Après le téléchargement accidentel d'un malware, l'ordinateur n'est plus le même – Bien choisir son serveur d impression
J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:
Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)
Exécution à partir de C: Users Ethan Desktop
Profils chargés: Ethan
Plateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)
Navigateur par défaut: Chrome
Mode de démarrage: Normal
==================== Processus (liste blanche) =================
(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe <21>
(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe
(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe
(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe
(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe
Impossible d'accéder au processus -> amdlogsr.exe
Impossible d'accéder au processus -> atieclxx.exe
Impossible d'accéder au processus -> atiesrxx.exe
Impossible d'accéder au processus -> ccSvcHst.exe
Impossible d'accéder au processus -> conhost.exe
Impossible d'accéder au processus -> crashpad_handler.exe
Impossible d'accéder au processus -> crashpad_handler.exe
Impossible d'accéder au processus -> csrss.exe
Impossible d'accéder au processus -> csrss.exe
Impossible d'accéder au processus -> dasHost.exe
Impossible d'accéder au processus -> DAX3API.exe
Impossible d'accéder au processus -> dllhost.exe
Impossible d'accéder au processus -> dwm.exe
Impossible d'accéder au processus -> EvtEng.exe
Impossible d'accéder au processus -> FMService64.exe
Impossible d'accéder au processus -> fontdrvhost.exe
Impossible d'accéder au processus -> fontdrvhost.exe
Impossible d'accéder au processus -> GoogleCrashHandler.exe
Impossible d'accéder au processus -> GoogleCrashHandler64.exe
Impossible d'accéder au processus -> LCD_Service.exe
Impossible d'accéder au processus -> lsass.exe
Impossible d'accéder au processus -> MateBookService.exe
Impossible d'accéder au processus -> MBAMService.exe
Impossible d'accéder au processus -> OfficeClickToRun.exe
Impossible d'accéder au processus -> qengine.exe
Impossible d'accéder au processus -> QUpdateService.exe
Impossible d'accéder au processus -> RegSrvc.exe
Impossible d'accéder au processus -> RtkAudUService64.exe
Impossible d'accéder au processus -> RtkAudUService64.exe
Impossible d'accéder au processus -> SearchFilterHost.exe
Impossible d'accéder au processus -> SearchIndexer.exe
Impossible d'accéder au processus -> SearchProtocolHost.exe
Impossible d'accéder au processus -> SecurityHealthService.exe
Impossible d'accéder au processus -> sepWscSvc64.exe
Impossible d'accéder au processus -> services.exe
Impossible d'accéder au processus -> SgrmBroker.exe
Impossible d'accéder au processus -> smss.exe
Impossible d'accéder au processus -> spoolsv.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> svchost.exe
Impossible d'accéder au processus -> unsecapp.exe
Impossible d'accéder au processus -> wininit.exe
Impossible d'accéder au processus -> winlogon.exe
Impossible d'accéder au processus -> wlanext.exe
Impossible d'accéder au processus -> WMIADAP.exe
Impossible d'accéder au processus -> WmiPrvSE.exe
Impossible d'accéder au processus -> WmiPrvSE.exe
Impossible d'accéder au processus -> ZeroConfigService.exe
==================== Registre (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)
HKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe"
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe"
HKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)
HKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)
HKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)
HKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)
HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)
Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]
ShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)
Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]
ShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction? <==== ATTENTION
==================== Tâches planifiées (liste blanche) ============
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (liste blanche) ====================
(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)
Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1
Tcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12
Tcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00
HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE
URLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant
SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL =
SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL =
SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6
SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C
BHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
Bord:
======
DownloadDir: C: Users Ethan Downloads
FireFox:
========
Plugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
Plugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Par défaut
Profil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]
Notifications CHR: Par défaut -> hxxps: //www.youtube.com
CHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"
Restauration de session CHR: Par défaut -> est activé.
