{"version":"1.1","schema_version":"1.1.0","plugin_version":"1.1.2","url":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/","llm_html_url":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm","llm_json_url":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm.json","manifest_url":"https://tutos-gameserver.fr/llm-endpoints-manifest.json","language":"fr-FR","locale":"fr_FR","title":"Après le téléchargement accidentel d'un malware, l'ordinateur n'est plus le même\n – Bien choisir son serveur d impression","site":{"name":"Tutos GameServer","url":"https://tutos-gameserver.fr/"},"author":{"id":1,"name":"Titanfall","url":"https://tutos-gameserver.fr/author/titanfall/"},"published_at":"2020-06-13T11:32:51+00:00","modified_at":"2020-06-13T11:32:51+00:00","word_count":14147,"reading_time_seconds":4245,"summary":"J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 […]","summary_points":["J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre.","Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute.","J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille.","J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus."],"topics":["Serveur d'impression"],"entities":[],"entities_metadata":[{"id":10,"name":"Serveur d'impression","slug":"serveur-dimpression","taxonomy":"category","count":3907,"url":"https://tutos-gameserver.fr/category/serveur-dimpression/"}],"tags":["Serveur d'impression"],"content_hash":"e7b9f98ba455f6f182aca13553269495","plain_text":"J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:\n\nRésultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020\nRan by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)\nExécution à partir de C: Users Ethan Desktop\nProfils chargés: Ethan\nPlateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)\nNavigateur par défaut: Chrome\nMode de démarrage: Normal\n\n==================== Processus (liste blanche) =================\n\n(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)\n\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe\n(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe \n(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe\n(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe\n(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe\n(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe\n(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe\n(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe\n(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe\nImpossible d'accéder au processus -> amdlogsr.exe\nImpossible d'accéder au processus -> atieclxx.exe\nImpossible d'accéder au processus -> atiesrxx.exe\nImpossible d'accéder au processus -> ccSvcHst.exe\nImpossible d'accéder au processus -> conhost.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> dasHost.exe\nImpossible d'accéder au processus -> DAX3API.exe\nImpossible d'accéder au processus -> dllhost.exe\nImpossible d'accéder au processus -> dwm.exe\nImpossible d'accéder au processus -> EvtEng.exe\nImpossible d'accéder au processus -> FMService64.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> GoogleCrashHandler.exe\nImpossible d'accéder au processus -> GoogleCrashHandler64.exe\nImpossible d'accéder au processus -> LCD_Service.exe\nImpossible d'accéder au processus -> lsass.exe\nImpossible d'accéder au processus -> MateBookService.exe\nImpossible d'accéder au processus -> MBAMService.exe\nImpossible d'accéder au processus -> OfficeClickToRun.exe\nImpossible d'accéder au processus -> qengine.exe\nImpossible d'accéder au processus -> QUpdateService.exe\nImpossible d'accéder au processus -> RegSrvc.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> SearchFilterHost.exe\nImpossible d'accéder au processus -> SearchIndexer.exe\nImpossible d'accéder au processus -> SearchProtocolHost.exe\nImpossible d'accéder au processus -> SecurityHealthService.exe\nImpossible d'accéder au processus -> sepWscSvc64.exe\nImpossible d'accéder au processus -> services.exe\nImpossible d'accéder au processus -> SgrmBroker.exe\nImpossible d'accéder au processus -> smss.exe\nImpossible d'accéder au processus -> spoolsv.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> unsecapp.exe\nImpossible d'accéder au processus -> wininit.exe\nImpossible d'accéder au processus -> winlogon.exe\nImpossible d'accéder au processus -> wlanext.exe\nImpossible d'accéder au processus -> WMIADAP.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> ZeroConfigService.exe\n\n==================== Registre (liste blanche) ===================\n\n(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)\n\nHKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)\nHKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)\nHKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)\nHKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)\nHKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" \nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" \nHKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]\nShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]\nShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)\nGroupPolicy: Restriction? <==== ATTENTION\n\n==================== Tâches planifiées (liste blanche) ============\n\n(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)\n\n(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)\n\n==================== Internet (liste blanche) ====================\n\n(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)\n\nTcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1\nTcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12\nTcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4\n\nInternet Explorer:\n==================\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE\nURLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant\nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C \nBHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nBHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nBHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nHandler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\n\nBord: \n======\nDownloadDir: C: Users Ethan Downloads\n\nFireFox:\n========\nPlugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nPlugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nFF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\n\nChrome: \n=======\nCHR DefaultProfile: Par défaut\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]\nNotifications CHR: Par défaut -> hxxps: //www.youtube.com\nCHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"\nRestauration de session CHR: Par défaut -> est activé.\nExtension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]\nExtension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]\nExtension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]\nExtension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]\nExtension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]\nExtension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]\nExtension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]\nExtension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]\nExtension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]\nExtension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]\nExtension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]\nExtension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]\nExtension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]\n\n==================== Services (liste blanche) ===================\n\n(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)\n\nS3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)\nS4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)\nR2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)\nR2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)\nS3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)\nR2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)\nR2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)\nS3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)\nR2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)\nS3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nS3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nR2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)\nLmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nLmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)\nR2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)\nS3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)\nR2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nS4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nS3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)\nS2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]\nU4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]\nU4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]\n\n===================== Pilotes (sur liste blanche) ===================\n\n(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)\n\nS3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)\nR3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)\nS3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)\nR3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nS3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)\nR1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)\nR1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)\nR1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)\nR1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nR1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)\nR2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)\nS0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)\nR3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)\nR1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)\nS3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)\nR1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)\nR3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)\nR1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)\nS3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)\nS3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nS3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nR3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)\nS3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]\n\n==================== NetSvcs (liste blanche) ====================\n\n(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)\n\n==================== Un mois (créé) ===================\n\n(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)\n\n2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt\n2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST\n2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe\n2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump\n2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt\n2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip\n2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG\n2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys\n2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys\n2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr\n2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin\n2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip\n2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk\n2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe\n2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI\n2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime\n2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame\n2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe\n2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip\n2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable\n2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip\n2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk\n2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp\n2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb\n2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4\n2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX\n2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys\n2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee\n2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732\n2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b\n2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06\n2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6\n2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a\n2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache\n2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software\n2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c\n2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD\n2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a\n2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD\n2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings\n2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de\n2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae\n2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87\n2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4\n2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9\n2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335\n2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41\n2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8\n2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096\n2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4\n2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019\n2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656\n2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b\n2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea\n2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff\n2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776\n2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4\n2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19\n2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c\n2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada\n2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e\n2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5\n2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a\n2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4\n2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c\n2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8\n2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21\n2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68\n2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73\n2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb\n2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f\n2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp\n2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP\n2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe\n2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files\n2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe\n2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe\n2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe\n2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe\n2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys\n2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys\n2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate\n2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe\n2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe\n2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll\n2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new\n2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap\n2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb\n2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk\n2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com\n2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com\n2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps\n2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe\n2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec\n2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys\n2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared\n2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec\n2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec\n2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys\n2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys\n2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam\n2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes\n2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher\n2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom\n\n==================== One month (modified) ==================\n\n(If an entry is included in the fixlist, the file/folder will be moved.)