Serveur d'impression

Après le téléchargement accidentel d'un malware, l'ordinateur n'est plus le même – Bien choisir son serveur d impression

Par Titanfall , le 13 juin 2020 - 75 minutes de lecture

J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:

Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020

Ran by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)

Exécution à partir de C: Users Ethan Desktop

Profils chargés: Ethan

Plateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)

Navigateur par défaut: Chrome

Mode de démarrage: Normal

==================== Processus (liste blanche) =================

(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe <21>

(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe

(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe

(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe

(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe

(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe

(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe

(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe

Impossible d'accéder au processus -> amdlogsr.exe

Impossible d'accéder au processus -> atieclxx.exe

Impossible d'accéder au processus -> atiesrxx.exe

Impossible d'accéder au processus -> ccSvcHst.exe

Impossible d'accéder au processus -> conhost.exe

Impossible d'accéder au processus -> crashpad_handler.exe

Impossible d'accéder au processus -> crashpad_handler.exe

Impossible d'accéder au processus -> csrss.exe

Impossible d'accéder au processus -> csrss.exe

Impossible d'accéder au processus -> dasHost.exe

Impossible d'accéder au processus -> DAX3API.exe

Impossible d'accéder au processus -> dllhost.exe

Impossible d'accéder au processus -> dwm.exe

Impossible d'accéder au processus -> EvtEng.exe

Impossible d'accéder au processus -> FMService64.exe

Impossible d'accéder au processus -> fontdrvhost.exe

Impossible d'accéder au processus -> fontdrvhost.exe

Impossible d'accéder au processus -> GoogleCrashHandler.exe

Impossible d'accéder au processus -> GoogleCrashHandler64.exe

Impossible d'accéder au processus -> LCD_Service.exe

Impossible d'accéder au processus -> lsass.exe

Impossible d'accéder au processus -> MateBookService.exe

Impossible d'accéder au processus -> MBAMService.exe

Impossible d'accéder au processus -> OfficeClickToRun.exe

Impossible d'accéder au processus -> qengine.exe

Impossible d'accéder au processus -> QUpdateService.exe

Impossible d'accéder au processus -> RegSrvc.exe

Impossible d'accéder au processus -> RtkAudUService64.exe

Impossible d'accéder au processus -> RtkAudUService64.exe

Impossible d'accéder au processus -> SearchFilterHost.exe

Impossible d'accéder au processus -> SearchIndexer.exe

Impossible d'accéder au processus -> SearchProtocolHost.exe

Impossible d'accéder au processus -> SecurityHealthService.exe

Impossible d'accéder au processus -> sepWscSvc64.exe

Impossible d'accéder au processus -> services.exe

Impossible d'accéder au processus -> SgrmBroker.exe

Impossible d'accéder au processus -> smss.exe

Impossible d'accéder au processus -> spoolsv.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> svchost.exe

Impossible d'accéder au processus -> unsecapp.exe

Impossible d'accéder au processus -> wininit.exe

Impossible d'accéder au processus -> winlogon.exe

Impossible d'accéder au processus -> wlanext.exe

Impossible d'accéder au processus -> WMIADAP.exe

Impossible d'accéder au processus -> WmiPrvSE.exe

Impossible d'accéder au processus -> WmiPrvSE.exe

Impossible d'accéder au processus -> ZeroConfigService.exe

==================== Registre (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)

HKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)

HKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe"

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe"

HKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)

HKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)

HKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)

HKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)

HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)

Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]

ShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)

Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]

ShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

GroupPolicy: Restriction? <==== ATTENTION

==================== Tâches planifiées (liste blanche) ============

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

==================== Internet (liste blanche) ====================

(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)

Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1

Tcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12

Tcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:

==================

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00

HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00

HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE

URLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant

SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL =

SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL =

SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6

SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C

BHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)

BHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)

Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

Bord:

======

DownloadDir: C: Users Ethan Downloads

FireFox:

========

Plugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)

Plugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:

=======

CHR DefaultProfile: Par défaut

Profil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]

Notifications CHR: Par défaut -> hxxps: //www.youtube.com

CHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"

Restauration de session CHR: Par défaut -> est activé.