Extension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]
Extension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]
Extension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]
Extension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]
Extension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]
Extension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]
Extension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]
Extension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
Extension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]
Extension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]
Extension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
Extension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]
Extension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]
Profil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]
==================== Services (liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)
S4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)
S3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)
R2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)
S3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)
S3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)
S3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)
R2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)
Lmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Lmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)
R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)
S3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)
R2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
R2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)
S4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)
S2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]
U4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]
U4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]
===================== Pilotes (sur liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)
R3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)
R3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)
R3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)
S3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)
S3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)
R1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)
R1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)
R1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)
R1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)
R1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)
R1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)
R2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)
S3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
R1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)
R1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)
S3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)
S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)
S3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]
==================== NetSvcs (liste blanche) ====================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
==================== Un mois (créé) ===================
(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)
2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt
2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST
2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe
2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys
2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys
2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys
2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump
2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt
2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip
2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG
2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys
2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys
2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr
2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin
2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip
2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools
2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk
2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk
2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe
2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI
2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime
2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame
2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe
2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip
2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable
2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip
2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk
2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp
2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb
2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4
2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX
2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library
2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager
2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover
2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys
2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee
2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732
2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b
2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06
2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6
2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a
2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache
2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software
2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c
2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD
2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a
2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD
2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings
2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de
2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae
2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87
2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4
2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9
2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335
2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41
2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8
2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096
2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4
2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019
2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656
2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b
2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea
2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff
2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776
2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4
2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19
2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c
2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada
2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e
2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5
2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a
2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C: b015b1b5cce422460fcedb4
2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c
2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8
2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21
2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68
2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73
2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb
2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C: 812b054302348352f
2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp
2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ
2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP
2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe
2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files
2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe
2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe
2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe
2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe
2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate
2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe
2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe
2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll
2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe
2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll
2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll
2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll
2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll
2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new
2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap
2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap
2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat
2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat
2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat
2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat
2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb
2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb
2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk
2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com
2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com
2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps
2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe
2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec
2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys
2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS
2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll
2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS
2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT
2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi
2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI
2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared
2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec
2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection
2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP
2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec
2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec
2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys
2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray
2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam
2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes
2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes
2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys
2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer
2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer
2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer
2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher
2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini
2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini
2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI
2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF
2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio
2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess
2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT
2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft
2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan
2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord
2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD
2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT
2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness
2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps
2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio
2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin
2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports
2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient
2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther
2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp
2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient
2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]
2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml
2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml
2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration
2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office
2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch
2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages
2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe
2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client
2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator
2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore
2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache
2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT
2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD
2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD
2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe
2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl
2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages
2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache
2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy
2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP
2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing
2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom
==================== Files in the root of some directories ========
2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log
2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel
==================== FLock ==============================
2020-05-13 20:50 C:PerfLogs
2020-06-12 19:49 C:WINDOWSsystem32config
2018-09-15 09:33 C:WINDOWSsystem32Configuration
2018-09-15 09:33 C:WINDOWSsystem32DriverState
2018-09-15 09:33 C:WINDOWSsystem32FxsTmp
2018-09-15 09:34 C:WINDOWSsystem32ias
2018-09-15 09:34 C:WINDOWSsystem32MsDtc
2018-09-15 09:33 C:WINDOWSsystem32networklist
2020-06-13 04:54 C:WINDOWSsystem32SleepStudy
2020-06-13 05:29 C:WINDOWSsystem32sru
2020-06-05 22:22 C:WINDOWSsystem32Tasks
2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated
2019-07-19 20:15 C:WINDOWSsystem32WDI
2020-06-12 19:57 C:Program FilesWindowsApps
2020-06-09 04:19 C:WINDOWSdiagerr.xml
2020-06-09 04:19 C:WINDOWSdiagwrn.xml
2019-05-05 07:38 C:WINDOWSInfusedApps
2020-06-12 03:02 C:WINDOWSLiveKernelReports
2020-02-15 18:45 C:WINDOWSMinidump
2018-09-15 09:33 C:WINDOWSModemLogs
2020-06-13 05:42 C:WINDOWSPrefetch
2019-05-04 22:10 C:WINDOWSServiceState
2020-06-13 05:41 C:WINDOWSTemp
2018-09-15 09:33 C:WINDOWSSysWOW64config
2018-09-15 09:33 C:WINDOWSSysWOW64Configuration
2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc
2018-09-15 09:33 C:WINDOWSSysWOW64networklist
2018-09-15 09:33 C:WINDOWSSysWOW64sru
2018-09-15 09:33 C:WINDOWSSysWOW64Tasks
2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData
2020-06-08 22:06 C:Usersdadministrator
2020-06-02 21:45 C:ProgramDataPackages
2019-05-04 21:44 C:ProgramDataUSOPrivate
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.
Access is denied.
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Ethan (13-06-2020 05:43:40)
Running from C:UsersEthanDesktop
Windows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)
dadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator
DefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)
Ethan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan
Guest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D
AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B
AS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
FW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)
7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)
AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)
Branding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden
Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)
Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)
EdgeDeflector (HKLM-x32…EdgeDeflector) (Version: – )
Epic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Glorious Model O Software (HKLM-x32…