\n\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini\n2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI\n2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF\n2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio\n2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess\n2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT\n2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft\n2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft\n2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan\n2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord\n2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy\n2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD\n2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT\n2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness\n2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps\n2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio\n2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin\n2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports\n2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient\n2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther\n2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp\n2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient\n2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml\n2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration\n2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office\n2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch\n2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages\n2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe\n2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client\n2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator\n2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore\n2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache\n2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT\n2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD\n2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD\n2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk\n2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe\n2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl\n2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages\n2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache\n2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared\n2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy\n2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP\n2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing\n2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom\n\n==================== Files in the root of some directories ========\n\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log\n2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel\n\n==================== FLock ==============================\n\n2020-05-13 20:50 C:PerfLogs\n2020-06-12 19:49 C:WINDOWSsystem32config\n2018-09-15 09:33 C:WINDOWSsystem32Configuration\n2018-09-15 09:33 C:WINDOWSsystem32DriverState\n2018-09-15 09:33 C:WINDOWSsystem32FxsTmp\n2018-09-15 09:34 C:WINDOWSsystem32ias\n2018-09-15 09:34 C:WINDOWSsystem32MsDtc\n2018-09-15 09:33 C:WINDOWSsystem32networklist\n2020-06-13 04:54 C:WINDOWSsystem32SleepStudy\n2020-06-13 05:29 C:WINDOWSsystem32sru\n2020-06-05 22:22 C:WINDOWSsystem32Tasks\n2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated\n2019-07-19 20:15 C:WINDOWSsystem32WDI\n2020-06-12 19:57 C:Program FilesWindowsApps\n2020-06-09 04:19 C:WINDOWSdiagerr.xml\n2020-06-09 04:19 C:WINDOWSdiagwrn.xml\n2019-05-05 07:38 C:WINDOWSInfusedApps\n2020-06-12 03:02 C:WINDOWSLiveKernelReports\n2020-02-15 18:45 C:WINDOWSMinidump\n2018-09-15 09:33 C:WINDOWSModemLogs\n2020-06-13 05:42 C:WINDOWSPrefetch\n2019-05-04 22:10 C:WINDOWSServiceState\n2020-06-13 05:41 C:WINDOWSTemp\n2018-09-15 09:33 C:WINDOWSSysWOW64config\n2018-09-15 09:33 C:WINDOWSSysWOW64Configuration\n2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc\n2018-09-15 09:33 C:WINDOWSSysWOW64networklist\n2018-09-15 09:33 C:WINDOWSSysWOW64sru\n2018-09-15 09:33 C:WINDOWSSysWOW64Tasks\n2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData\n2020-06-08 22:06 C:Usersdadministrator\n2020-06-02 21:45 C:ProgramDataPackages\n2019-05-04 21:44 C:ProgramDataUSOPrivate\n\n==================== SigCheck ============================\n\n(There is no automatic fix for files that do not pass verification.)\n\n\nATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.\nAccess is denied.\n\n==================== End of FRST.txt ========================\n\n\nAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020\nRan by Ethan (13-06-2020 05:43:40)\nRunning from C:UsersEthanDesktop\nWindows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)\nBoot Mode: Normal\n==========================================================\n\n==================== Accounts: =============================\n\nAdministrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)\ndadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator\nDefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)\nEthan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan\nGuest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)\nWDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)\n\n==================== Security Center ========================\n\n(If an entry is included in the fixlist, it will be removed.)\n\nAV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D\nAV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nAV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B\nAS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nFW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6\n\n==================== Installed Programs ======================\n\n(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)\n\n3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)\n7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)\nAMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)\nASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)\nBranding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)\nEdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )\nEpic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nGlorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)\nGOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)\nGoogle Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)\nGoogle Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden\nIntel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)\nJava 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)\nKeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)\nLauncher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nLogger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)\nLogitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nMalwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)\nMicrosoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)\nMinecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)\nMinecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)\nOEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)\nOffice 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nPC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nQustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden\nQustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)\nRealtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)\nSymantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)\nTerraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)\nTI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)\nVulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden\nVulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden\nWDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)\nWindows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)\nWindows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\n\nPackages:\n=========\nAdobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)\nArduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)\nDolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nDolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nPhotos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nRealtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)\nSpotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]\n\n==================== Custom CLSID (Whitelisted): ==============\n\n(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)\n\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )\nContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\n\n==================== Codecs (Whitelisted) ====================\n\n==================== Shortcuts & WMI ========================\n\n(The entries could be listed to be restored or removed.)\n\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj\n\n==================== Loaded Modules (Whitelisted) =============\n\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll\n2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll\n2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll\n\n==================== Alternate Data Streams (Whitelisted) ========\n\n(If an entry is included in the fixlist, only the ADS will be removed.)\n\nAlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]\nAlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]\nAlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]\n\n==================== Safe Mode (Whitelisted) ==================\n\n(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)\n\nHKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"\n\n==================== Association (Whitelisted) =================\n\n==================== Internet Explorer trusted/restricted ==========\n\n==================== Hosts content: =========================\n\n(If needed Hosts: directive could be included in the fixlist to reset Hosts.)\n\n2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts\n\n2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics\n2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703\n135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156\n68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788\n192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328\n192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941\n192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162\n45 162\n\n==================== Other Areas ===========================\n\n(Currently there is no automatic fix for this section.)\n\nHKLMSystemCurrentControlSetControlSession ManagerEnvironment\\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nDNS Servers: 68.105.28.11 – 68.105.29.11\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )\nWindows Firewall is enabled.\n\n==================== MSCONFIG/TASK MANAGER disabled items ==\n\n(If an entry is included in the fixlist, it will be removed.)\n\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"\n\n==================== FirewallRules (Whitelisted) ================\n\n(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)\n\nFirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )\nFirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)\nFirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )\nFirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)\nFirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File\nFirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File\nFirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File\nFirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File\nFirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File\n\n==================== Restore Points =========================\n\nATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)\nCheck "VSS" service\n\n==================== Faulty Device Manager Devices ============\n\n==================== Event log errors: ========================\n\nApplication errors:\n==================\nError: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )\nDescription: Memory Exploit Mitigation is malfunctioning\n\nError: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.\n\nError: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.\n\nError: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing\n\nError: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing\n\nError: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing\n\nError: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing\n\nError: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing\n\nSystem errors:\n=============\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.SecurityAppBroker\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nError: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.WscBrokerManager\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.\n\nCodeIntegrity:\n===================================\n\nDate: 2020-06-13 05:28:55.962\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:55.958\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:55.695\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:55.690\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:43.476\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:43.473\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:43.462\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\nDate: 2020-06-13 05:28:43.458\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.