Après le téléchargement accidentel d'un malware, l'ordinateur n'est plus le même – Bien choisir son serveur d impression

Author: Titanfall — 13 juin 2020

Short summary: J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 […]

Quick overview

Site: Tutos GameServer
Canonical URL: https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/
LLM HTML version: https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm
LLM JSON version: https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm.json
Manifest: https://tutos-gameserver.fr/llm-endpoints-manifest.json
Estimated reading time: 71 minutes (4245 seconds)
Word count: 14147

Key points

J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre.
Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute.
J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille.
J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus.

Primary visual

Après le téléchargement accidentel d'un malware, l'ordinateur n'est plus le même
– Bien choisir son serveur d impression — Main illustration associated with the content.

Structured content

J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:

Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020 Ran by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15) Exécution à partir de C: Users Ethan Desktop Profils chargés: Ethan Plateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis) Navigateur par défaut: Chrome Mode de démarrage: Normal

==================== Processus (liste blanche) =================

(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe (Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe (Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe (Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe (Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe (Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe (Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe (Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe (Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe (Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe Impossible d'accéder au processus -> amdlogsr.exe Impossible d'accéder au processus -> atieclxx.exe Impossible d'accéder au processus -> atiesrxx.exe Impossible d'accéder au processus -> ccSvcHst.exe Impossible d'accéder au processus -> conhost.exe Impossible d'accéder au processus -> crashpad_handler.exe Impossible d'accéder au processus -> crashpad_handler.exe Impossible d'accéder au processus -> csrss.exe Impossible d'accéder au processus -> csrss.exe Impossible d'accéder au processus -> dasHost.exe Impossible d'accéder au processus -> DAX3API.exe Impossible d'accéder au processus -> dllhost.exe Impossible d'accéder au processus -> dwm.exe Impossible d'accéder au processus -> EvtEng.exe Impossible d'accéder au processus -> FMService64.exe Impossible d'accéder au processus -> fontdrvhost.exe Impossible d'accéder au processus -> fontdrvhost.exe Impossible d'accéder au processus -> GoogleCrashHandler.exe Impossible d'accéder au processus -> GoogleCrashHandler64.exe Impossible d'accéder au processus -> LCD_Service.exe Impossible d'accéder au processus -> lsass.exe Impossible d'accéder au processus -> MateBookService.exe Impossible d'accéder au processus -> MBAMService.exe Impossible d'accéder au processus -> OfficeClickToRun.exe Impossible d'accéder au processus -> qengine.exe Impossible d'accéder au processus -> QUpdateService.exe Impossible d'accéder au processus -> RegSrvc.exe Impossible d'accéder au processus -> RtkAudUService64.exe Impossible d'accéder au processus -> RtkAudUService64.exe Impossible d'accéder au processus -> SearchFilterHost.exe Impossible d'accéder au processus -> SearchIndexer.exe Impossible d'accéder au processus -> SearchProtocolHost.exe Impossible d'accéder au processus -> SecurityHealthService.exe Impossible d'accéder au processus -> sepWscSvc64.exe Impossible d'accéder au processus -> services.exe Impossible d'accéder au processus -> SgrmBroker.exe Impossible d'accéder au processus -> smss.exe Impossible d'accéder au processus -> spoolsv.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> svchost.exe Impossible d'accéder au processus -> unsecapp.exe Impossible d'accéder au processus -> wininit.exe Impossible d'accéder au processus -> winlogon.exe Impossible d'accéder au processus -> wlanext.exe Impossible d'accéder au processus -> WMIADAP.exe Impossible d'accéder au processus -> WmiPrvSE.exe Impossible d'accéder au processus -> WmiPrvSE.exe Impossible d'accéder au processus -> ZeroConfigService.exe

==================== Registre (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.) HKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl) HKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies) HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5 HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com) HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe" HKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5 HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com) HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe" HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation) HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" HKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.) HKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.) HKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.) HKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.) HKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC) Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29] ShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier) Démarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13] ShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction? <==== ATTENTION

==================== Tâches planifiées (liste blanche) ============

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

==================== Internet (liste blanche) ====================

(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)

Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1 Tcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12 Tcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer: ================== HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00 HKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE URLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 SearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C BHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation) BHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

Bord: ====== DownloadDir: C: Users Ethan Downloads

FireFox: ======== Plugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation) Plugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation) Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Plugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: ======= CHR DefaultProfile: Par défaut Profil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13] Notifications CHR: Par défaut -> hxxps: //www.youtube.com CHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox" Restauration de session CHR: Par défaut -> est activé. Extension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27] Extension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27] Extension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21] Extension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27] Extension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30] Extension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30] Extension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28] Extension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03] Extension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11] Extension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05] Extension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30] Extension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24] Extension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28] Profil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]

