-426902051D0A) (Version: 10.0.17763.21311 – Realtek Semiconductor Corp.)

Retrospect Express HD 2.0 (HKLM-x32…5D652EC3-8AC0-41E7-B337-162BC7B01148) (Version: 2.00.812 – EMC) Hidden

Roslyn Language Services – x86 (HKLM-x32…6970C7E1-F99D-388D-8903-DF8FCE677FED) (Version: 14.0.25431 – Microsoft Corporation) Hidden

Roslyn Language Services – x86 (HKLM-x32…6C1985E7-E1C5-3A95-86EF-2C62465F15C3) (Version: 14.0.23107 – Microsoft Corporation) Hidden

Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32…7A95671A-759E-3B83-B763-4289D1D24D73) (Version: 14.102.25619 – Microsoft) Hidden

Test Tools for Microsoft Visual Studio 2015 (HKLM-x32…9EABBFE1-7EED-47D9-8FB8-21D7E4808057) (Version: 14.0.23107 – Microsoft Corporation) Hidden

Thunderbolt™ Software (HKLM-x32…FBAB4EAA-497D-4B48-8484-D96CAE92C71A) (Version: 17.4.78.500 – Intel Corporation)

TypeScript Power Tool (HKLM-x32…465ACA24-B8D6-4FEC-A42D-9EFCB92CD560) (Version: 1.8.34.0 – Microsoft Corporation) Hidden

TypeScript Power Tool (HKLM-x32…9E108DE1-997F-461F-9355-7EBAC6B7069A) (Version: 2.2.1.0 – Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32…304EA165-851D-4498-98FB-F4C907702569) (Version: 2.2.1.0 – Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2015 2.2.1.0 (HKLM-x32…dfa45815-94e0-4826-ad2f-c2b3fceaee35) (Version: 2.2.1.0 – Microsoft Corporation)

Update for  (KB2504637) (HKLM-x32…CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE.KB2504637) (Version: 1 – Microsoft Corporation)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM…16AD6161-2E47-4BF1-AA77-0946EFE93E08) (Version: 2.61.0.0 – Microsoft Corporation)

UpdateAssistant (HKLM-x32…7C070E60-8769-4763-BBD8-7537A28A60D4) (Version: 1.10.0.0 – Microsoft Corporation) Hidden

Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32…7a68448b-9cf2-4049-bd73-5875f1aa7ba2) (Version: 14.0.25420 – Microsoft Corporation)

VLC media player (HKLM…VLC media player) (Version: 3.0.8 – VideoLAN)

VS Update core components (HKLM-x32…B2918D01-1D89-34D3-87EF-A28121BC6EB7) (Version: 14.0.25431 – Microsoft Corporation) Hidden

vs_update3notification (HKLM-x32…AB3DF932-C990-34D4-BF43-970F760DA3CD) (Version: 14.0.25431 – Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM…VulkanRT1.0.65.1) (Version: 1.0.65.1 – LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden

WCF Data Services 5.6.4 Runtime (HKLM-x32…DB85E7BD-B2DD-43D4-B3C0-23D7B527B597) (Version: 5.6.62175.4 – Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32…A3B508E-5638-4471-BCC9-954E1868CB86) (Version: 5.6.62175.4 – Microsoft Corporation) Hidden

Windows 10 Update Assistant (HKLM-x32…D5C69738-B486-402E-85AC-2456D98A64E4) (Version: 1.4.9200.22589 – Microsoft Corporation)

Windows Driver Package – Prusa Research s.r.o. Original Prusa CW1 (02/13/2013 1.0.0.0) (HKLM…B10CCB939D59F72AA817B257D84328FC4A1DC752) (Version: 02/13/2013 1.0.0.0 – Prusa Research s.r.o.)

Windows Driver Package – Prusa Research s.r.o. Original Prusa i3 MK2 (02/13/2013 1.0.0.0) (HKLM…E6CFEF5357DD0E2F987E98779FD6603959DA391B) (Version: 02/13/2013 1.0.0.0 – Prusa Research s.r.o.)

Windows Driver Package – Prusa Research s.r.o. Original Prusa i3 MK3 Multi Material 2.0 upgrade (02/13/2013 1.0.0.0) (HKLM…FA562E43945E7D9CAC76A811E49088FF2255A11A) (Version: 02/13/2013 1.0.0.0 – Prusa Research s.r.o.)

Windows Driver Package – Prusa Research s.r.o. Prusa i3 Plus MK3 3D printer (02/13/2013 1.0.0.0) (HKLM…890B56493F7CACBCA0E70EA8EBFD9A18BC780C34) (Version: 02/13/2013 1.0.0.0 – Prusa Research s.r.o.)