\n\n==================== Memory info =========================== \n\nBIOS: HUAWEI 1.22 02/26/2019\nMotherboard: HUAWEI KPL-W0X\nProcessor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx \nPercentage of memory in use: 60%\nTotal physical RAM: 7069.58 MB\nAvailable physical RAM: 2819.71 MB\nTotal Virtual: 17309.58 MB\nAvailable Virtual: 11480.89 MB\n\n==================== Drives ================================\n\nDrive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS\n\n\\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS\n\\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32\n\n==================== MBR & Partition Table ====================\n\n==================== End of Addition.txt =======================\n\n\n\n\nClick to rate this post!\r\n \r\n [Total: 0 Average: 0]","paragraphs":["J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:","Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020\nRan by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)\nExécution à partir de C: Users Ethan Desktop\nProfils chargés: Ethan\nPlateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)\nNavigateur par défaut: Chrome\nMode de démarrage: Normal","==================== Processus (liste blanche) =================","(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)","(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe\n(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe \n(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe\n(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe\n(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe\n(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe\n(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe\n(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe\n(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe\nImpossible d'accéder au processus -> amdlogsr.exe\nImpossible d'accéder au processus -> atieclxx.exe\nImpossible d'accéder au processus -> atiesrxx.exe\nImpossible d'accéder au processus -> ccSvcHst.exe\nImpossible d'accéder au processus -> conhost.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> dasHost.exe\nImpossible d'accéder au processus -> DAX3API.exe\nImpossible d'accéder au processus -> dllhost.exe\nImpossible d'accéder au processus -> dwm.exe\nImpossible d'accéder au processus -> EvtEng.exe\nImpossible d'accéder au processus -> FMService64.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> GoogleCrashHandler.exe\nImpossible d'accéder au processus -> GoogleCrashHandler64.exe\nImpossible d'accéder au processus -> LCD_Service.exe\nImpossible d'accéder au processus -> lsass.exe\nImpossible d'accéder au processus -> MateBookService.exe\nImpossible d'accéder au processus -> MBAMService.exe\nImpossible d'accéder au processus -> OfficeClickToRun.exe\nImpossible d'accéder au processus -> qengine.exe\nImpossible d'accéder au processus -> QUpdateService.exe\nImpossible d'accéder au processus -> RegSrvc.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> SearchFilterHost.exe\nImpossible d'accéder au processus -> SearchIndexer.exe\nImpossible d'accéder au processus -> SearchProtocolHost.exe\nImpossible d'accéder au processus -> SecurityHealthService.exe\nImpossible d'accéder au processus -> sepWscSvc64.exe\nImpossible d'accéder au processus -> services.exe\nImpossible d'accéder au processus -> SgrmBroker.exe\nImpossible d'accéder au processus -> smss.exe\nImpossible d'accéder au processus -> spoolsv.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> unsecapp.exe\nImpossible d'accéder au processus -> wininit.exe\nImpossible d'accéder au processus -> winlogon.exe\nImpossible d'accéder au processus -> wlanext.exe\nImpossible d'accéder au processus -> WMIADAP.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> ZeroConfigService.exe","==================== Registre (liste blanche) ===================","(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)","HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)\nHKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)\nHKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)\nHKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)\nHKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" \nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" \nHKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]\nShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]\nShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)\nGroupPolicy: Restriction? <==== ATTENTION","==================== Tâches planifiées (liste blanche) ============","(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)","==================== Internet (liste blanche) ====================","(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)","Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1\nTcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12\nTcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4","Internet Explorer:\n==================\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE\nURLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant\nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C \nBHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nBHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nBHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nHandler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)","Bord: \n======\nDownloadDir: C: Users Ethan Downloads","FireFox:\n========\nPlugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nPlugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nFF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)","Chrome: \n=======\nCHR DefaultProfile: Par défaut\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]\nNotifications CHR: Par défaut -> hxxps: //www.youtube.com\nCHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"\nRestauration de session CHR: Par défaut -> est activé.\nExtension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]\nExtension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]\nExtension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]\nExtension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]\nExtension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]\nExtension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]\nExtension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]\nExtension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]\nExtension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]\nExtension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]\nExtension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]\nExtension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]\nExtension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]","==================== Services (liste blanche) ===================","(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)\nS4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)\nR2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)\nR2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)\nS3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)\nR2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)\nR2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)\nS3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)\nR2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)\nS3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nS3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nR2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)\nLmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nLmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)\nR2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)\nS3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)\nR2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nS4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nS3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)\nS2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]\nU4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]\nU4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]","===================== Pilotes (sur liste blanche) ===================","(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)\nR3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)\nS3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)\nR3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nS3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)\nR1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)\nR1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)\nR1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)\nR1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nR1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)\nR2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)\nS0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)\nR3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)\nR1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)\nS3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)\nR1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)\nR3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)\nR1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)\nS3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)\nS3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nS3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nR3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)\nS3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]","==================== NetSvcs (liste blanche) ====================","(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","==================== Un mois (créé) ===================","(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)","2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt\n2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST\n2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe\n2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump\n2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt\n2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip\n2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG\n2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys\n2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys\n2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr\n2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin\n2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip\n2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk\n2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe\n2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI\n2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime\n2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame\n2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe\n2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip\n2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable\n2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip\n2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk\n2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp\n2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb\n2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4\n2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX\n2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys\n2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee\n2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732\n2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b\n2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06\n2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6\n2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a\n2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache\n2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software\n2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c\n2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD\n2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a\n2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD\n2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings\n2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de\n2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae\n2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87\n2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4\n2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9\n2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335\n2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41\n2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8\n2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096\n2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4\n2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019\n2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656\n2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b\n2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea\n2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff\n2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776\n2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4\n2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19\n2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c\n2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada\n2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e\n2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5\n2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a\n2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4\n2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c\n2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8\n2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21\n2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68\n2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73\n2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb\n2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f\n2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp\n2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP\n2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe\n2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files\n2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe\n2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe\n2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe\n2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe\n2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys\n2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys\n2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate\n2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe\n2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe\n2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll\n2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new\n2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap\n2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb\n2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk\n2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com\n2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com\n2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps\n2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe\n2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec\n2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys\n2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared\n2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec\n2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec\n2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys\n2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys\n2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam\n2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes\n2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher\n2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom","==================== One