Fell for phone tech support scan – malware possible – Resoudre les problemes d’un serveur MineCraft
Un ami est tombé pour une arnaque téléphonique hier et leur a permis d'accéder à distance à son ordinateur et leur a donné 500 $. Vous voulez vérifier que rien ne se cache en arrière-plan.
Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020
Ran par phyli (administrateur) sur DESKTOP-GIRJ15B (HP 750-114) (12-05-2020 20:54:26)
Exécution à partir de C: Users phyli Downloads
Profils chargés: phyli
Plateforme: Windows 10 Home Version 1903 18362.778 (X64) Langue: anglais (États-Unis)
Navigateur par défaut: Chrome
Mode de démarrage: Normal
==================== Processus (liste blanche) =================
(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)
(Apple Inc. -> Apple Inc.) C: Program Files Bonjour mDNSResponder.exe
(CyberLink Corp. ->) C: Program Files CyberLink Shared files RichVideo64.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe <18>
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.452 GoogleCrashHandler.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.35.452 GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C: Program Files (x86) Hewlett-Packard Shared hpqwmiex.exe
(HP Inc -> HP Inc.) C: Program Files HP HP Officejet série 5740 Bin HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C: Program Files HP HP Officejet série 5740 Bin ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C: Program Files (x86) Hewlett-Packard HP Support Solutions HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C: Program Files HP HP Touchpoint Analytics Client TouchpointAnalyticsClientService.exe
(Intel CASE -> Intel Corporation) C: Program Files Intel Intel® Ready Mode Technology IRMTService.exe
(Intel Corporation – Groupe des sous-systèmes intégrés et blocs IP -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe
(Intel Corporation – Groupe des sous-systèmes intégrés et blocs IP -> Intel Corporation) C: Program Files (x86) Intel Intel® Management Engine Components LMS LMS.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Fichiers communs Intel WirelessCommon RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe
(Société intel) [File not signed] C: Program Files (x86) Intel Intel® Security Assist isa.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki131064.inf_amd64_5d13f27a9a9843fa igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki131064.inf_amd64_5d13f27a9a9843fa igfxEM.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki131064.inf_amd64_5d13f27a9a9843fa IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C: Windows System32 DriverStore FileRepository ki131064.inf_amd64_5d13f27a9a9843fa IntelCpHeciSvc.exe
(Solutions de connectivité sans fil Intel® -> Intel Corporation) C: Windows System32 ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C: Windows Microsoft.NET Framework64 v3.0 WPF PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12005.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 wlanext.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C: Program Files Realtek Audio HDA RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C: Program Files Realtek Audio HDA RtkAudioService64.exe
(Symantec Corporation -> Symantec Corporation) C: Program Files Norton Security Engine 22.20.2.57 NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C: Program Files Norton Security Engine 22.20.2.57 nsWscSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Program Files (x86) TeamViewer TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Program Files (x86) TeamViewer TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Program Files (x86) TeamViewer TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Program Files (x86) TeamViewer tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Program Files (x86) TeamViewer tv_x64.exe
==================== Registre (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM … Run: [RTHDVCPL] => C: Program Files Realtek Audio HDA RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32 … Exécuter: [PowerDVD14Agent] => C: Program Files (x86) CyberLink PowerDVD14 PowerDVD14Agent.exe [795336 2015-10-01] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32 … Exécuter: [HostManager] => C: Program Files (x86) Common Files AOL 1474834258 ee AOLSoftware.exe [41800 2010-03-08] (AOL Inc. -> AOL Inc.)
HKU S-1-5-21-999762305-681959455-3457413626-1001 … Run: [CCleaner Monitoring] => C: Program Files CCleaner CCleaner64.exe [19645800 2019-03-03] (Piriform Software Ltd -> Piriform Software Ltd)
HKU S-1-5-21-999762305-681959455-3457413626-1001 … Run: [HP Officejet 5740 series (NET)] => C: Program Files HP HP Officejet série 5740 Bin ScanToPCActivationApp.exe [3769248 2019-03-19] (HP Inc -> HP Inc.)
HKU S-1-5-21-999762305-681959455-3457413626-1001 … MountPoints2: 31631547-282d-11ea-9d24-08d40c8c8d7b – "H: autorun.exe"
HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 81.0.4044.138 Installer chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
Démarrage: C: Users phyli AppData Roaming Microsoft Windows Start Menu Programs Startup AOL Desktop Launcher.lnk [2020-05-11]
ShortcutTarget: AOL Desktop Launcher.lnk -> C: Users phyli AppData Local AOLDesktop AolTrayApp.exe (AOL, Inc -> AOL Inc.)
==================== Tâches planifiées (liste blanche) ============
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
Tâche: 0338B702-2581-4FA4-91AE-848E0471747D – System32 Tasks Hewlett-Packard HP Active Health HP Active Health Scan (HPSA) => C: Program Files (x86) Hewlett-Packard HP Support Framework Resources HPActiveHealth ActiveHealth.exe [25128 2017-11-20] (HP Inc. ->)
Tâche: 0BC2EE53-122D-4F08-B931-2D8EBC0B87C0 – System32 Tasks Norton 360 Norton 360 Autofix => C: Program Files Norton Security Engine 22.20.2.57 SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Tâche: 19444715-C7A7-4B9E-ADC9-E9EAA4A336FB – System32 Tasks Microsoft Windows RemovalTools MRT_ERROR_HB => C: WINDOWS system32 MRT.exe [121542864 2020-03-11] (Microsoft Windows -> Microsoft Corporation) [File not signed]
Tâche: 1A92604C-9785-4B3F-BABF-B9344300A525 – System32 Tasks Hewlett-Packard HP Support Assistant WarrantyChecker_DeviceScan => C: Program Files (x86) Hewlett-Packard HP Support Framework Resources HPWarrantyCheck HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Tâche: 23805DAC-C2B3-4B17-8267-1B13BCF64F3F – System32 Tasks HPCustParticipation HP Officejet série 5740 => C: Program Files HP HP Officejet série 5740 Bin HPCustPartic.exe [6437792 2019-03-19] (HP Inc -> HP Inc.)
Tâche: 26862040-7E37-4842-8060-616A847935D7 – Microsoft Windows UNP RunCampaignManager -> Aucun fichier <==== ATTENTION
Tâche: 2892222B-8961-44EA-A488-4EAF68E62FF6 - System32 Tasks Hewlett-Packard HP Support Assistant PC Health Analysis => C: Program Files (x86) Hewlett-Packard HP Support Framework HPSF. EXE [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Tâche: 30798301-D556-4A67-A303-E078BAEEA94D – System32 Tasks HPCeeScheduleForphyli => C: Program Files (x86) Hewlett-Packard HP Ceement HPCEE.exe [96568 2015-06-16] (Société Hewlett-Packard -> Hewlett-Packard)
Tâche: 3BF5FEFF-B156-442E-83A7-88538B7E0701 – System32 Tasks CCleanerSkipUAC => C: Program Files CCleaner CCleaner.exe [14679256 2019-03-03] (Piriform Software Ltd -> Piriform Software Ltd)
Tâche: 466881AC-5DFD-4836-B0D9-F7634D65DB29 – System32 Tasks Intel Intel Telemetry 2 => C: Program Files Intel Telemetry 2.0 lrio.exe [1698000 2015-06-05] (Logiciel Intel® -> Intel Corporation)
Tâche: 4A88543E-19C3-49EC-A150-14140125BD0D – System32 Tasks CCleaner Update => C: Program Files CCleaner CCUpdate.exe [619416 2019-03-03] (Piriform Software Ltd -> Piriform Software Ltd)
Tâche: 5359FDCE-AFC2-4D1D-A5B9-56F1617BF591 – System32 Tasks DropboxUpdateTaskMachineCore => C: Program Files (x86) Dropbox Update DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Tâche: 5E7E7438-1246-4277-9A2F-C6411DB6349C – System32 Tasks Hewlett-Packard HP Support Assistant Product Configurator => C: Program Files (x86) Hewlett-Packard HP Support Framework Resources ProductConfig .EXE [320856 2020-04-23] (HP Inc. -> HP Inc.)