Windows Driver Package – UltiMachine 3D Printer (RAMBo) (02/13/2013 1.0.0.0) (HKLM…D77EC126405DC217C7BF7DA6669B51E297D5CF23) (Version: 02/13/2013 1.0.0.0 – UltiMachine)

Windows Live Essentials (HKLM-x32…WinLiveSuite) (Version: 16.4.3528.0331 – Microsoft Corporation)

Packages:

=========

Arduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.21.0_x86__mdqgnx93n4wtt [2019-06-10] (Arduino LLC)

Autodesk SketchBook -> C:Program FilesWindowsApps89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)

Bubble Witch 3 Saga -> C:Program FilesWindowsAppsking.com.BubbleWitch3Saga_6.4.7.0_x86__kgqvnymyfvs32 [2020-01-09] (king.com)

Candy Crush Soda Saga -> C:Program FilesWindowsAppsking.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-18] (king.com)

Disney Magic Kingdoms -> C:Program FilesWindowsAppsA278AB0D.DisneyMagicKingdoms_4.6.0.10_x86__h6adky7gbf63m [2019-12-18] (Gameloft.)

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)

LastPass for Windows Desktop -> C:Program FilesWindowsAppsLastPass.LastPass_4.2.0.0_x64__qq0fmhteeht3j [2019-11-22] (LastPass)

LastPass: Free Password Manager -> C:Program FilesWindowsAppsLastPass.LastPassFreePasswordManager_4.40.1.0_neutral__qq0fmhteeht3j [2020-01-17] (LastPass)

Lenovo Settings -> C:Program FilesWindowsAppsLenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2018-01-26] (LENOVO INCORPORATED.)

Lenovo Vantage -> C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.1910.41.0_x64__k1h2ywk1493x8 [2020-01-01] (LENOVO INC.)

March of Empires: War of Lords -> C:Program FilesWindowsAppsA278AB0D.MarchofEmpires_4.5.2.1_x86__h6adky7gbf63m [2020-01-17] (Gameloft.)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-11-29] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]

Microsoft News -> C:Program FilesWindowsAppsMicrosoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Studios) [MS Ad]

Microsoft To Do -> C:Program FilesWindowsAppsMicrosoft.Todos_2.8.372.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation)

Minecraft for Windows 10 -> C:Program FilesWindowsAppsMicrosoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Studios)

MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]

OpenJSCAD -> C:Program FilesWindowsApps49752MichaelS.Scherotter.OpenJSCAD_1.1.6.0_neutral__9eg5g21zq32qm [2019-08-07] (Michael S. Scherotter)

Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0 [2019-12-18] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-625891914-868822999-3065747768-1001_ClassesCLSID233525e0-5434-46ef-b464-fd7e45e2e145localserver32 -> C:Program Files (x86)IntelDriver and Support AssistantDSATray.exe (IDSA Production signing key -> Intel)

CustomCLSID: HKUS-1-5-21-625891914-868822999-3065747768-1001_ClassesCLSIDC4F0910E-E0B4-4E68-8086-452730C7A26AInprocServer32 -> C:UsersgsgamAppDataLocalAutodeskwebdeployproduction27887f06acbb684cb4cacf2fdbd563eef8f1b732NPreview10.dll (Autodesk, Inc. -> )

ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> 3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4 =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> 9B5F5829-A529-4B12-814A-E81BCB8D93FC => C:WINDOWSSystem32DriverStoreFileRepositoryki132701.inf_amd64_f25b376c781866edigfxDTCM.dll [2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-01-12 23:23 – 2020-01-12 23:23 – 000366592 _____ ( ) [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Interop.CxHef9fb4ae#ef7ad8593be38f26ab2621b839f5ba08Interop.CxHDAudioAPILib.ni.dll

2020-01-12 23:23 – 2020-01-12 23:23 – 000018944 _____ ( ) [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Interop.CxUtilSvcLib1c634e9625c1e254fd02d69e7c2f4708Interop.CxUtilSvcLib.ni.dll

2019-10-15 20:32 – 2019-10-15 20:32 – 000262656 _____ () [File not signed] C:Program Files (x86)NordVPNx86Liberation.Native.Firewall.dll

2014-04-22 08:43 – 2014-04-22 08:43 – 000154464 _____ () [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APIAMD64sqlceer40EN.DLL

2014-04-22 08:43 – 2014-04-22 08:43 – 000080736 _____ () [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APIAMD64sqlceme40.dll