Extension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]

Extension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]

Extension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]

Extension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]

Extension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]

Extension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]

Extension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]

Extension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]

Extension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]

Extension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]

Extension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]

Extension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]

Extension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]

Profil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]

==================== Services (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)

S4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)

R2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)

S3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)

R2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)

R2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)

S3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)

S3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)

S3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)

R2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)

Lmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Lmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)

R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)

S3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)

R2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)

R2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)

S4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)

S2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]

U4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]

U4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]

===================== Pilotes (sur liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)

R3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)

R3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)

R3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)

R3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)

R3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)

S3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)

R3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)

S3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)

R1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)

R1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)

R1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)

R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)

R1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)

R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)

R1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)

R1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)

R1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)

R2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)

S3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)

R1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)

R3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)

R1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)

R1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)

S3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)

S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)

R3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)

S3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]

==================== NetSvcs (liste blanche) ====================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

==================== Un mois (créé) ===================

(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)

2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt

2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST

2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe

2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys

2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys

2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys

2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump

2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt

2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip

2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG

2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys

2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys

2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr

2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin

2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip

2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools

2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk

2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk

2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe

2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI

2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime

2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame

2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe

2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip

2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable

2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip

2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk

2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp

2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb

2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4

2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX

2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library

2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager

2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover

2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys

2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee

2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732

2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b

2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06

2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6

2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a

2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache

2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software

2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c

2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD

2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a

2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD

2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings

2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de

2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae

2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87

2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4

2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9

2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335

2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41

2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8

2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096

2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4

2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019

2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656

2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b

2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea

2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff

2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776

2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4

2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19

2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c

2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada

2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e

2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5

2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a

2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4

2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c

2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8

2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21

2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68

2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73

2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb

2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f

2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp

2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ

2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP

2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe

2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files

2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe

2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe

2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe

2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe

2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate

2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe

2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe

2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll

2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe

2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll

2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll

2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll

2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll

2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new

2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap

2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap

2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat

2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat

2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat

2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat

2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb

2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb

2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk

2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com

2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com

2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps

2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe

2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec

2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys

2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS

2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll

2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS

2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT

2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi

2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI

2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared

2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec

2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection

2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP

2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec

2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec

2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys

2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray

2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam

2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes

2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes

2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys

2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer

2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer

2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer

2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher

2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini

2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini

2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI

2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF

2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio

2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess

2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT

2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft

2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan

2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord

2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD

2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT

2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness

2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps

2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio

2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin

2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports

2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient

2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther

2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp

2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient

2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]