Tâche: 69EFEB71-23BC-4B1C-BE4F-7B71587FEDAB – System32 Tasks Norton 360 Norton 360 Error Processor => C: Program Files Norton Security Engine 22.20.2.57 SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Tâche: 6CD0BF4F-6054-4830-9806-972847917DB9 – System32 Tasks Hewlett-Packard HP Support Assistant HP Support Assistant Quick Start => C: Program Files (x86) Hewlett-Packard HP Support Framework HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Tâche: 72D22111-0F52-45AE-8C72-7B54E7179787 – System32 Tasks Hewlett-Packard HP Support Assistant HP Support Solutions Framework Updater => C: Program Files (x86) Hewlett-Packard HP Support Solutions Modules HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Tâche: 7DBD3255-B12E-48C1-99D9-7E999C324195 – System32 Tasks Hewlett-Packard HP Support Assistant Critical Update Pending => C: Program Files (x86) Hewlett-Packard HP Support Framework HPSF. EXE [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Tâche: 8613B10A-F593-4051-B6D3-C1174FAB8609 – System32 Tasks Hewlett-Packard HP Support Assistant WarrantyChecker_TH6254X0JD => C: Program Files (x86) Hewlett-Packard HP Support Framework Resources HPWarrantyCheck HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Tâche: 990D433C-DF44-4DE9-893D-0F707834FF54 – System32 Tasks Remediation AntimalwareMigrationTask => C: Program Files Common Files AV Norton 360 Upgrade.exe [2162704 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Tâche: 9A8CA25D-1EE2-4A1C-BC11-133EB4DE03F3 – System32 Tasks IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C: Program Files (x86) Intel Corporation Intel WiDi Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel® Software Asset Manager -> Intel Corporation)
Tâche: AEF5F555-14EA-4D89-BA5E-16BC63091F73 – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-12] (Google Inc -> Google Inc.)
Tâche: B3DBA422-AB32-4861-895F-EF36381A7F1D – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [153168 2018-01-12] (Google Inc -> Google Inc.)
Tâche: BFBE589E-4AF0-44AC-90B7-FA7DB538250A – System32 Tasks DropboxOEM => C: Program Files (x86) Dropbox DropboxOEM DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc ->)
Tâche: C0665B30-D9E6-421F-9B25-37FF210D048A – System32 Tasks IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C: Program Files (x86) Intel Corporation Intel WiDi Intel® Gestionnaire d'actifs logiciels bin IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel® Software Asset Manager -> Intel Corporation)
Tâche: C09D1165-9A84-48B3-88AA-EB9B83A7142E – System32 Tasks Hewlett-Packard HP Support Assistant HP Support Solutions Framework Report => C: Program Files (x86) Hewlett-Packard HP Support Solutions Modules HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)
Tâche: C0EC152F-0F52-4482-9B82-0859E05A899B – Analyseur d'erreur System32 Tasks Norton 360 Norton 360 => C: Program Files Norton Security Engine 22.20.2.57 SymErr.exe [117056 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Tâche: CA553F06-3C9D-4899-9117-B49C1C5FFF46 – System32 Tasks Hewlett-Packard HP Support Assistant WarrantyChecker => C: Program Files (x86) Hewlett-Packard HP Support Framework Resources HPWarrantyCheck HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Tâche: CEE140FD-BB4B-4A75-BEDF-5B0DC2E129AC – System32 Tasks Norton WSC Integration => C: Program Files Norton Security Engine 22.20.2.57 WSCStub.exe [645008 2020-03-20] (Symantec Corporation -> Symantec Corporation)
Tâche: DA0C5F76-E8A2-4899-B9E2-1DEA8509D76A – System32 Tasks IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C: Program Files (x86) Intel Intel® Update Manager bin iumsvc .EXE
Tâche: E3CADEF5-B4B0-44FC-8B66-A0A6738B95FC – System32 Tasks DropboxUpdateTaskMachineUA => C: Program Files (x86) Dropbox Update DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc -> Dropbox, Inc.)
(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Tâche: C: WINDOWS Tasks CreateExplorerShellUnelevatedTask.job => C: WINDOWS explorer.exe
Tâche: C: WINDOWS Tasks DropboxUpdateTaskMachineCore.job => C: Program Files (x86) Dropbox Update DropboxUpdate.exe
Tâche: C: WINDOWS Tasks DropboxUpdateTaskMachineUA.job => C: Program Files (x86) Dropbox Update DropboxUpdate.exe
Tâche: C: WINDOWS Tasks HPCeeScheduleForphyli.job => C: Program Files (x86) Hewlett-Packard HP Ceement HPCEE.exe
==================== Internet (liste blanche) ====================
(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)
Tcpip .. Interfaces 686E1526-5487-4579-9D5C-7D997F0C562C: [NameServer] 10.255.0.0
Tcpip .. Interfaces 93fb8a86-3933-4476-8281-93ec070b093c: [DhcpNameServer] 192.168.1.1
Tcpip .. Interfaces aa2d2754-dc20-488c-91bb-6e946e6395e0: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM SOFTWARE Policies Microsoft Internet Explorer: restriction <==== ATTENTION
HKLM Software Microsoft Internet Explorer Main, Page de démarrage = hxxp: //hp15-comm.msn.com/? Pc = HRTE
HKLM Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //hp15-comm.msn.com/? Pc = HRTE
HKU .DEFAULT Software Microsoft Internet Explorer Main, page de démarrage = hxxp: //hp15-comm.msn.com/? Pc = HRTE
HKU .DEFAULT Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //hp15-comm.msn.com/? Pc = HRTE
HKU S-1-5-21-999762305-681959455-3457413626-1001 Software Microsoft Internet Explorer Main, page de démarrage = hxxp: //hp15-comm.msn.com/? Pc = HRTE
HKU S-1-5-21-999762305-681959455-3457413626-1001 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //hp15-comm.msn.com/? Pc = HRTE
SearchScopes: HKLM -> 956A3832-1434-48B4-B7D0-393563D77BB0 URL = hxxp: //www.amazon.com/s/ref=azs_osd_iea? Ie = UTF-8 & tag = hp-us1-vsb-20 & link% 5Fcode = qs & index = aps & field-keywords = searchTerms
SearchScopes: HKLM-x32 -> 956A3832-1434-48B4-B7D0-393563D77BB0 URL = hxxp: //www.amazon.com/s/ref=azs_osd_iea? Ie = UTF-8 & tag = hp-us1-vsb-20 & link% 5Fcode = qs & index = aps & field-keywords = searchTerms
SearchScopes: HKU S-1-5-21-999762305-681959455-3457413626-1001 -> 956A3832-1434-48B4-B7D0-393563D77BB0 URL = hxxp: //www.amazon.com/s/ref=azs_osd_iea? ie = UTF-8 & tag = hp-us1-vsb-20 & link% 5Fcode = qs & index = aps & field-keywords = searchTerms
BHO: Norton Password Manager -> 602ADB0E-4AFF-4217-8AA1-95DAC4DFA408 -> C: Program Files Norton Security Engine 22.20.2.57 coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> 602ADB0E-4AFF-4217-8AA1-95DAC4DFA408 -> C: Program Files Norton Security Engine32 22.20.2.57 coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: extension Evernote -> 92EF2EAD-A7CE-4424-B0DB-499CF856608E -> C: Program Files (x86) Evernote Evernote EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> E76FD755-C1BA-4DCB-9F13-99BD91223ADE -> C: Program Files (x86) Hewlett-Packard HP Support Framework Resources HPNetworkCheck HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Barre d'outils: HKLM – Norton Toolbar – 7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA – C: Program Files Norton Security Engine 22.20.2.57 coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
Barre d'outils: HKLM-x32 – Norton Toolbar – 7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA – C: Program Files Norton Security Engine32 22.20.2.57 coIEPlg.dll [2020-03-20] (Symantec Corporation -> Symantec Corporation)
Bord:
======
DownloadDir: C: Users phyli Downloads
Extension de bord: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C: Program Files WindowsApps EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-05-11]
Extension Edge: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C: Program Files WindowsApps Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-09]