month (modified) ==================","(If an entry is included in the fixlist, the file/folder will be moved.)","2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini\n2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI\n2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF\n2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio\n2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess\n2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT\n2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft\n2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft\n2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan\n2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord\n2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy\n2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD\n2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT\n2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness\n2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps\n2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio\n2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin\n2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports\n2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient\n2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther\n2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp\n2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient\n2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml\n2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration\n2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office\n2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch\n2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages\n2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe\n2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client\n2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator\n2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore\n2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache\n2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT\n2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD\n2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD\n2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk\n2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe\n2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl\n2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages\n2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache\n2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared\n2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy\n2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP\n2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing\n2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom","==================== Files in the root of some directories ========","2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log\n2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel","==================== FLock ==============================","2020-05-13 20:50 C:PerfLogs\n2020-06-12 19:49 C:WINDOWSsystem32config\n2018-09-15 09:33 C:WINDOWSsystem32Configuration\n2018-09-15 09:33 C:WINDOWSsystem32DriverState\n2018-09-15 09:33 C:WINDOWSsystem32FxsTmp\n2018-09-15 09:34 C:WINDOWSsystem32ias\n2018-09-15 09:34 C:WINDOWSsystem32MsDtc\n2018-09-15 09:33 C:WINDOWSsystem32networklist\n2020-06-13 04:54 C:WINDOWSsystem32SleepStudy\n2020-06-13 05:29 C:WINDOWSsystem32sru\n2020-06-05 22:22 C:WINDOWSsystem32Tasks\n2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated\n2019-07-19 20:15 C:WINDOWSsystem32WDI\n2020-06-12 19:57 C:Program FilesWindowsApps\n2020-06-09 04:19 C:WINDOWSdiagerr.xml\n2020-06-09 04:19 C:WINDOWSdiagwrn.xml\n2019-05-05 07:38 C:WINDOWSInfusedApps\n2020-06-12 03:02 C:WINDOWSLiveKernelReports\n2020-02-15 18:45 C:WINDOWSMinidump\n2018-09-15 09:33 C:WINDOWSModemLogs\n2020-06-13 05:42 C:WINDOWSPrefetch\n2019-05-04 22:10 C:WINDOWSServiceState\n2020-06-13 05:41 C:WINDOWSTemp\n2018-09-15 09:33 C:WINDOWSSysWOW64config\n2018-09-15 09:33 C:WINDOWSSysWOW64Configuration\n2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc\n2018-09-15 09:33 C:WINDOWSSysWOW64networklist\n2018-09-15 09:33 C:WINDOWSSysWOW64sru\n2018-09-15 09:33 C:WINDOWSSysWOW64Tasks\n2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData\n2020-06-08 22:06 C:Usersdadministrator\n2020-06-02 21:45 C:ProgramDataPackages\n2019-05-04 21:44 C:ProgramDataUSOPrivate","==================== SigCheck ============================","(There is no automatic fix for files that do not pass verification.)","ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.\nAccess is denied.","==================== End of FRST.txt ========================","Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020\nRan by Ethan (13-06-2020 05:43:40)\nRunning from C:UsersEthanDesktop\nWindows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)\nBoot Mode: Normal\n==========================================================","==================== Accounts: =============================","Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)\ndadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator\nDefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)\nEthan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan\nGuest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)\nWDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)","==================== Security Center ========================","(If an entry is included in the fixlist, it will be removed.)","AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D\nAV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nAV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B\nAS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nFW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6","==================== Installed Programs ======================","(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)","3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)\n7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)\nAMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)\nASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)\nBranding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)\nEdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )\nEpic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nGlorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)\nGOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)\nGoogle Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)\nGoogle Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden\nIntel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)\nJava 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)\nKeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)\nLauncher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nLogger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)\nLogitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nMalwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)\nMicrosoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)\nMinecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)\nMinecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)\nOEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)\nOffice 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nPC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nQustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden\nQustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)\nRealtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)\nSymantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)\nTerraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)\nTI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)\nVulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden\nVulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden\nWDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)\nWindows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)\nWindows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)","Packages:\n=========\nAdobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)\nArduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)\nDolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nDolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nPhotos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nRealtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)\nSpotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]","==================== Custom CLSID (Whitelisted): ==============","(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)","CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )\nContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)","==================== Codecs (Whitelisted) ====================","==================== Shortcuts & WMI ========================","(The entries could be listed to be restored or removed.)","ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj","==================== Loaded Modules (Whitelisted) =============","2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll\n2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll\n2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll","==================== Alternate Data Streams (Whitelisted) ========","(If an entry is included in the fixlist, only the ADS will be removed.)","AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]\nAlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]\nAlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]","==================== Safe Mode (Whitelisted) ==================","(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)","HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"","==================== Association (Whitelisted) =================","==================== Internet Explorer trusted/restricted ==========","==================== Hosts content: =========================","(If needed Hosts: directive could be included in the fixlist to reset Hosts.)","2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts","2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics\n2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703\n135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156\n68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788\n192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328\n192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941\n192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162\n45 162","==================== Other Areas ===========================","(Currently there is no automatic fix for this section.)","HKLMSystemCurrentControlSetControlSession ManagerEnvironment\\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nDNS Servers: 68.105.28.11 – 68.105.29.11\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )\nWindows Firewall is enabled.","==================== MSCONFIG/TASK MANAGER disabled items ==","(If an entry is included in the fixlist, it will be removed.)","HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"","==================== FirewallRules (Whitelisted) ================","(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)","FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )\nFirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)\nFirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )\nFirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)\nFirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File\nFirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File\nFirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File\nFirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File\nFirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File","==================== Restore Points =========================","ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)\nCheck "VSS" service","==================== Faulty Device Manager Devices ============","==================== Event log errors: ========================","Application errors:\n==================\nError: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )\nDescription: Memory Exploit Mitigation is malfunctioning","Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.","Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.","Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","System errors:\n=============\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.SecurityAppBroker\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.WscBrokerManager\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","CodeIntegrity:\n===================================","Date: 2020-06-13 05:28:55.962\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:55.958\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:55.695\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:55.690\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:43.476\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:43.473\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:43.462\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","Date: 2020-06-13 05:28:43.458\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","==================== Memory info ===========================","BIOS: HUAWEI 1.22 02/26/2019\nMotherboard: HUAWEI KPL-W0X\nProcessor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx \nPercentage of memory in use: 60%\nTotal physical RAM: 7069.58 MB\nAvailable physical RAM: 2819.71 MB\nTotal Virtual: 17309.58 MB\nAvailable Virtual: 11480.89 MB","==================== Drives ================================","Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS","\\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS\n\\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32","==================== MBR & Partition Table ====================","==================== End of Addition.txt =======================","Click to rate this post!\n \n [Total: 0 Average: 0]"],"content_blocks":[{"id":"text-1","type":"text","heading":"","plain_text":"J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:","html":"