==================== Services (liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->) S4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD) R2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.) S3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->) R2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation) R2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->) S3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia) S3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com) S3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com) R2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft) Lmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) Lmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->) R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes) S3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->) R2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies) R2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies) S4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation) R2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation) R2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation) S2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X] U4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X] U4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]

===================== Pilotes (sur liste blanche) ===================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->) R3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés) R3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés) R3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->) S3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.) R3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés) S3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->) R1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation) R1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com) R1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation) R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes) R1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation) R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes) R1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK) R1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies) R1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies) R2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio) S3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.) R1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation) R0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation) S0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation) R3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation) R1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation) R1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN) R1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation) S3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments) S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation) R3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei) S3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]

==================== NetSvcs (liste blanche) ====================

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

==================== Un mois (créé) ===================

(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)

2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt 2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST 2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe 2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys 2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys 2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys 2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump 2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt 2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip 2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG 2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys 2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys 2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr 2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin 2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip 2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools 2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk 2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk 2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe 2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI 2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime 2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame 2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe 2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip 2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable 2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip 2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk 2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp 2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb 2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4 2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX 2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library 2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager 2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover 2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys 2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee 2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732 2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b 2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06 2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6 2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a 2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache 2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software 2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c 2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD 2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a 2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD 2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings 2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de 2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae 2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87 2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4 2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9 2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335 2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41 2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8 2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096 2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4 2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019 2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656 2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b 2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea 2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff 2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776 2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4 2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19 2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c 2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada 2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e 2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5 2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a 2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4 2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c 2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8 2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21 2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68 2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73 2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb 2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f 2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp 2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ 2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP 2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe 2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files 2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe 2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe 2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe 2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe 2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys 2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys 2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate 2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe 2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe 2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll 2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe 2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll 2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll 2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll 2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll 2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new 2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap 2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap 2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat 2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat 2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat 2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat 2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb 2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb 2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk 2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com 2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com 2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps 2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe 2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec 2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys 2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS 2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll 2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS 2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT 2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi 2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI 2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared 2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec 2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection 2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP 2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec 2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec 2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys 2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys 2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk 2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray 2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam 2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys 2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes 2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes 2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys 2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer 2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer 2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer 2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher 2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini 2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini 2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI 2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF 2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio 2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess 2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT 2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft 2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft 2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan 2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord 2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy 2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD 2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT 2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness 2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps 2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio 2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin 2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports 2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient 2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther 2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp 2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient 2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com] 2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml 2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml 2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration 2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office 2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch 2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages 2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe 2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client 2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator 2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore 2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache 2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT 2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD 2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD 2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk 2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe 2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl 2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages 2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache 2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared 2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy 2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP 2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing 2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom

==================== Files in the root of some directories ========

2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log 2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel

==================== FLock ==============================

2020-05-13 20:50 C:PerfLogs 2020-06-12 19:49 C:WINDOWSsystem32config 2018-09-15 09:33 C:WINDOWSsystem32Configuration 2018-09-15 09:33 C:WINDOWSsystem32DriverState 2018-09-15 09:33 C:WINDOWSsystem32FxsTmp 2018-09-15 09:34 C:WINDOWSsystem32ias 2018-09-15 09:34 C:WINDOWSsystem32MsDtc 2018-09-15 09:33 C:WINDOWSsystem32networklist 2020-06-13 04:54 C:WINDOWSsystem32SleepStudy 2020-06-13 05:29 C:WINDOWSsystem32sru 2020-06-05 22:22 C:WINDOWSsystem32Tasks 2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated 2019-07-19 20:15 C:WINDOWSsystem32WDI 2020-06-12 19:57 C:Program FilesWindowsApps 2020-06-09 04:19 C:WINDOWSdiagerr.xml 2020-06-09 04:19 C:WINDOWSdiagwrn.xml 2019-05-05 07:38 C:WINDOWSInfusedApps 2020-06-12 03:02 C:WINDOWSLiveKernelReports 2020-02-15 18:45 C:WINDOWSMinidump 2018-09-15 09:33 C:WINDOWSModemLogs 2020-06-13 05:42 C:WINDOWSPrefetch 2019-05-04 22:10 C:WINDOWSServiceState 2020-06-13 05:41 C:WINDOWSTemp 2018-09-15 09:33 C:WINDOWSSysWOW64config 2018-09-15 09:33 C:WINDOWSSysWOW64Configuration 2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc 2018-09-15 09:33 C:WINDOWSSysWOW64networklist 2018-09-15 09:33 C:WINDOWSSysWOW64sru 2018-09-15 09:33 C:WINDOWSSysWOW64Tasks 2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData 2020-06-08 22:06 C:Usersdadministrator 2020-06-02 21:45 C:ProgramDataPackages 2019-05-04 21:44 C:ProgramDataUSOPrivate