FireFox:
========
FF Plugin-x32: @ intel-webapi.intel.com / Intel WebAPI ipt; version = 4.0.68 -> C: Program Files (x86) Intel Intel® Management Engine Components IPT npIntelWebAPIIPT.dll [2015-08-25] (Logiciel Intel® Identity Protection Technology -> Intel Corporation)
FF Plugin-x32: @ intel-webapi.intel.com / Intel WebAPI Updater -> C: Program Files (x86) Intel Intel® Management Engine Components IPT npIntelWebAPIUpdater.dll [2015-08-25] (Logiciel Intel® Identity Protection Technology -> Intel Corporation)
FF Plugin-x32: @ viewpoint.com / VMP -> C: Program Files (x86) Viewpoint Viewpoint Experience Technology npViewpoint.dll [2004-02-20] () [File not signed]
Chrome:
=======
CHR DefaultProfile: Par défaut
Profil CHR: C: Users phyli AppData Local Google Chrome User Data Default [2020-05-12]
CHR DefaultSearchURL: Par défaut -> hxxps: //s.aolcdn.com/webmail-static/webmail/180517.1559/aol/en-us/images/favicon.ico
Extension CHR: (diapositives) – C: Users phyli AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-01-12]
Extension CHR: (Docs) – C: Users phyli AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-01-12]
Extension CHR: (Google Drive) – C: Users phyli AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2018-01-12]
Extension CHR: (YouTube) – C: Users phyli AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-12]
Extension CHR: (Adblock Plus – bloqueur de publicités gratuit) – C: Users phyli AppData Local Google Chrome User Data Default Extensions cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-11]
Extension CHR: (Sheets) – C: Users phyli AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2018-01-12]
Extension CHR: (Google Docs hors ligne) – C: Users phyli AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-11]
Extension CHR: (Paiements Chrome Web Store) – C: Users phyli AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2020-04-15]
Extension CHR: (Mon AOL) – C: Users phyli AppData Local Google Chrome User Data Default Extensions pigepclndadjaebpijfcjeeefpjhcdca [2018-05-22]
Extension CHR: (Gmail) – C: Users phyli AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-17]
Extension CHR: (Chrome Media Router) – C: Users phyli AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-11]
==================== Services (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
S2 dbupdate; C: Program Files (x86) Dropbox Update DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C: Program Files (x86) Dropbox Update DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C: Program Files (x86) Hewlett-Packard HP Support Solutions HPSupportSolutionsFrameworkService.exe [378744 2020-03-31] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C: Program Files HP HP Touchpoint Analytics Client TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)
R2 ibtsiva; C: WINDOWS System32 ibtsiva.exe [536864 2020-01-06] (Solutions de connectivité sans fil Intel® -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C: Program Files Intel iCLS Client SocketHeciServer.exe [881152 2015-05-22] (Service Intel® Trusted Connect -> Intel® Corporation)
R3 Intel® Security Assist; C: Program Files (x86) Intel Intel® Security Assist isa.exe [335872 2015-05-19] (Société intel) [File not signed]
S3 Intel® WiDi SAM; C: Program Files (x86) Intel Corporation Intel WiDi Intel® Software Asset Manager bin IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel® Software Asset Manager -> Intel Corporation)
R2 IRMTService; c: Program Files Intel Intel® Ready Mode Technology IRMTService.exe [181520 2015-07-13] (Intel CASE -> Intel Corporation)
S2 isaHelperSvc; C: Program Files (x86) Intel Intel® Security Assist isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C: Program Files (x86) Intel Intel® Management Engine Components DAL jhi_service.exe [207648 2015-10-16] (Intel Corporation – Groupe des sous-systèmes intégrés et blocs IP -> Intel Corporation)
S3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation ->)
R2 NortonSecurity; C: Program Files Norton Security Engine 22.20.2.57 NortonSecurity.exe [344760 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C: Program Files Norton Security Engine 22.20.2.57 nsWscSvc.exe [1055960 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R2 RichVideo64; C: Program Files CyberLink Fichiers partagés RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. ->)
R2 RtkAudioService; C: Program Files Realtek Audio HDA RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 TeamViewer; C: Program Files (x86) TeamViewer TeamViewer_Service.exe [13252624 2020-04-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C: Program Files Windows Defender NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C: Program Files Windows Defender MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S4 WRSVC; Service "C: Program Files Webroot WRSA.exe" [X]
===================== Pilotes (sur liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
R1 BHDrvx64; C: Program Files Norton Security NortonData 22.20.2.57 Definitions BASHDefs 20200511.006 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)
S3 BthA2dp; C: WINDOWS System32 drivers BthA2dp.sys [231936 2019-09-17] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C: WINDOWS System32 drivers NGCx64 1614020.039 ccSetx64.sys [192376 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation)
U3 EraserUtilDrv11910; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [154288 2020-05-12] (Symantec Corporation -> Symantec Corporation)
R3 ibtusb; C: WINDOWS System32 DriverStore FileRepository ibtusb.inf_amd64_b45bba99c1e61776 ibtusb.sys [301560 2019-12-02] (Solutions de connectivité sans fil Intel® -> Intel Corporation)
R1 IDSVia64; C: Program Files Norton Security NortonData 22.20.2.57 Definitions IPSDefs 20200512.061 IDSvia64.sys [1451016 2020-05-12] (Symantec Corporation -> Symantec Corporation)
R3 IntelReadyModeDriver; C: WINDOWS System32 drivers IntelReadyModeDriver.sys [33512 2015-07-13] (Intel CASE -> Intel Corporation)
R0 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [253880 2018-01-12] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C: WINDOWS system32 DRIVERS Netwtw04.sys [8720384 2019-08-27] (Solutions de connectivité sans fil Intel® -> Intel Corporation)
R3 rt640x64; C: WINDOWS System32 drivers rt640x64.sys [886528 2015-06-03] (Realtek Semiconductor Corp -> Realtek)
R3 RTSUER; C: WINDOWS system32 Drivers RtsUer.sys [402136 2015-05-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SRTSP; C: WINDOWS System32 drivers NGCx64 1614020.039 SRTSP64.SYS [889520 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C: WINDOWS System32 drivers NGCx64 1614020.039 SRTSPX64.SYS [50864 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C: WINDOWS System32 drivers NGCx64 1614020.039 SYMEFASI64.SYS [1964552 2020-03-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C: WINDOWS System32 drivers NGCx64 1614020.039 SymELAM.sys [25024 2020-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99848 2020-05-12] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C: Program Files Norton Security NortonData 22.20.2.57 SymPlatform SymEvnt.sys [712368 2020-01-06] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C: WINDOWS System32 drivers NGCx64 1614020.039 Ironx64.SYS [316656 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C: WINDOWS System32 drivers NGCx64 1614020.039 symnets.sys [575280 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R3 wanatw; C: WINDOWS System32 drivers wanatw64.sys [24064 2006-11-29] (Éditeur de compatibilité matérielle Microsoft Windows -> America Online, Inc.)