2014-04-22 08:43 – 2014-04-22 08:43 – 000908128 _____ () [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APIAMD64sqlceqp40.dll

2014-04-22 08:43 – 2014-04-22 08:43 – 000543072 _____ () [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APIAMD64sqlcese40.dll

2007-10-25 15:31 – 2007-10-25 15:31 – 000700416 _____ (EMC Corporation) [File not signed] C:Program Files (x86)Intel Entry Storage Systemretrospectbdrock20.dll

2007-10-25 15:31 – 2007-10-25 15:31 – 000188416 _____ (EMC Corporation) [File not signed] C:Program Files (x86)Intel Entry Storage Systemretrospectbdrockui.dll

2007-10-25 15:31 – 2007-10-25 15:31 – 000348160 _____ (Microsoft Corporation) [File not signed] C:Program Files (x86)Intel Entry Storage SystemretrospectMSVCR71.dll

2019-05-15 19:01 – 2019-05-15 19:01 – 001635840 _____ (Robert Simpson, et al.) [File not signed] C:Program FilesIntelSURQUEENCREEKx64SQLite.Interop.dll

2019-11-27 22:07 – 2019-10-27 05:36 – 001261568 _____ (Robert Simpson, et al.) [File not signed] C:ProgramDataLenovoiMControllerPluginsGenericMessagingPluginx86x86SQLite.Interop.dll

2019-05-15 19:01 – 2019-05-15 19:01 – 001878528 _____ (SQLite Development Team) [File not signed] C:Program FilesIntelSURQUEENCREEKsqlite3.DLL

2019-05-15 19:01 – 2019-05-15 19:01 – 001878528 _____ (SQLite Development Team) [File not signed] C:Program FilesIntelSURQUEENCREEKx64sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 03:47 – 2016-07-16 03:45 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-19-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-01162020215637316Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg

HKUS-1-5-20-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-01162020215637333Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg

HKUS-1-5-21-625891914-868822999-3065747768-1001Control PanelDesktop\Wallpaper -> C:UsersgsgamAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

DNS Servers: 192.168.1.1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [C4B0FD86-D7F9-4524-A940-0F3D3499A838] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [8697D714-54A5-40EE-9262-1CFB68376288] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query UserF6AF0AA3-591B-4F7F-A2A8-005F241BE8EDC:program filesnodejsnode.exe] => (Allow) C:program filesnodejsnode.exe (Node.js Foundation -> Node.js)

FirewallRules: [TCP Query UserB4124544-2EC0-4B1C-A948-C630EF8552A6C:program filesnodejsnode.exe] => (Allow) C:program filesnodejsnode.exe (Node.js Foundation -> Node.js)

FirewallRules: [01BE71A5-37C2-4EB5-9ACD-C604E7660139] => (Allow) C:Program Files (x86)Microsoft Visual Studio 14.0Common7IDEdevenv.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [BD62AF0E-4A94-4B54-AB87-9EA49B51490F] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [0A2C6B97-9CBC-40EB-94B0-5764A325AA17] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [931FFF5D-A08F-4DCF-9D09-7858A82591EB] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [80E7E94C-DFB6-4FF0-963E-90F60A15C90D] => (Allow) C:Program Files (x86)Windows LiveContactswlcomm.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [FCDE31FE-6AEE-4CDC-AE01-6610583F4DD7] => (Allow) LPort=2869

FirewallRules: [4E3EEC47-E0A5-4785-8227-0CC7F5280521] => (Allow) LPort=1900

FirewallRules: [TCP Query User4EF12A83-057E-4E1E-BB7E-8EBECBF43CC6C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe] => (Allow) C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe (Hidden Reflex Authors) [File not signed]

FirewallRules: [UDP Query User693F5CF7-05C3-4BA5-8997-507363AF51D2C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe] => (Allow) C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe (Hidden Reflex Authors) [File not signed]

FirewallRules: [TCP Query User7FC8A611-8173-45A8-B3BF-57C1576FF77EC:usersgsgamappdatalocalepic privacy browserapplicationepic.exe] => (Allow) C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe (Hidden Reflex Authors) [File not signed]

FirewallRules: [UDP Query User31254145-2DA8-4EAC-8A0B-7F8E45DE125BC:usersgsgamappdatalocalepic privacy browserapplicationepic.exe] => (Allow) C:usersgsgamappdatalocalepic privacy browserapplicationepic.exe (Hidden Reflex Authors) [File not signed]

FirewallRules: [1E619FC5-5DB8-4802-9DF6-58E87932387C] => (Allow) C:Program FilesHPHP Deskjet 3520 seriesBinDeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)