J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:

"},{"id":"text-2","type":"text","heading":"","plain_text":"Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020\nRan by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)\nExécution à partir de C: Users Ethan Desktop\nProfils chargés: Ethan\nPlateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)\nNavigateur par défaut: Chrome\nMode de démarrage: Normal","html":"

Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020\nRan by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)\nExécution à partir de C: Users Ethan Desktop\nProfils chargés: Ethan\nPlateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)\nNavigateur par défaut: Chrome\nMode de démarrage: Normal

"},{"id":"text-3","type":"text","heading":"","plain_text":"==================== Processus (liste blanche) =================","html":"

==================== Processus (liste blanche) =================

"},{"id":"text-4","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)","html":"

(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)

"},{"id":"text-5","type":"text","heading":"","plain_text":"(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe\n(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe \n(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe\n(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe\n(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe\n(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe\n(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe\n(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe\n(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe\nImpossible d'accéder au processus -> amdlogsr.exe\nImpossible d'accéder au processus -> atieclxx.exe\nImpossible d'accéder au processus -> atiesrxx.exe\nImpossible d'accéder au processus -> ccSvcHst.exe\nImpossible d'accéder au processus -> conhost.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> dasHost.exe\nImpossible d'accéder au processus -> DAX3API.exe\nImpossible d'accéder au processus -> dllhost.exe\nImpossible d'accéder au processus -> dwm.exe\nImpossible d'accéder au processus -> EvtEng.exe\nImpossible d'accéder au processus -> FMService64.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> GoogleCrashHandler.exe\nImpossible d'accéder au processus -> GoogleCrashHandler64.exe\nImpossible d'accéder au processus -> LCD_Service.exe\nImpossible d'accéder au processus -> lsass.exe\nImpossible d'accéder au processus -> MateBookService.exe\nImpossible d'accéder au processus -> MBAMService.exe\nImpossible d'accéder au processus -> OfficeClickToRun.exe\nImpossible d'accéder au processus -> qengine.exe\nImpossible d'accéder au processus -> QUpdateService.exe\nImpossible d'accéder au processus -> RegSrvc.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> SearchFilterHost.exe\nImpossible d'accéder au processus -> SearchIndexer.exe\nImpossible d'accéder au processus -> SearchProtocolHost.exe\nImpossible d'accéder au processus -> SecurityHealthService.exe\nImpossible d'accéder au processus -> sepWscSvc64.exe\nImpossible d'accéder au processus -> services.exe\nImpossible d'accéder au processus -> SgrmBroker.exe\nImpossible d'accéder au processus -> smss.exe\nImpossible d'accéder au processus -> spoolsv.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> unsecapp.exe\nImpossible d'accéder au processus -> wininit.exe\nImpossible d'accéder au processus -> winlogon.exe\nImpossible d'accéder au processus -> wlanext.exe\nImpossible d'accéder au processus -> WMIADAP.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> ZeroConfigService.exe","html":"

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe\n(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe \n(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe\n(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe\n(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe\n(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe\n(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe\n(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe\n(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe\nImpossible d'accéder au processus -> amdlogsr.exe\nImpossible d'accéder au processus -> atieclxx.exe\nImpossible d'accéder au processus -> atiesrxx.exe\nImpossible d'accéder au processus -> ccSvcHst.exe\nImpossible d'accéder au processus -> conhost.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> dasHost.exe\nImpossible d'accéder au processus -> DAX3API.exe\nImpossible d'accéder au processus -> dllhost.exe\nImpossible d'accéder au processus -> dwm.exe\nImpossible d'accéder au processus -> EvtEng.exe\nImpossible d'accéder au processus -> FMService64.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> GoogleCrashHandler.exe\nImpossible d'accéder au processus -> GoogleCrashHandler64.exe\nImpossible d'accéder au processus -> LCD_Service.exe\nImpossible d'accéder au processus -> lsass.exe\nImpossible d'accéder au processus -> MateBookService.exe\nImpossible d'accéder au processus -> MBAMService.exe\nImpossible d'accéder au processus -> OfficeClickToRun.exe\nImpossible d'accéder au processus -> qengine.exe\nImpossible d'accéder au processus -> QUpdateService.exe\nImpossible d'accéder au processus -> RegSrvc.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> SearchFilterHost.exe\nImpossible d'accéder au processus -> SearchIndexer.exe\nImpossible d'accéder au processus -> SearchProtocolHost.exe\nImpossible d'accéder au processus -> SecurityHealthService.exe\nImpossible d'accéder au processus -> sepWscSvc64.exe\nImpossible d'accéder au processus -> services.exe\nImpossible d'accéder au processus -> SgrmBroker.exe\nImpossible d'accéder au processus -> smss.exe\nImpossible d'accéder au processus -> spoolsv.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> unsecapp.exe\nImpossible d'accéder au processus -> wininit.exe\nImpossible d'accéder au processus -> winlogon.exe\nImpossible d'accéder au processus -> wlanext.exe\nImpossible d'accéder au processus -> WMIADAP.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> ZeroConfigService.exe

"},{"id":"text-6","type":"text","heading":"","plain_text":"==================== Registre (liste blanche) ===================","html":"

==================== Registre (liste blanche) ===================

"},{"id":"text-7","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)","html":"

(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)

"},{"id":"text-8","type":"text","heading":"","plain_text":"HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)\nHKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)\nHKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)\nHKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)\nHKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" \nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" \nHKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]\nShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]\nShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)\nGroupPolicy: Restriction? <==== ATTENTION","html":"

HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)\nHKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)\nHKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)\nHKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)\nHKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" \nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" \nHKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]\nShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]\nShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)\nGroupPolicy: Restriction? <==== ATTENTION

"},{"id":"text-9","type":"text","heading":"","plain_text":"==================== Tâches planifiées (liste blanche) ============","html":"

==================== Tâches planifiées (liste blanche) ============

"},{"id":"text-10","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","html":"

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

"},{"id":"text-11","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)","html":"

(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

"},{"id":"text-12","type":"text","heading":"","plain_text":"==================== Internet (liste blanche) ====================","html":"

==================== Internet (liste blanche) ====================

"},{"id":"text-13","type":"text","heading":"","plain_text":"(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)","html":"

(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)

"},{"id":"text-14","type":"text","heading":"","plain_text":"Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1\nTcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12\nTcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4","html":"

Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1\nTcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12\nTcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4

"},{"id":"text-15","type":"text","heading":"","plain_text":"Internet Explorer:\n==================\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE\nURLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant\nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C \nBHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nBHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nBHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nHandler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)","html":"

Internet Explorer:\n==================\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE\nURLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant\nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C \nBHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nBHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nBHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nHandler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)

"},{"id":"text-16","type":"text","heading":"","plain_text":"Bord: \n======\nDownloadDir: C: Users Ethan Downloads","html":"

Bord: \n======\nDownloadDir: C: Users Ethan Downloads

"},{"id":"text-17","type":"text","heading":"","plain_text":"FireFox:\n========\nPlugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nPlugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nFF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)","html":"

FireFox:\n========\nPlugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nPlugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nFF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

"},{"id":"text-18","type":"text","heading":"","plain_text":"Chrome: \n=======\nCHR DefaultProfile: Par défaut\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]\nNotifications CHR: Par défaut -> hxxps: //www.youtube.com\nCHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"\nRestauration de session CHR: Par défaut -> est activé.\nExtension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]\nExtension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]\nExtension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]\nExtension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]\nExtension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]\nExtension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]\nExtension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]\nExtension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]\nExtension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]\nExtension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]\nExtension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]\nExtension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]\nExtension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]","html":"