S3 WdBoot; C: WINDOWS system32 drivers WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C: WINDOWS system32 drivers WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C: WINDOWS System32 Drivers WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C: WINDOWS System32 drivers NGCx64 1614020.039 wpCtrlDrv.sys [1012120 2020-03-20] (Symantec Corporation -> Symantec Corporation)
S4 WRBoot; System32 drivers WRBoot.sys [X]
R4 WRkrn; System32 drivers WRkrn.sys [X]
==================== NetSvcs (liste blanche) ====================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
==================== Un mois (créé) ===================
(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)
2020-05-12 20:54 – 2020-05-12 20:55 – 000027915 _____ C: Users phyli Downloads FRST.txt
2020-05-12 20:54 – 2020-05-12 20:55 – 000000000 ____D C: FRST
2020-05-12 20:53 – 2020-05-12 20:53 – 002285568 _____ (Farbar) C: Users phyli Downloads FRST64.exe
2020-05-12 20:22 – 2020-05-12 20:22 – 000000000 ____D C: WINDOWS system32 Tasks Remediation
2020-05-12 18:10 – 2020-05-12 18:14 – 000000000 ____D C: WINDOWS system32 Tasks Norton 360
2020-05-12 18:08 – 2020-05-12 18:08 – 000099848 _____ (Symantec Corporation) C: WINDOWS system32 Drivers SYMEVENT64x86.SYS
2020-05-12 18:08 – 2020-05-12 18:08 – 000008616 _____ C: WINDOWS system32 Drivers SYMEVENT64x86.CAT
2020-05-12 18:08 – 2020-05-12 18:08 – 000003376 _____ C: WINDOWS system32 Tasks Norton WSC Integration
2020-05-12 18:08 – 2020-05-12 18:08 – 000002306 _____ C: Users Public Desktop Norton Security.lnk
2020-05-12 18:08 – 2020-05-12 18:08 – 000002306 _____ C: ProgramData Desktop Norton Security.lnk
2020-05-12 18:08 – 2020-05-12 18:08 – 000000000 ____D C: Program Files Fichiers communs Symantec Shared
2020-05-12 18:07 – 2020-05-12 18:08 – 000000000 ___RD C: ProgramData Microsoft Windows Menu Démarrer Programmes Norton Security
2020-05-12 18:07 – 2020-05-12 18:07 – 000000000 ____D C: WINDOWS system32 Drivers NGCx64
2020-05-12 18:07 – 2020-05-12 18:07 – 000000000 ____D C: Program Files Norton Security
2020-05-12 18:05 – 2020-05-12 18:05 – 000000000 ____D C: ProgramData NortonInstaller
2020-05-12 18:05 – 2020-05-12 18:05 – 000000000 ____D C: Program Files (x86) NortonInstaller
2020-05-12 18:04 – 2020-05-12 18:04 – 003666744 _____ (Symantec Corporation) C: Users phyli Downloads N360Downloader.exe
2020-05-12 18:04 – 2020-05-12 18:04 – 000001379 _____ C: Users phyli Desktop Norton Installation Files.lnk
2020-05-12 18:04 – 2020-05-12 18:04 – 000000000 ____D C: Users Public Downloads Norton
2020-05-11 19:43 – 2020-05-11 19:46 – 000000000 ____D C: Users phyli AppData Local TeamViewer
2020-05-11 18:23 – 2020-05-11 18:24 – 000000000 ____D C: NPE
2020-05-11 18:23 – 2020-05-11 18:22 – 000120122 _____ C: WINDOWS ntbtlog.txt
2020-05-11 18:21 – 2020-05-11 18:22 – 009615808 _____ (NortonLifeLock Inc.) C: Users phyli Downloads NPE (2) .exe
2020-05-11 18:17 – 2020-05-11 18:24 – 000000214 _____ C: WINDOWS Tasks CreateExplorerShellUnelevatedTask.job
2020-05-11 18:11 – 2020-05-12 18:10 – 000000000 ____D C: ProgramData Norton
2020-05-11 18:11 – 2020-05-11 19:55 – 000000000 ____D C: Users phyli AppData Local NPE
2020-05-11 18:11 – 2020-05-11 18:11 – 009615808 _____ (NortonLifeLock Inc.) C: Users phyli Downloads NPE.exe
2020-05-11 18:11 – 2020-05-11 18:11 – 009615808 _____ (NortonLifeLock Inc.) C: Users phyli Downloads NPE (1) .exe
2020-05-11 17:52 – 2020-05-12 18:30 – 000000000 ____D C: Program Files (x86) TeamViewer
2020-05-11 17:52 – 2020-05-11 17:52 – 000001119 _____ C: ProgramData Microsoft Windows Start Menu Programs TeamViewer.lnk
2020-05-11 17:52 – 2020-05-11 17:52 – 000001107 _____ C: Users Public Desktop TeamViewer.lnk
2020-05-11 17:52 – 2020-05-11 17:52 – 000001107 _____ C: ProgramData Desktop TeamViewer.lnk
2020-05-11 17:52 – 2020-05-11 17:52 – 000000000 ____D C: Users phyli AppData Roaming TeamViewer
2020-05-11 17:49 – 2020-05-11 17:49 – 026709944 _____ (TeamViewer Germany GmbH) C: Users phyli Downloads TeamViewer_Setup.exe
2020-05-11 15:32 – 2020-05-11 15:32 – 000000000 ____D C: Users phyli Documents 1-888-511-8605
2020-05-11 15:28 – 2020-05-11 15:28 – 000290304 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 subinacl.exe
2020-05-11 15:28 – 2020-05-11 15:28 – 000000000 ____D C: Program Files (x86) Adware Removal Tool by TSA
2020-05-11 15:25 – 2020-05-11 15:26 – 000000000 ____D C: Users phyli AppData Local PlaceholderTileLogoFolder
2020-05-11 15:22 – 2020-05-11 15:22 – 000007601 _____ C: Users phyli AppData Local Resmon.ResmonCfg
2020-04-15 17:35 – 2020-04-15 17:35 – 025444352 _____ (Microsoft Corporation) C: WINDOWS system32 Hydrogen.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 019850240 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 edgehtml.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 019812864 _____ (Microsoft Corporation) C: WINDOWS system32 HologramWorld.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 018027520 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 mshtml.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 007017472 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 mstscax.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 005910016 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 Chakra.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 004129624 _____ (Microsoft Corporation) C: WINDOWS system32 mfcore.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 003512320 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 msi.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 002951832 _____ (Microsoft Corporation) C: WINDOWS system32 mfmp4srcsnk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 002494744 _____ (Microsoft Corporation) C: WINDOWS system32 msmpeg2vdec.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 002180408 _____ (Microsoft Corporation) C: WINDOWS system32 workfolderssvc.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 001870408 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 mfmp4srcsnk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 001610240 _____ (Microsoft Corporation) C: WINDOWS system32 HologramCompositor.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 001310720 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 msjet40.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 001264640 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 mstsc.exe
2020-04-15 17:35 – 2020-04-15 17:35 – 001151816 _____ (Microsoft Corporation) C:WINDOWSsystem32mfmpeg2srcsnk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 001013000 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfmpeg2srcsnk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000983040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfmkvsrcsnk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000701440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Mirage.Internal.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000689152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64CPFilters.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000686080 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000525312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wsecedit.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000456192 _____ (Microsoft Corporation) C:WINDOWSSysWOW64appwiz.cpl
2020-04-15 17:35 – 2020-04-15 17:35 – 000444416 _____ (Microsoft Corporation) C:WINDOWSsystem32MSFlacDecoder.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000420152 _____ (Microsoft Corporation) C:WINDOWSsystem32MSAudDecMFT.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000380416 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MSFlacDecoder.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000353792 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msrd3x40.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000341504 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msexcl40.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000321536 _____ (Microsoft Corporation) C:WINDOWSsystem32wbadmin.exe
2020-04-15 17:35 – 2020-04-15 17:35 – 000241152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msltus40.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000187392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iasrad.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000179200 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.XamlHost.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000178176 _____ (Microsoft Corporation) C:WINDOWSSysWOW64srumsvc.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000175616 _____ (Microsoft Corporation) C:WINDOWSSysWOW64IndexedDbLegacy.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000135168 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.UI.XamlHost.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000117248 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Chakradiag.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000105472 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Chakrathunk.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000105472 _____ (Microsoft Corporation) C:WINDOWSsystem32WorkFolders.exe
2020-04-15 17:35 – 2020-04-15 17:35 – 000070144 _____ (Microsoft Corporation) C:WINDOWSSysWOW64tsgqec.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000066048 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iasacct.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000050688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64srumapi.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000040448 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iaspolcy.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000026112 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msimsg.dll