2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml

2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml

2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration

2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office

2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch

2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages

2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe

2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client

2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator

2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore

2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache

2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT

2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD

2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD

2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe

2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl

2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages

2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache

2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy

2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP

2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing

2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom

==================== Files in the root of some directories ========

2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log

2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel

==================== FLock ==============================

2020-05-13 20:50 C:PerfLogs

2020-06-12 19:49 C:WINDOWSsystem32config

2018-09-15 09:33 C:WINDOWSsystem32Configuration

2018-09-15 09:33 C:WINDOWSsystem32DriverState

2018-09-15 09:33 C:WINDOWSsystem32FxsTmp

2018-09-15 09:34 C:WINDOWSsystem32ias

2018-09-15 09:34 C:WINDOWSsystem32MsDtc

2018-09-15 09:33 C:WINDOWSsystem32networklist

2020-06-13 04:54 C:WINDOWSsystem32SleepStudy

2020-06-13 05:29 C:WINDOWSsystem32sru

2020-06-05 22:22 C:WINDOWSsystem32Tasks

2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated

2019-07-19 20:15 C:WINDOWSsystem32WDI

2020-06-12 19:57 C:Program FilesWindowsApps

2020-06-09 04:19 C:WINDOWSdiagerr.xml

2020-06-09 04:19 C:WINDOWSdiagwrn.xml

2019-05-05 07:38 C:WINDOWSInfusedApps

2020-06-12 03:02 C:WINDOWSLiveKernelReports

2020-02-15 18:45 C:WINDOWSMinidump

2018-09-15 09:33 C:WINDOWSModemLogs

2020-06-13 05:42 C:WINDOWSPrefetch

2019-05-04 22:10 C:WINDOWSServiceState

2020-06-13 05:41 C:WINDOWSTemp

2018-09-15 09:33 C:WINDOWSSysWOW64config

2018-09-15 09:33 C:WINDOWSSysWOW64Configuration

2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc

2018-09-15 09:33 C:WINDOWSSysWOW64networklist

2018-09-15 09:33 C:WINDOWSSysWOW64sru

2018-09-15 09:33 C:WINDOWSSysWOW64Tasks

2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData

2020-06-08 22:06 C:Usersdadministrator

2020-06-02 21:45 C:ProgramDataPackages

2019-05-04 21:44 C:ProgramDataUSOPrivate

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.

Access is denied.

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020

Ran by Ethan (13-06-2020 05:43:40)

Running from C:UsersEthanDesktop

Windows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)

dadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator

DefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)

Ethan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan

Guest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D

AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B

AS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

FW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)

7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)

AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)

ASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)

Branding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden

Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)

Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)

EdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )

Epic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Glorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)

GOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)

Google Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)

Google Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden

Intel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)

Java 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)

KeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)

Launcher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Logger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)

Logitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)

Lunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)

Lunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)

Malwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)

Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)

Minecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)

Minecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)

OEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)

Office 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden

PC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)

Popcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)

Popcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)

Qustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden

Qustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)

Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)

Symantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)

Terraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)

TI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)

Vulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden

WDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)

Windows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)

Windows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)

Wizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)

Wizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)

Zoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)

Zoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)

Packages:

=========

Adobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)

Arduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)

Dolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)

Dolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]

MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)

Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File

ContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )

ContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]

ContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"

ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"

ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"

ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default

ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj

==================== Loaded Modules (Whitelisted) =============

2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll

2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll

2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll

2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll

2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll

2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]

AlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]

AlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts

2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics

2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703

135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156

68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788

192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328

192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941

192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162

45 162

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

DNS Servers: 68.105.28.11 – 68.105.29.11

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File

FirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File

FirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]

FirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]

FirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File

FirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File

FirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]

FirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]

FirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File

FirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File

FirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File

FirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File

FirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe

FirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe

FirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)

FirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)

FirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )

FirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File

FirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File

FirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File

FirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File

FirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File

FirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File

FirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)

FirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)

FirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe

FirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe

FirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )

FirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )

FirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe

FirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe

FirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe

FirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File

FirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File

FirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )

FirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)

FirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)

FirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)

FirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)

FirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File

FirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File

FirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File

FirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File

FirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)

Check "VSS" service

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )

Description: Memory Exploit Mitigation is malfunctioning

Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )

Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )

Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

System errors:

=============

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

E579AB5F-1CC4-44B4-BED9-DE0991FF0623

and APPID

56BE716B-2F76-4DFA-8702-67AE10044F0B

to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.SecurityAppBroker

and APPID

Unavailable

to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscBrokerManager

and APPID

Unavailable

to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:

===================================

Date: 2020-06-13 05:28:55.962

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.958

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.695

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.690

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.476

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.473

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.462

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.458

La description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: HUAWEI 1.22 02/26/2019

Motherboard: HUAWEI KPL-W0X

Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx

Percentage of memory in use: 60%

Total physical RAM: 7069.58 MB

Available physical RAM: 2819.71 MB

Total Virtual: 17309.58 MB

Available Virtual: 11480.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS

\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS

\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Click to rate this post!
[Total: 0 Average: 0]

Commentaires

Laisser un commentaire

Votre commentaire sera révisé par les administrateurs si besoin.