Chrome: \n=======\nCHR DefaultProfile: Par défaut\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]\nNotifications CHR: Par défaut -> hxxps: //www.youtube.com\nCHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"\nRestauration de session CHR: Par défaut -> est activé.\nExtension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]\nExtension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]\nExtension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]\nExtension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]\nExtension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]\nExtension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]\nExtension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]\nExtension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]\nExtension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]\nExtension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]\nExtension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]\nExtension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]\nExtension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]

"},{"id":"text-19","type":"text","heading":"","plain_text":"==================== Services (liste blanche) ===================","html":"

==================== Services (liste blanche) ===================

"},{"id":"text-20","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","html":"

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

"},{"id":"text-21","type":"text","heading":"","plain_text":"S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)\nS4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)\nR2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)\nR2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)\nS3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)\nR2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)\nR2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)\nS3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)\nR2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)\nS3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nS3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nR2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)\nLmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nLmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)\nR2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)\nS3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)\nR2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nS4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nS3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)\nS2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]\nU4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]\nU4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]","html":"

S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)\nS4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)\nR2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)\nR2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)\nS3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)\nR2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)\nR2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)\nS3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)\nR2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)\nS3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nS3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nR2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)\nLmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nLmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)\nR2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)\nS3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)\nR2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nS4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nS3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)\nS2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]\nU4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]\nU4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]

"},{"id":"text-22","type":"text","heading":"","plain_text":"===================== Pilotes (sur liste blanche) ===================","html":"

===================== Pilotes (sur liste blanche) ===================

"},{"id":"text-23","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","html":"

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

"},{"id":"text-24","type":"text","heading":"","plain_text":"S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)\nR3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)\nS3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)\nR3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nS3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)\nR1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)\nR1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)\nR1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)\nR1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nR1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)\nR2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)\nS0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)\nR3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)\nR1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)\nS3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)\nR1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)\nR3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)\nR1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)\nS3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)\nS3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nS3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nR3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)\nS3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]","html":"

S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)\nR3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)\nS3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)\nR3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nS3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)\nR1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)\nR1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)\nR1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)\nR1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nR1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)\nR2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)\nS0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)\nR3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)\nR1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)\nS3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)\nR1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)\nR3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)\nR1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)\nS3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)\nS3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nS3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nR3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)\nS3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]

"},{"id":"text-25","type":"text","heading":"","plain_text":"==================== NetSvcs (liste blanche) ====================","html":"

==================== NetSvcs (liste blanche) ====================

"},{"id":"text-26","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)","html":"

(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)

"},{"id":"text-27","type":"text","heading":"","plain_text":"==================== Un mois (créé) ===================","html":"

==================== Un mois (créé) ===================

"},{"id":"text-28","type":"text","heading":"","plain_text":"(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)","html":"

(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)

"},{"id":"text-29","type":"text","heading":"","plain_text":"2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt\n2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST\n2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe\n2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump\n2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt\n2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip\n2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG\n2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys\n2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys\n2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr\n2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin\n2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip\n2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk\n2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe\n2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI\n2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime\n2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame\n2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe\n2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip\n2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable\n2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip\n2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk\n2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp\n2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb\n2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4\n2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX\n2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys\n2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee\n2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732\n2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b\n2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06\n2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6\n2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a\n2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache\n2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software\n2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c\n2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD\n2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a\n2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD\n2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings\n2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de\n2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae\n2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87\n2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4\n2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9\n2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335\n2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41\n2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8\n2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096\n2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4\n2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019\n2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656\n2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b\n2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea\n2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff\n2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776\n2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4\n2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19\n2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c\n2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada\n2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e\n2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5\n2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a\n2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4\n2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c\n2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8\n2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21\n2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68\n2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73\n2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb\n2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f\n2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp\n2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP\n2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe\n2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files\n2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe\n2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe\n2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe\n2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe\n2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys\n2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys\n2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate\n2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe\n2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe\n2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll\n2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new\n2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap\n2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb\n2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk\n2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com\n2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com\n2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps\n2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe\n2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec\n2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys\n2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared\n2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec\n2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec\n2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys\n2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys\n2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam\n2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes\n2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher\n2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom","html":"

2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt\n2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST\n2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe\n2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump\n2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt\n2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip\n2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG\n2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys\n2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys\n2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr\n2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin\n2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip\n2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk\n2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe\n2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI\n2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime\n2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame\n2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe\n2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip\n2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable\n2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip\n2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk\n2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp\n2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb\n2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4\n2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX\n2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys\n2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee\n2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732\n2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b\n2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06\n2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6\n2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a\n2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache\n2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software\n2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c\n2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD\n2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a\n2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD\n2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings\n2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de\n2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae\n2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87\n2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4\n2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9\n2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335\n2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41\n2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8\n2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096\n2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4\n2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019\n2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656\n2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b\n2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea\n2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff\n2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776\n2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4\n2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19\n2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c\n2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada\n2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e\n2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5\n2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a\n2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4\n2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c\n2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8\n2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21\n2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68\n2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73\n2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb\n2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f\n2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp\n2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP\n2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe\n2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files\n2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe\n2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe\n2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe\n2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe\n2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys\n2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys\n2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate\n2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe\n2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe\n2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll\n2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new\n2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap\n2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb\n2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk\n2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com\n2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com\n2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps\n2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe\n2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec\n2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys\n2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared\n2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec\n2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec\n2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys\n2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys\n2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam\n2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes\n2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher\n2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom

"},{"id":"text-30","type":"text","heading":"","plain_text":"==================== One month (modified) ==================","html":"

==================== One month (modified) ==================

"},{"id":"text-31","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, the file/folder will be moved.)","html":"

(If an entry is included in the fixlist, the file/folder will be moved.)

"},{"id":"text-32","type":"text","heading":"","plain_text":"2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini\n2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI\n2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF\n2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio\n2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess\n2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT\n2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft\n2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft\n2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan\n2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord\n2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy\n2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD\n2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT\n2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness\n2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps\n2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio\n2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin\n2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports\n2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient\n2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther\n2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp\n2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient\n2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml\n2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration\n2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office\n2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch\n2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages\n2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe\n2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client\n2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator\n2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore\n2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache\n2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT\n2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD\n2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD\n2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk\n2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe\n2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl\n2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages\n2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache\n2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared\n2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy\n2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP\n2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing\n2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom","html":"

2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini\n2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI\n2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF\n2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio\n2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess\n2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT\n2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft\n2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft\n2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan\n2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord\n2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy\n2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD\n2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT\n2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness\n2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps\n2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio\n2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin\n2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports\n2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient\n2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther\n2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp\n2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient\n2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml\n2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration\n2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office\n2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch\n2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages\n2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe\n2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client\n2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator\n2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore\n2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache\n2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT\n2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD\n2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD\n2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk\n2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe\n2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl\n2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages\n2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache\n2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared\n2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy\n2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP\n2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing\n2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom

"},{"id":"text-33","type":"text","heading":"","plain_text":"==================== Files in the root of some directories ========","html":"

==================== Files in the root of some directories ========

"},{"id":"text-34","type":"text","heading":"","plain_text":"2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log\n2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel","html":"

2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log\n2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel

"},{"id":"text-35","type":"text","heading":"","plain_text":"==================== FLock ==============================","html":"

==================== FLock ==============================

"},{"id":"text-36","type":"text","heading":"","plain_text":"2020-05-13 20:50 C:PerfLogs\n2020-06-12 19:49 C:WINDOWSsystem32config\n2018-09-15 09:33 C:WINDOWSsystem32Configuration\n2018-09-15 09:33 C:WINDOWSsystem32DriverState\n2018-09-15 09:33 C:WINDOWSsystem32FxsTmp\n2018-09-15 09:34 C:WINDOWSsystem32ias\n2018-09-15 09:34 C:WINDOWSsystem32MsDtc\n2018-09-15 09:33 C:WINDOWSsystem32networklist\n2020-06-13 04:54 C:WINDOWSsystem32SleepStudy\n2020-06-13 05:29 C:WINDOWSsystem32sru\n2020-06-05 22:22 C:WINDOWSsystem32Tasks\n2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated\n2019-07-19 20:15 C:WINDOWSsystem32WDI\n2020-06-12 19:57 C:Program FilesWindowsApps\n2020-06-09 04:19 C:WINDOWSdiagerr.xml\n2020-06-09 04:19 C:WINDOWSdiagwrn.xml\n2019-05-05 07:38 C:WINDOWSInfusedApps\n2020-06-12 03:02 C:WINDOWSLiveKernelReports\n2020-02-15 18:45 C:WINDOWSMinidump\n2018-09-15 09:33 C:WINDOWSModemLogs\n2020-06-13 05:42 C:WINDOWSPrefetch\n2019-05-04 22:10 C:WINDOWSServiceState\n2020-06-13 05:41 C:WINDOWSTemp\n2018-09-15 09:33 C:WINDOWSSysWOW64config\n2018-09-15 09:33 C:WINDOWSSysWOW64Configuration\n2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc\n2018-09-15 09:33 C:WINDOWSSysWOW64networklist\n2018-09-15 09:33 C:WINDOWSSysWOW64sru\n2018-09-15 09:33 C:WINDOWSSysWOW64Tasks\n2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData\n2020-06-08 22:06 C:Usersdadministrator\n2020-06-02 21:45 C:ProgramDataPackages\n2019-05-04 21:44 C:ProgramDataUSOPrivate","html":"

2020-05-13 20:50 C:PerfLogs\n2020-06-12 19:49 C:WINDOWSsystem32config\n2018-09-15 09:33 C:WINDOWSsystem32Configuration\n2018-09-15 09:33 C:WINDOWSsystem32DriverState\n2018-09-15 09:33 C:WINDOWSsystem32FxsTmp\n2018-09-15 09:34 C:WINDOWSsystem32ias\n2018-09-15 09:34 C:WINDOWSsystem32MsDtc\n2018-09-15 09:33 C:WINDOWSsystem32networklist\n2020-06-13 04:54 C:WINDOWSsystem32SleepStudy\n2020-06-13 05:29 C:WINDOWSsystem32sru\n2020-06-05 22:22 C:WINDOWSsystem32Tasks\n2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated\n2019-07-19 20:15 C:WINDOWSsystem32WDI\n2020-06-12 19:57 C:Program FilesWindowsApps\n2020-06-09 04:19 C:WINDOWSdiagerr.xml\n2020-06-09 04:19 C:WINDOWSdiagwrn.xml\n2019-05-05 07:38 C:WINDOWSInfusedApps\n2020-06-12 03:02 C:WINDOWSLiveKernelReports\n2020-02-15 18:45 C:WINDOWSMinidump\n2018-09-15 09:33 C:WINDOWSModemLogs\n2020-06-13 05:42 C:WINDOWSPrefetch\n2019-05-04 22:10 C:WINDOWSServiceState\n2020-06-13 05:41 C:WINDOWSTemp\n2018-09-15 09:33 C:WINDOWSSysWOW64config\n2018-09-15 09:33 C:WINDOWSSysWOW64Configuration\n2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc\n2018-09-15 09:33 C:WINDOWSSysWOW64networklist\n2018-09-15 09:33 C:WINDOWSSysWOW64sru\n2018-09-15 09:33 C:WINDOWSSysWOW64Tasks\n2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData\n2020-06-08 22:06 C:Usersdadministrator\n2020-06-02 21:45 C:ProgramDataPackages\n2019-05-04 21:44 C:ProgramDataUSOPrivate

"},{"id":"text-37","type":"text","heading":"","plain_text":"==================== SigCheck ============================","html":"

==================== SigCheck ============================

"},{"id":"text-38","type":"text","heading":"","plain_text":"(There is no automatic fix for files that do not pass verification.)","html":"

(There is no automatic fix for files that do not pass verification.)

"},{"id":"text-39","type":"text","heading":"","plain_text":"ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.\nAccess is denied.","html":"

ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.\nAccess is denied.

"},{"id":"text-40","type":"text","heading":"","plain_text":"==================== End of FRST.txt ========================","html":"

==================== End of FRST.txt ========================

"},{"id":"text-41","type":"text","heading":"","plain_text":"Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020\nRan by Ethan (13-06-2020 05:43:40)\nRunning from C:UsersEthanDesktop\nWindows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)\nBoot Mode: Normal\n==========================================================","html":"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020\nRan by Ethan (13-06-2020 05:43:40)\nRunning from C:UsersEthanDesktop\nWindows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)\nBoot Mode: Normal\n==========================================================

"},{"id":"text-42","type":"text","heading":"","plain_text":"==================== Accounts: =============================","html":"

==================== Accounts: =============================

"},{"id":"text-43","type":"text","heading":"","plain_text":"Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)\ndadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator\nDefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)\nEthan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan\nGuest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)\nWDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)","html":"

Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)\ndadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator\nDefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)\nEthan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan\nGuest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)\nWDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)

"},{"id":"text-44","type":"text","heading":"","plain_text":"==================== Security Center ========================","html":"

==================== Security Center ========================

"},{"id":"text-45","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, it will be removed.)","html":"

(If an entry is included in the fixlist, it will be removed.)