2020-04-15 17:35 – 2020-04-15 17:35 – 000023552 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ias.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 022636544 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 017790464 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.Xaml.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 014818816 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.UI.Xaml.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 009930552 _____ (Microsoft Corporation) C:WINDOWSsystem32ntoskrnl.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 008013824 _____ (Microsoft Corporation) C:WINDOWSsystem32mstscax.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 007849216 _____ (Microsoft Corporation) C:WINDOWSsystem32OneCoreUAPCommonProxyStub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 007756800 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakra.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 007604584 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Media.Protection.PlayReady.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 006523048 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Media.Protection.PlayReady.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 006168064 _____ (Microsoft Corporation) C:WINDOWSsystem32twinui.pcshell.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 005040640 _____ (Microsoft Corporation) C:WINDOWSsystem32wininet.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 004611584 _____ (Microsoft Corporation) C:WINDOWSsystem32msi.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 004563200 _____ (Microsoft Corporation) C:WINDOWSsystem32sppsvc.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 004538880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wininet.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003802624 _____ (Microsoft Corporation) C:WINDOWSsystem32diagtrack.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003753472 _____ (Microsoft Corporation) C:WINDOWSsystem32SettingsHandlers_nt.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003742544 _____ (Microsoft Corporation) C:WINDOWSSysWOW64OneCoreUAPCommonProxyStub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003729408 _____ (Microsoft Corporation) C:WINDOWSsystem32win32kfull.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 003708928 _____ (Microsoft Corporation) C:WINDOWSsystem32AppXDeploymentServer.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003587384 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdxgkrnl.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 003547648 _____ (Microsoft Corporation) C:WINDOWSsystem32dwmcore.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 003109376 _____ (Microsoft Corporation) C:WINDOWSsystem32wuaueng.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002986808 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverstcpip.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 002871608 _____ (Microsoft Corporation) C:WINDOWSsystem32aitstatic.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 002800640 _____ (Microsoft Corporation) C:WINDOWSsystem32WinSAT.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 002800128 _____ (Microsoft Corporation) C:WINDOWSSysWOW64win32kfull.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 002767928 _____ (Microsoft Corporation) C:WINDOWSsystem32KernelBase.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002717184 _____ (Microsoft Corporation) C:WINDOWSsystem32win32kbase.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 002453504 _____ (Microsoft Corporation) C:WINDOWSsystem32InstallService.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002131456 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcDesktopMonSvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002126144 _____ (Microsoft Corporation) C:WINDOWSsystem32AudioEng.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002114560 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.CloudStore.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 002086656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64KernelBase.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001999960 _____ (Microsoft Corporation) C:WINDOWSsystem32ntdll.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001960448 _____ (Microsoft Corporation) C:WINDOWSsystem32aadtb.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001945600 _____ (Microsoft Corporation) C:WINDOWSsystem32dcomp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001942528 _____ (Microsoft Corporation) C:WINDOWSsystem32audiosrv.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001918976 _____ (Microsoft Corporation) C:WINDOWSsystem32wevtsvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001835008 _____ (Microsoft Corporation) C:WINDOWSsystem32enterprisecsps.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001783296 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.Input.Inking.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001764336 _____ (Microsoft Corporation) C:WINDOWSsystem32WindowsCodecs.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001762816 _____ (Microsoft Corporation) C:WINDOWSsystem32wwansvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001757096 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2020-04-15 17:34 – 2020-04-15 17:34 – 001729024 _____ (Microsoft Corporation) C:WINDOWSSysWOW64InstallService.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001726264 _____ (Microsoft Corporation) C:WINDOWSsystem32appraiser.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001719808 _____ (Microsoft Corporation) C:WINDOWSsystem32Wpc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001697792 _____ (Microsoft Corporation) C:WINDOWSsystem32GdiPlus.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001665216 _____ (Microsoft Corporation) C:WINDOWSSysWOW64user32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001664896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ntdll.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001656904 _____ (Microsoft Corporation) C:WINDOWSsystem32user32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001646048 _____ (Microsoft Corporation) C:WINDOWSsystem32gdi32full.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001612800 _____ (Microsoft Corporation) C:WINDOWSsystem32wpncore.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001603584 _____ (Microsoft Corporation) C:WINDOWSsystem32dosvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001587712 _____ (Microsoft Corporation) C:WINDOWSSysWOW64aadtb.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001545216 _____ (Microsoft Corporation) C:WINDOWSsystem32mstsc.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001512832 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001497600 _____ (Microsoft Corporation) C:WINDOWSsystem32TokenBroker.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001484384 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WindowsCodecs.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001480192 _____ (Microsoft Corporation) C:WINDOWSsystem32usocoreworker.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001477112 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dcomp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001458688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64GdiPlus.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001427456 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Networking.Vpn.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001413840 _____ (Microsoft Corporation) C:WINDOWSSysWOW64gdi32full.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001413704 _____ (Microsoft Corporation) C:WINDOWSsystem32AudioSes.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001397576 _____ (Microsoft Corporation) C:WINDOWSsystem32hvix64.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001378528 _____ (Microsoft Corporation) C:WINDOWSsystem32webservices.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001368576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Wpc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001368576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.UI.Input.Inking.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001318912 _____ (Microsoft Corporation) C:WINDOWSsystem32wpnapps.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001300280 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershttp.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 001263856 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcMon.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001261808 _____ (Microsoft Corporation) C:WINDOWSsystem32msctf.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001257472 _____ (Microsoft Corporation) C:WINDOWSsystem32rpcss.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001245184 _____ (Microsoft Corporation) C:WINDOWSSysWOW64TokenBroker.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001243648 _____ (Microsoft Corporation) C:WINDOWSsystem32TSWorkspace.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001180672 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001153024 _____ (Microsoft Corporation) C:WINDOWSsystem32windowsperformancerecordercontrol.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001136128 _____ (Microsoft Corporation) C:WINDOWSsystem32MbaeApiPublic.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001127424 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcRefreshTask.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001083904 _____ (Microsoft Corporation) C:WINDOWSsystem32MusUpdateHandlers.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001081856 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Networking.Vpn.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001077064 _____ (Microsoft Corporation) C:WINDOWSsystem32hvax64.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 001071616 _____ (Microsoft Corporation) C:WINDOWSsystem32BTAGService.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001055376 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msctf.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001011200 _____ (Microsoft Corporation) C:WINDOWSsystem32kerberos.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001009152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wpnapps.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 001008128 _____ (Microsoft Corporation) C:WINDOWSsystem32StorSvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000993280 _____ (Microsoft Corporation) C:WINDOWSSysWOW64TSWorkspace.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000982840 _____ (Microsoft Corporation) C:WINDOWSsystem32winhttp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000980832 _____ (Microsoft Corporation) C:WINDOWSSysWOW64webservices.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000974336 _____ (Microsoft Corporation) C:WINDOWSsystem32uDWM.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000924672 _____ (Microsoft Corporation) C:WINDOWSsystem32samsrv.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000923136 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Internal.Management.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000915192 _____ (Microsoft Corporation) C:WINDOWSsystem32AppXDeploymentClient.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000912896 _____ (Microsoft Corporation) C:WINDOWSsystem32rasmans.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000893952 _____ (Microsoft Corporation) C:WINDOWSsystem32FlightSettings.