FirewallRules: [893F2B60-335D-48D5-B261-0F483B8BFC68] => (Allow) C:Program FilesHPHP Deskjet 3520 seriesBinHPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)

FirewallRules: [B22AE5AC-D15A-4872-BFB2-B49BC25139B7] => (Allow) C:Program FilesHPHP Deskjet 3520 seriesBinHPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)

FirewallRules: [673B2000-0C41-40E0-8D03-0C4E836C82F3] => (Allow) C:UsersgsgamAppDataLocalTemp7zS3107HPDiagnosticCoreUI.exe No File

FirewallRules: [130333E1-5AEA-4592-B8B8-54E1F0D46221] => (Allow) C:UsersgsgamAppDataLocalTemp7zS3107HPDiagnosticCoreUI.exe No File

FirewallRules: [8BC50C8A-E757-4A34-9248-DD7C097B016C] => (Allow) C:UsersgsgamAppDataLocalTemp7zS3505HPDiagnosticCoreUI.exe No File

FirewallRules: [27EEA5ED-2623-45B8-B091-D9285383F47B] => (Allow) C:UsersgsgamAppDataLocalTemp7zS3505HPDiagnosticCoreUI.exe No File

FirewallRules: [6BBE0BA8-5B0E-45CC-9FDD-24FF22F370A3] => (Allow) C:UsersgsgamAppDataLocalTemp7zS6BA5HPDiagnosticCoreUI.exe No File

FirewallRules: [F8F13632-5AB5-41F9-A6F9-72FFDD017635] => (Allow) C:UsersgsgamAppDataLocalTemp7zS6BA5HPDiagnosticCoreUI.exe No File

FirewallRules: [0AC5E5A6-37B9-444F-BDDC-C1FAF11503BC] => (Allow) C:UsersgsgamAppDataLocalTemp7zS7301HPDiagnosticCoreUI.exe No File

FirewallRules: [380B27F2-0752-49AC-A876-4F3873C316CB] => (Allow) C:UsersgsgamAppDataLocalTemp7zS7301HPDiagnosticCoreUI.exe No File

FirewallRules: [TCP Query User50CBEB86-C0B3-43C7-9781-6F69618A1F47C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe

FirewallRules: [UDP Query User654CB144-CBDC-466D-9E0A-13ED8ACBBB19C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe

FirewallRules: [TCP Query User1FC067F9-A733-4F37-8733-81069FEA21D4C:program files (x86)arduinojavabinjavaw.exe] => (Allow) C:program files (x86)arduinojavabinjavaw.exe

FirewallRules: [UDP Query User28BF2B13-9D6A-4F6C-B785-572BE52E1163C:program files (x86)arduinojavabinjavaw.exe] => (Allow) C:program files (x86)arduinojavabinjavaw.exe

FirewallRules: [474EBFE1-F5E0-4F17-8C37-7851CD55BF29] => (Block) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [71258650-D15D-4E6E-82EB-26CC39900FE9] => (Block) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [67CC81B9-61E8-4D02-9EC8-6D5443CAA8BC] => (Allow) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [B9FFFBE5-31B5-4C66-87EC-8F502592A4E0] => (Allow) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [B4FF5697-5E6E-47A7-9441-23E5C8752204] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [6E55A88D-001E-4694-82BF-CB4D2168B4D3] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [9752CC01-22FD-4A50-B1A3-C8FB9801D412] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [0FFF1A2A-76FF-4568-A77A-7910EB623F01] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [8DD3E29D-C974-4F36-B41F-62CBBE5AB878] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [1443C3A2-CA9D-4F90-BE23-502AB0CD81C9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [67AED941-F972-4D7B-94C2-3216D9106444] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [230FEEFC-6144-4B57-9527-FA9C60FF0BF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [A3DC04E9-5741-4517-B46C-455476DC2C2F] => (Allow) C:Program Files (x86)Intel Entry Storage SystemretrospectRetrospect.exe (EMC Corporation) [File not signed]

FirewallRules: [098C99E4-A510-4955-A7B2-7AEAB2E6FA38] => (Allow) C:Program Files (x86)Intel Entry Storage SystemretrospectRetrospect.exe (EMC Corporation) [File not signed]

FirewallRules: [46E4ADDB-F836-467F-B46C-DBCF1723BAB9] => (Allow) C:Program Files (x86)Intel Entry Storage Systemretrospectretrorun.exe (EMC Corporation) [File not signed]