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened. Access is denied.

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020 Ran by Ethan (13-06-2020 05:43:40) Running from C:UsersEthanDesktop Windows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29) Boot Mode: Normal ==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled) dadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator DefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled) Ethan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan Guest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled) WDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46 AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B AS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46 FW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer) 7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov) AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.) ASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach) Branding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.) Discord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.) EdgeDeflector (HKLM-x32…EdgeDeflector) (Version: – ) Epic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden Glorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.) GOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version: – GOG.com) Google Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC) Google Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden Intel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation) Java 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation) KeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl) Launcher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden Logger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology) Logitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech) Lunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC) Lunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC) Malwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes) Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation) Minecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang) Minecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang) OEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden PC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.) Popcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time) Popcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time) Qustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden Qustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio) Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.) Symantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation) Terraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com) TI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.) Vulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden WDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.) Windows Driver Package – Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.) Windows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.) Wizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.) Wizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.) Zoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.) Zoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)

Packages: ========= Adobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated) Arduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC) Dolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories) Dolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad] MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp) Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47] CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File ContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> ) ContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1" ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default" ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default" ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default ShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj

==================== Loaded Modules (Whitelisted) =============

2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll 2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll 2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll 2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll 2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll 2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818] AlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118] AlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service" HKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver" HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service" HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts

2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics 2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703 135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156 68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788 192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328 192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941 192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162 45 162

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH HKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper DNS Servers: 68.105.28.11 – 68.105.29.11 HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: ) Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess" HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess" HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File FirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File FirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File FirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File FirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed] FirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File FirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File FirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File FirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File FirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe FirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe FirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated) FirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated) FirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File FirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File FirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File FirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File FirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe FirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe FirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File FirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File FirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated) FirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated) FirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe FirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe FirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> ) FirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> ) FirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe FirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe FirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe FirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe FirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File FirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File FirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> ) FirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation) FirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation) FirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation) FirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation) FirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC) FirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File FirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File FirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File FirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File FirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%) Check "VSS" service

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors: ================== Error: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: ) Description: Memory Exploit Mitigation is malfunctioning

Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: ) Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: ) Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: ) Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan. Action: Quarantine failed : Leave Alone failed. Action Description: Reboot Processing

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: ) Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan. Action: Quarantine failed : Leave Alone failed. Action Description: Reboot Processing

Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: ) Description: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan. Action: Quarantine failed : Leave Alone failed. Action Description: Reboot Processing

System errors: ============= Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID E579AB5F-1CC4-44B4-BED9-DE0991FF0623 and APPID 56BE716B-2F76-4DFA-8702-67AE10044F0B to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID E579AB5F-1CC4-44B4-BED9-DE0991FF0623 and APPID 56BE716B-2F76-4DFA-8702-67AE10044F0B to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID E579AB5F-1CC4-44B4-BED9-DE0991FF0623 and APPID 56BE716B-2F76-4DFA-8702-67AE10044F0B to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity: ===================================

Date: 2020-06-13 05:28:55.962 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.958 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.695 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:55.690 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.476 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.473 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.462 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-13 05:28:43.458 La description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: HUAWEI 1.22 02/26/2019 Motherboard: HUAWEI KPL-W0X Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx Percentage of memory in use: 60% Total physical RAM: 7069.58 MB Available physical RAM: 2819.71 MB Total Virtual: 17309.58 MB Available Virtual: 11480.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS

\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS \?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Click to rate this post! [Total: 0 Average: 0]

Topics and keywords

Themes: Serveur d'impression

License & attribution

License: CC BY-ND 4.0.

Attribution required: yes.

Manifest: https://tutos-gameserver.fr/llm-endpoints-manifest.json

LLM Endpoints plugin version 1.1.2.