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000892416 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MbaeApiPublic.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000879616 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Management.Service.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000874296 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdxgmms2.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000868864 _____ (Microsoft Corporation) C:WINDOWSSysWOW64windowsperformancerecordercontrol.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000865280 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000865280 _____ (Microsoft Corporation) C:WINDOWSsystem32netlogon.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000840704 _____ (Microsoft Corporation) C:WINDOWSsystem32SettingsHandlers_Language.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000836608 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000835584 _____ (Microsoft Corporation) C:WINDOWSsystem32WorkfoldersControl.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000822208 _____ (Microsoft Corporation) C:WINDOWSsystem32fontdrvhost.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000811320 _____ (Microsoft Corporation) C:WINDOWSsystem32generaltel.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000785920 _____ (Microsoft Corporation) C:WINDOWSSysWOW64kerberos.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000783480 _____ (Microsoft Corporation) C:WINDOWSsystem32tcblaunch.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000775696 _____ (Microsoft Corporation) C:WINDOWSsystem32securekernel.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000772096 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverssrv2.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000768528 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winhttp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000759272 _____ (Microsoft Corporation) C:WINDOWSsystem32taskschd.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000747320 _____ (Microsoft Corporation) C:WINDOWSsystem32aeinv.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000735744 _____ (Microsoft Corporation) C:WINDOWSsystem32AudioEndpointBuilder.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000729600 _____ (Microsoft Corporation) C:WINDOWSSysWOW64FlightSettings.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000722072 _____ (Microsoft Corporation) C:WINDOWSsystem32kernel32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000701440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64BTAGService.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000684560 _____ (Microsoft Corporation) C:WINDOWSsystem32SHCore.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000673704 _____ (Microsoft Corporation) C:WINDOWSSysWOW64AppXDeploymentClient.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000673464 _____ (Microsoft Corporation) C:WINDOWSSysWOW64fontdrvhost.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000668672 _____ (Microsoft Corporation) C:WINDOWSsystem32wsecedit.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000665088 _____ (Microsoft Corporation) C:WINDOWSSysWOW64netlogon.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000654912 _____ (Microsoft Corporation) C:WINDOWSsystem32advapi32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000647680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Internal.Management.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000638480 _____ (Microsoft Corporation) C:WINDOWSsystem32devinv.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000637240 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversstorport.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000632832 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WpcWebFilter.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000629760 _____ (Microsoft Corporation) C:WINDOWSsystem32ipnathlp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000628616 _____ (Microsoft Corporation) C:WINDOWSSysWOW64kernel32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000618296 _____ (Microsoft Corporation) C:WINDOWSsystem32hal.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000605184 _____ (Microsoft Corporation) C:WINDOWSsystem32MusNotification.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000604984 _____ (Microsoft Corporation) C:WINDOWSsystem32pcasvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000595968 _____ (Microsoft Corporation) C:WINDOWSsystem32vbscript.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000589384 _____ (Microsoft Corporation) C:WINDOWSsystem32audiodg.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000561464 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversmrxsmb.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000555008 _____ (Microsoft Corporation) C:WINDOWSsystem32appwiz.cpl
2020-04-15 17:34 – 2020-04-15 17:34 – 000550400 _____ (Microsoft Corporation) C:WINDOWSsystem32win32k.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000538160 _____ (Microsoft Corporation) C:WINDOWSSysWOW64SHCore.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000532480 _____ (Microsoft Corporation) C:WINDOWSSysWOW64vbscript.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000530432 _____ (Microsoft Corporation) C:WINDOWSsystem32sppcext.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000529408 _____ (Microsoft Corporation) C:WINDOWSsystem32nltest.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000524264 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Devices.Enumeration.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000516096 _____ (Microsoft Corporation) C:WINDOWSsystem32MusNotificationUx.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000515600 _____ (Microsoft Corporation) C:WINDOWSsystem32dcntel.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000513576 _____ (Microsoft Corporation) C:WINDOWSsystem32aepic.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000510792 _____ (Microsoft Corporation) C:WINDOWSsystem32wow64win.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000507152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64taskschd.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000498688 _____ (Microsoft Corporation) C:WINDOWSsystem32ntshrui.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000497152 _____ (Microsoft Corporation) C:WINDOWSsystem32wuuhext.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000491008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64sppcext.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000487784 _____ (Microsoft Corporation) C:WINDOWSSysWOW64advapi32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000477496 _____ (Microsoft Corporation) C:WINDOWSsystem32DriversFWPKCLNT.SYS
2020-04-15 17:34 – 2020-04-15 17:34 – 000469504 _____ (Microsoft Corporation) C:WINDOWSsystem32cloudAP.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000465208 _____ (Microsoft Corporation) C:WINDOWSsystem32invagent.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000459688 _____ (Microsoft Corporation) C:WINDOWSsystem32MusNotifyIcon.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000456504 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversrdbss.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000452096 _____ (Microsoft Corporation) C:WINDOWSsystem32rdpclip.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000441144 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdxgmms1.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000437560 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverspci.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000416016 _____ (Microsoft Corporation) C:WINDOWSsystem32AUDIOKSE.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000415760 _____ (Microsoft Corporation) C:WINDOWSSysWOW64aepic.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000410112 _____ (Microsoft Corporation) C:WINDOWSsystem32rascustom.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000408064 _____ (Microsoft Corporation) C:WINDOWSsystem32domgmt.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000406480 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Devices.Enumeration.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000401408 _____ (Microsoft Corporation) C:WINDOWSsystem32es.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000381440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ntshrui.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000374784 _____ (Microsoft Corporation) C:WINDOWSsystem32ncbservice.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000355840 _____ (Microsoft Corporation) C:WINDOWSsystem32WaaSMedicSvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000355328 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcApi.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000343552 _____ (Microsoft Corporation) C:WINDOWSsystem32wpr.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000339304 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Storage.ApplicationData.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000336384 _____ (Microsoft Corporation) C:WINDOWSSysWOW64es.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000330240 _____ (Microsoft Corporation) C:WINDOWSsystem32omadmclient.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000324408 _____ (Microsoft Corporation) C:WINDOWSsystem32acmigration.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000324096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64win32k.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000323584 _____ (Microsoft Corporation) C:WINDOWSsystem32sppcommdlg.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000297272 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverssdbus.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000285184 _____ (Microsoft Corporation) C:WINDOWSsystem32WaaSMedicCapsule.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000278016 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcTok.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000277864 _____ (Microsoft Corporation) C:WINDOWSsystem32LsaIso.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000277504 _____ (Microsoft Corporation) C:WINDOWSsystem32scecli.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000268288 _____ (Microsoft Corporation) C:WINDOWSsystem32dot3svc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000268008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Storage.ApplicationData.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000265216 _____ (Microsoft Corporation) C:WINDOWSsystem32cdd.