FirewallRules: [4CAE14A0-8F66-4678-8424-CA941D94C53C] => (Allow) C:Program Files (x86)Intel Entry Storage Systemretrospectretrorun.exe (EMC Corporation) [File not signed]

FirewallRules: [TCP Query User5943B43A-C4F8-4110-B435-E381F4CFA252C:program files (x86)intel entry storage systemsohoclient.exe] => (Allow) C:program files (x86)intel entry storage systemsohoclient.exe (EMC Corporation -> EMC)

FirewallRules: [UDP Query User4D8AC36F-D08A-452B-BF56-411CAE900159C:program files (x86)intel entry storage systemsohoclient.exe] => (Allow) C:program files (x86)intel entry storage systemsohoclient.exe (EMC Corporation -> EMC)

FirewallRules: [TCP Query User2233D0CA-D4EB-42FF-93C5-5EFC25FF1061C:program files (x86)intel entry storage systemsohoclient.exe] => (Allow) C:program files (x86)intel entry storage systemsohoclient.exe (EMC Corporation -> EMC)

FirewallRules: [UDP Query UserF47809F9-ABEE-4754-BD2F-F9B4FE1777A0C:program files (x86)intel entry storage systemsohoclient.exe] => (Allow) C:program files (x86)intel entry storage systemsohoclient.exe (EMC Corporation -> EMC)

FirewallRules: [AB2BAA5C-360D-4D0B-981F-FD449F6CC372] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-01-2020 23:36:22 Scheduled Checkpoint

17-01-2020 21:24:56 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (01/24/2020 11:57:16 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (12636,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/24/2020 11:49:04 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (5700,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/24/2020 11:42:20 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (12536,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/24/2020 02:09:23 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (18864,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/24/2020 02:00:57 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (14216,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/23/2020 10:05:19 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (11896,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/23/2020 08:24:22 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (15760,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (01/22/2020 11:02:56 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (2504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

System errors:

=============

Error: (01/16/2020 09:56:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The DAX2API service terminated with the following error:

The class is configured to run as a security id different from the caller

Error: (01/16/2020 09:56:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Defender Antivirus Service service terminated with the following error:

%%2147943515 = A system shutdown is in progress.

Error: (01/16/2020 09:56:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Energy Server Service queencreek service did not shut down properly after receiving a preshutdown control.

Error: (01/15/2020 10:03:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The DAX2API service terminated with the following error:

The class is configured to run as a security id different from the caller

Error: (01/15/2020 10:03:19 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Energy Server Service queencreek service did not shut down properly after receiving a preshutdown control.

Error: (01/15/2020 10:03:00 PM) (Source: DCOM) (EventID: 10010) (User: LITTLEDOG)

Description: The server AB8902B4-09CA-4BB6-B78D-A8F59079A8D5 did not register with DCOM within the required timeout.

Error: (01/15/2020 10:03:00 PM) (Source: DCOM) (EventID: 10010) (User: LITTLEDOG)

Description: The server AB8902B4-09CA-4BB6-B78D-A8F59079A8D5 did not register with DCOM within the required timeout.

Error: (01/15/2020 10:03:00 PM) (Source: DCOM) (EventID: 10010) (User: LITTLEDOG)

Description: The server AB8902B4-09CA-4BB6-B78D-A8F59079A8D5 did not register with DCOM within the required timeout.

Windows Defender:

===================================

Date: 2019-12-03 00:08:11.962

La description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: 47BA07B0-196B-464A-A8A0-BEF0A1EE25E1

Scan Type: Antimalware

Scan Parameters: Quick Scan

CodeIntegrity:

===================================

Date: 2020-01-24 23:59:46.345

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:59:43.869

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:58:02.577

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:58:02.462

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:58:00.498

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:57:39.688

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:57:38.506

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-24 23:57:38.418

La description:

Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO N1MET59W (1.44 ) 11/25/2019

Motherboard: LENOVO 20HRCTO1WW

Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz

Percentage of memory in use: 42%

Total physical RAM: 16239.7 MB

Available physical RAM: 9390.47 MB

Total Virtual: 18671.7 MB

Available Virtual: 11547.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:377.55 GB) NTFS

\?Volumef3dc24ad-bc67-43a4-b171-b66176854234 (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.46 GB) NTFS

\?Volume84a135e6-85af-441b-b710-648e1974cf87 (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 35B4017D)

Partition: GPT.

==================== End of Addition.txt =======================

Click to rate this post!
[Total: 0 Average: 0]

Commentaires

Laisser un commentaire

Votre commentaire sera révisé par les administrateurs si besoin.