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000259776 _____ (Microsoft Corporation) C:WINDOWSsystem32logoncli.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000259072 _____ (Microsoft Corporation) C:WINDOWSsystem32VPNv2CSP.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000256000 _____ (Microsoft Corporation) C:WINDOWSsystem32UpdateDeploymentProvider.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000251704 _____ (Microsoft Corporation) C:WINDOWSsystem32offlinesam.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000251392 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverswinnat.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000241152 _____ (Microsoft Corporation) C:WINDOWSsystem32policymanagerprecheck.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000234496 _____ (Microsoft Corporation) C:WINDOWSsystem32iasrad.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000231936 _____ (Microsoft Corporation) C:WINDOWSsystem32InstallServiceTasks.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000231912 _____ (Microsoft Corporation) C:WINDOWSsystem32deviceaccess.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000227840 _____ (Microsoft Corporation) C:WINDOWSsystem32IndexedDbLegacy.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000225792 _____ (Microsoft Corporation) C:WINDOWSsystem32WorkFoldersShell.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000214528 _____ (Microsoft Corporation) C:WINDOWSsystem32srumsvc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000214016 _____ (Microsoft Corporation) C:WINDOWSSysWOW64scecli.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000211256 _____ (Microsoft Corporation) C:WINDOWSsystem32tcbloader.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000203264 _____ (Microsoft Corporation) C:WINDOWSsystem32LanguageComponentsInstaller.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000200192 _____ (Microsoft Corporation) C:WINDOWSsystem32updatepolicy.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000197632 _____ (Microsoft Corporation) C:WINDOWSsystem32Win32CompatibilityAppraiserCSP.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000193848 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdumpsd.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000190048 _____ (Microsoft Corporation) C:WINDOWSSysWOW64logoncli.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000185952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64deviceaccess.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000179712 _____ (Microsoft Corporation) C:WINDOWSSysWOW64InstallServiceTasks.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000179712 _____ (Microsoft Corporation) C:WINDOWSsystem32t2embed.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000178192 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverspartmgr.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000169472 _____ (Microsoft Corporation) C:WINDOWSsystem32SpatialAudioLicenseSrv.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000164368 _____ (Microsoft Corporation) C:WINDOWSsystem32CompatTelRunner.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000163840 _____ (Microsoft Corporation) C:WINDOWSSysWOW64updatepolicy.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000158720 _____ (Microsoft Corporation) C:WINDOWSsystem32umpo.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000155136 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakradiag.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000152408 _____ (Microsoft Corporation) C:WINDOWSsystem32KerbClientShared.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000151352 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversscmbus.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000147696 _____ (Microsoft Corporation) C:WINDOWSsystem32smss.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000142544 _____ (Microsoft Corporation) C:WINDOWSsystem32LicensingUI.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000140800 _____ (Microsoft Corporation) C:WINDOWSsystem32slc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000139776 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakrathunk.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000138752 _____ (Microsoft Corporation) C:WINDOWSSysWOW64t2embed.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000136192 _____ (Microsoft Corporation) C:WINDOWSsystem32sppc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000130560 _____ (Microsoft Corporation) C:WINDOWSsystem32StorageUsage.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000129024 _____ (Microsoft Corporation) C:WINDOWSsystem32UtcDecoderHost.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000127280 _____ (Microsoft Corporation) C:WINDOWSsystem32win32u.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000125952 _____ (Microsoft Corporation) C:WINDOWSsystem32fontsub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000123952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64KerbClientShared.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000122368 _____ (Microsoft Corporation) C:WINDOWSsystem32samlib.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000118272 _____ (Microsoft Corporation) C:WINDOWSSysWOW64slc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000115120 _____ (Microsoft Corporation) C:WINDOWSsystem32phoneactivate.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000108032 _____ (Microsoft Corporation) C:WINDOWSsystem32wwanprotdim.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000105984 _____ (Microsoft Corporation) C:WINDOWSsystem32utcutil.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000103936 _____ (Microsoft Corporation) C:WINDOWSsystem32dot3msm.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000102216 _____ (Microsoft Corporation) C:WINDOWSsystem32changepk.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000101888 _____ (Microsoft Corporation) C:WINDOWSSysWOW64sppc.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000099328 _____ (Microsoft Corporation) C:WINDOWSSysWOW64fontsub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000096768 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Devices.Custom.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000093712 _____ (Microsoft Corporation) C:WINDOWSsystem32hvloader.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000092160 _____ (Microsoft Corporation) C:WINDOWSsystem32dot3api.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000090624 _____ (Microsoft Corporation) C:WINDOWSsystem32tsgqec.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000089912 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversvolmgr.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000089336 _____ (Microsoft Corporation) C:WINDOWSSysWOW64win32u.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000089088 _____ (Microsoft Corporation) C:WINDOWSsystem32WaaSMedicAgent.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000088352 _____ (Microsoft Corporation) C:WINDOWSsystem32remoteaudioendpoint.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000087552 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dot3api.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000087040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dot3msm.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000087040 _____ (Microsoft Corporation) C:WINDOWSsystem32iasacct.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000084280 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershvservice.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000076288 _____ (Microsoft Corporation) C:WINDOWSsystem32autopilot.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000071680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Devices.Custom.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000071480 _____ (Microsoft Corporation) C:WINDOWSsystem32win32appinventorycsp.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000070656 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000070656 _____ (Microsoft Corporation) C:WINDOWSsystem32keepaliveprovider.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000066624 _____ (Microsoft Corporation) C:WINDOWSsystem32iumcrypt.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000064512 _____ (Microsoft Corporation) C:WINDOWSsystem32pcadm.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000064000 _____ (Microsoft Corporation) C:WINDOWSsystem32tbauth.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000063488 _____ (Microsoft Corporation) C:WINDOWSsystem32srumapi.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000060928 _____ (Microsoft Corporation) C:WINDOWSsystem32mf3216.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000060416 _____ (Microsoft Corporation) C:WINDOWSsystem32CloudNotifications.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000059192 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversstorufs.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000058880 _____ C:WINDOWSsystem32runexehelper.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000057856 _____ (Microsoft Corporation) C:WINDOWSsystem32wups2.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000057344 _____ (Microsoft Corporation) C:WINDOWSsystem32audioresourceregistrar.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000051200 _____ (Microsoft Corporation) C:WINDOWSsystem32pcalua.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000050544 _____ (Microsoft Corporation) C:WINDOWSSysWOW64CloudNotifications.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000050176 _____ (Microsoft Corporation) C:WINDOWSsystem32iaspolcy.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000049152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64tbauth.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000047000 _____ (Microsoft Corporation) C:WINDOWSsystem32wuauclt.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000046080 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mf3216.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000045568 _____ (Microsoft Corporation) C:WINDOWSsystem32cmintegrator.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000044032 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.Xaml.Resources.Common.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000043008 _____ (Microsoft Corporation) C:WINDOWSsystem32WiredNetworkCSP.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000043008 _____ (Microsoft Corporation) C:WINDOWSsystem32UpgradeResultsUI.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000039424 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcProxyStubs.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000036864 _____ (Microsoft Corporation) C:WINDOWSsystem32TokenBrokerCookies.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000036152 _____ (Microsoft Corporation) C:WINDOWSsystem32DeviceCensus.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000033792 _____ (Microsoft Corporation) C:WINDOWSsystem32sxssrv.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000033080 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershwpolicy.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000031744 _____ (Microsoft Corporation) C:WINDOWSsystem32wksprtPS.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000031744 _____ (Microsoft Corporation) C:WINDOWSsystem32ias.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000030720 _____ (Microsoft Corporation) C:WINDOWSsystem32DriversKNetPwrDepBroker.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000029696 _____ (Microsoft Corporation) C:WINDOWSSysWOW64cmintegrator.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000029184 _____ (Microsoft Corporation) C:WINDOWSSysWOW64TokenBrokerCookies.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000028672 _____ (Microsoft Corporation) C:WINDOWSsystem32WaaSMedicPS.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000028160 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversflpydisk.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000026112 _____ (Microsoft Corporation) C:WINDOWSsystem32msimsg.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000023552 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Devices.Custom.ps.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000022528 _____ (Microsoft Corporation) C:WINDOWSsystem32slcext.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000022528 _____ (Microsoft Corporation) C:WINDOWSsystem32sbservicetrigger.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000021520 _____ (Microsoft Corporation) C:WINDOWSsystem32kdhvcom.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000019968 _____ (Microsoft Corporation) C:WINDOWSSysWOW64slcext.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000018944 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverssfloppy.sys
2020-04-15 17:34 – 2020-04-15 17:34 – 000017920 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wksprtPS.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000017920 _____ (Microsoft Corporation) C:WINDOWSsystem32icsunattend.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000015872 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.Devices.Custom.ps.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000014336 _____ (Microsoft Corporation) C:WINDOWSsystem32dciman32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000012800 _____ (Microsoft Corporation) C:WINDOWSsystem32pcaevts.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000012288 _____ (Microsoft Corporation) C:WINDOWSsystem32pacjsworker.exe
2020-04-15 17:34 – 2020-04-15 17:34 – 000011776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dciman32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000010752 _____ (Microsoft Corporation) C:WINDOWSsystem32DMAlertListener.ProxyStub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000008192 _____ (Microsoft Corporation) C:WINDOWSsystem32msimg32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000007680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64DMAlertListener.ProxyStub.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000007168 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msimg32.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000003072 _____ (Microsoft Corporation) C:WINDOWSsystem32lpk.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000002560 _____ (Microsoft Corporation) C:WINDOWSSysWOW64lpk.dll
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth9.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth8.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth7.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth6.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth5.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth4.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth3.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth2.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth12.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth11.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth10.bin
2020-04-15 17:34 – 2020-04-15 17:34 – 000000315 _____ C:WINDOWSsystem32DrtmAuth1.bin
2020-04-15 17:21 – 2020-04-15 17:22 – 000492544 _____ (Microsoft Corporation) C:WINDOWSsystem32poqexec.exe
2020-04-15 17:21 – 2020-04-15 17:22 – 000390656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64poqexec.exe
2020-04-15 15:45 – 2020-05-12 18:06 – 000000000 ____D C:ProgramDataWRCore
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-12 20:22 – 2016-02-17 04:13 – 000000000 ____D C:Program FilesCommon FilesAV
2020-05-12 20:16 – 2019-03-19 00:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2020-05-12 20:05 – 2018-07-16 18:15 – 000000000 ____D C:UsersphyliAppDataLocalD3DSCache
2020-05-12 18:40 – 2019-08-15 19:04 – 000003256 _____ C:WINDOWSsystem32TasksHPCeeScheduleForphyli
2020-05-12 18:40 – 2019-06-17 18:01 – 000000364 _____ C:WINDOWSTasksHPCeeScheduleForphyli.job
2020-05-12 18:09 – 2019-03-19 00:37 – 000032768 _____ C:WINDOWSsystem32configELAM
2020-05-12 18:08 – 2019-03-19 00:52 – 000000000 ___HD C:WINDOWSELAMBKUP
2020-05-12 18:07 – 2017-01-27 14:00 – 000744808 ____N (Microsoft Corporation) C:WINDOWSsystem32MpSigStub.exe
2020-05-12 18:06 – 2018-01-12 13:24 – 000000000 ____D C:UsersphyliAppDataLocalLowwebroot
2020-05-12 18:06 – 2018-01-12 13:24 – 000000000 ____D C:UsersphyliAppDataLocallptmp
2020-05-12 18:01 – 2016-09-25 15:43 – 000000000 __SHD C:UsersphyliIntelGraphicsProfiles
2020-05-12 10:12 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSAppReadiness
2020-05-12 10:10 – 2019-03-19 00:52 – 000000000 ___HD C:Program FilesWindowsApps
2020-05-11 19:48 – 2019-08-15 18:57 – 000935056 _____ C:WINDOWSsystem32PerfStringBackup.INI
2020-05-11 19:48 – 2019-03-19 00:50 – 000000000 ____D C:WINDOWSINF
2020-05-11 19:42 – 2019-08-15 19:04 – 000000006 ____H C:WINDOWSTasksSA.DAT
2020-05-11 19:42 – 2019-03-19 00:37 – 000524288 _____ C:WINDOWSsystem32configBBI
2020-05-11 19:22 – 2019-08-15 18:45 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2020-05-11 18:17 – 2019-08-15 18:45 – 000276104 _____ C:WINDOWSsystem32FNTCACHE.DAT
2020-05-11 18:12 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSsystem32NDF
2020-05-11 15:26 – 2018-03-16 00:06 – 000000000 ____D C:UsersphyliAppDataLocalPackages
2020-05-11 14:53 – 2018-01-12 12:48 – 000000000 ____D C:UsersphyliAppDataLocalGoToAssist Remote Support Customer
2020-05-11 12:06 – 2017-08-28 10:13 – 000002326 _____ C:UsersphyliDesktopAOL Desktop Gold.lnk
2020-05-11 12:06 – 2017-08-28 10:13 – 000000000 ____D C:UsersphyliAppDataRoamingMicrosoftWindowsStart MenuProgramsAOL Inc
2020-05-11 12:06 – 2017-08-28 10:13 – 000000000 ____D C:UsersphyliAppDataLocalAOLDesktop
2020-05-11 12:05 – 2017-08-28 10:13 – 000000000 ____D C:UsersphyliAppDataLocalSquirrelTemp
2020-05-10 04:33 – 2019-08-15 19:04 – 000003376 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-999762305-681959455-3457413626-1001
2020-05-10 04:33 – 2019-08-15 18:51 – 000002370 _____ C:UsersphyliAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2020-05-10 04:33 – 2016-09-25 15:46 – 000000000 ___RD C:UsersphyliOneDrive
2020-05-08 04:30 – 2018-01-12 13:28 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2020-05-08 04:30 – 2018-01-12 13:28 – 000002267 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2020-05-08 04:30 – 2018-01-12 13:28 – 000002267 _____ C:ProgramDataDesktopGoogle Chrome.lnk
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSSystemResources
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSsystem32PerceptionSimulation
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSsystem32migwiz
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSShellExperiences
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSProvisioning
2020-04-15 23:43 – 2019-03-19 00:52 – 000000000 ____D C:WINDOWSbcastdvr
2020-04-15 17:38 – 2019-03-19 00:37 – 000000000 ____D C:WINDOWSCbsTemp
==================== Files in the root of some directories ========
2018-01-12 13:24 – 2018-01-12 13:24 – 018102328 _____ (Webroot Software, Inc.) C:Program Files (x86)Common Fileswruninstall.exe
2020-05-11 15:22 – 2020-05-11 15:22 – 000007601 _____ () C:UsersphyliAppDataLocalResmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================'
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2020
Ran by phyli (12-05-2020 20:56:18)
Running from C:UsersphyliDownloads
Windows 10 Home Version 1903 18362.778 (X64) (2019-08-15 23:04:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-999762305-681959455-3457413626-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-999762305-681959455-3457413626-503 – Limited – Disabled)
defaultuser100001 (S-1-5-21-999762305-681959455-3457413626-1003 – Limited – Enabled)
Guest (S-1-5-21-999762305-681959455-3457413626-501 – Limited – Disabled)
phyli (S-1-5-21-999762305-681959455-3457413626-1001 – Administrator – Enabled) => C:Usersphyli
WDAGUtilityAccount (S-1-5-21-999762305-681959455-3457413626-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D
AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
AV: Webroot SecureAnywhere (Enabled – Up to date) DF901FA1-F926-253B-C464-B01C79DCAD48
AS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
AS: Webroot SecureAnywhere (Enabled – Up to date) 64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5
FW: Norton 360 (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AOL Desktop Gold (HKUS-1-5-21-999762305-681959455-3457413626-1001…AOLDesktop) (Version: 11.0.2664 – Oath Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32…AOL Uninstaller) (Version: – AOL Inc.)
Bonjour (HKLM…6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D) (Version: 3.0.0.10 – Apple Inc.)
CCleaner (HKLM…CCleaner) (Version: 5.38 – Piriform)
CyberLink PhotoDirector (HKLM…5A454EC5-217A-42a5-8CE1-2DDEC4E70E01) (Version: 5.0.6.7006 – CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32…InstallShield_5A454EC5-217A-42a5-8CE1-2DDEC4E70E01) (Version: 5.0.6.7006 – CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32…32C8E300-BDB4-4398-92C2-E9B7D8A233DB) (Version: 14.0.2.5801 – CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM…E1646825-D391-42A0-93AA-27FA810DA093) (Version: 12.0.5.4614 – CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32…InstallShield_E1646825-D391-42A0-93AA-27FA810DA093) (Version: 12.0.5.4614 – CyberLink Corp.)
Dropbox 25 GB (HKLM-x32…