"},{"id":"text-46","type":"text","heading":"","plain_text":"AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D\nAV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nAV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B\nAS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nFW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6","html":"

AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D\nAV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nAV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B\nAS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nFW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6

"},{"id":"text-47","type":"text","heading":"","plain_text":"==================== Installed Programs ======================","html":"

==================== Installed Programs ======================

"},{"id":"text-48","type":"text","heading":"","plain_text":"(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)","html":"

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"},{"id":"text-49","type":"text","heading":"","plain_text":"3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)\n7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)\nAMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)\nASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)\nBranding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)\nEdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )\nEpic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nGlorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)\nGOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)\nGoogle Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)\nGoogle Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden\nIntel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)\nJava 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)\nKeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)\nLauncher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nLogger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)\nLogitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nMalwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)\nMicrosoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)\nMinecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)\nMinecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)\nOEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)\nOffice 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nPC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nQustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden\nQustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)\nRealtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)\nSymantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)\nTerraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)\nTI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)\nVulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden\nVulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden\nWDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)\nWindows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)\nWindows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)","html":"

3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)\n7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)\nAMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)\nASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)\nBranding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)\nEdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )\nEpic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nGlorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)\nGOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)\nGoogle Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)\nGoogle Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden\nIntel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)\nJava 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)\nKeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)\nLauncher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nLogger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)\nLogitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nMalwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)\nMicrosoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)\nMinecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)\nMinecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)\nOEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)\nOffice 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nPC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nQustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden\nQustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)\nRealtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)\nSymantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)\nTerraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)\nTI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)\nVulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden\nVulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden\nWDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)\nWindows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)\nWindows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)

"},{"id":"text-50","type":"text","heading":"","plain_text":"Packages:\n=========\nAdobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)\nArduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)\nDolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nDolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nPhotos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nRealtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)\nSpotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]","html":"

Packages:\n=========\nAdobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)\nArduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)\nDolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nDolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nPhotos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nRealtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)\nSpotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]

"},{"id":"text-51","type":"text","heading":"","plain_text":"==================== Custom CLSID (Whitelisted): ==============","html":"

==================== Custom CLSID (Whitelisted): ==============

"},{"id":"text-52","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)","html":"

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"},{"id":"text-53","type":"text","heading":"","plain_text":"CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )\nContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)","html":"

CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )\nContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)

"},{"id":"text-54","type":"text","heading":"","plain_text":"==================== Codecs (Whitelisted) ====================","html":"

==================== Codecs (Whitelisted) ====================

"},{"id":"text-55","type":"text","heading":"","plain_text":"==================== Shortcuts & WMI ========================","html":"

==================== Shortcuts & WMI ========================

"},{"id":"text-56","type":"text","heading":"","plain_text":"(The entries could be listed to be restored or removed.)","html":"

(The entries could be listed to be restored or removed.)

"},{"id":"text-57","type":"text","heading":"","plain_text":"ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj","html":"

ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj

"},{"id":"text-58","type":"text","heading":"","plain_text":"==================== Loaded Modules (Whitelisted) =============","html":"

==================== Loaded Modules (Whitelisted) =============

"},{"id":"text-59","type":"text","heading":"","plain_text":"2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll\n2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll\n2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll","html":"

2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll\n2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll\n2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll

"},{"id":"text-60","type":"text","heading":"","plain_text":"==================== Alternate Data Streams (Whitelisted) ========","html":"

==================== Alternate Data Streams (Whitelisted) ========

"},{"id":"text-61","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, only the ADS will be removed.)","html":"

(If an entry is included in the fixlist, only the ADS will be removed.)

"},{"id":"text-62","type":"text","heading":"","plain_text":"AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]\nAlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]\nAlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]","html":"

AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]\nAlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]\nAlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]

"},{"id":"text-63","type":"text","heading":"","plain_text":"==================== Safe Mode (Whitelisted) ==================","html":"

==================== Safe Mode (Whitelisted) ==================

"},{"id":"text-64","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)","html":"

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

"},{"id":"text-65","type":"text","heading":"","plain_text":"HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"","html":"

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service"

"},{"id":"text-66","type":"text","heading":"","plain_text":"==================== Association (Whitelisted) =================","html":"

==================== Association (Whitelisted) =================

"},{"id":"text-67","type":"text","heading":"","plain_text":"==================== Internet Explorer trusted/restricted ==========","html":"

==================== Internet Explorer trusted/restricted ==========

"},{"id":"text-68","type":"text","heading":"","plain_text":"==================== Hosts content: =========================","html":"

==================== Hosts content: =========================

"},{"id":"text-69","type":"text","heading":"","plain_text":"(If needed Hosts: directive could be included in the fixlist to reset Hosts.)","html":"

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

"},{"id":"text-70","type":"text","heading":"","plain_text":"2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts","html":"

2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts

"},{"id":"text-71","type":"text","heading":"","plain_text":"2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics\n2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703\n135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156\n68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788\n192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328\n192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941\n192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162\n45 162","html":"

2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics\n2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703\n135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156\n68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788\n192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328\n192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941\n192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162\n45 162

"},{"id":"text-72","type":"text","heading":"","plain_text":"==================== Other Areas ===========================","html":"

==================== Other Areas ===========================

"},{"id":"text-73","type":"text","heading":"","plain_text":"(Currently there is no automatic fix for this section.)","html":"

(Currently there is no automatic fix for this section.)

"},{"id":"text-74","type":"text","heading":"","plain_text":"HKLMSystemCurrentControlSetControlSession ManagerEnvironment\\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nDNS Servers: 68.105.28.11 – 68.105.29.11\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )\nWindows Firewall is enabled.","html":"

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nDNS Servers: 68.105.28.11 – 68.105.29.11\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )\nWindows Firewall is enabled.

"},{"id":"text-75","type":"text","heading":"","plain_text":"==================== MSCONFIG/TASK MANAGER disabled items ==","html":"

==================== MSCONFIG/TASK MANAGER disabled items ==

"},{"id":"text-76","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, it will be removed.)","html":"

(If an entry is included in the fixlist, it will be removed.)

"},{"id":"text-77","type":"text","heading":"","plain_text":"HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"","html":"

HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup"

"},{"id":"text-78","type":"text","heading":"","plain_text":"==================== FirewallRules (Whitelisted) ================","html":"

==================== FirewallRules (Whitelisted) ================

"},{"id":"text-79","type":"text","heading":"","plain_text":"(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)","html":"

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"},{"id":"text-80","type":"text","heading":"","plain_text":"FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )\nFirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)\nFirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )\nFirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)\nFirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File\nFirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File\nFirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File\nFirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File\nFirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File","html":"

FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )\nFirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)\nFirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )\nFirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)\nFirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File\nFirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File\nFirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File\nFirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File\nFirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File

"},{"id":"text-81","type":"text","heading":"","plain_text":"==================== Restore Points =========================","html":"

==================== Restore Points =========================

"},{"id":"text-82","type":"text","heading":"","plain_text":"ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)\nCheck "VSS" service","html":"

ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)\nCheck "VSS" service

"},{"id":"text-83","type":"text","heading":"","plain_text":"==================== Faulty Device Manager Devices ============","html":"

==================== Faulty Device Manager Devices ============

"},{"id":"text-84","type":"text","heading":"","plain_text":"==================== Event log errors: ========================","html":"

==================== Event log errors: ========================

"},{"id":"text-85","type":"text","heading":"","plain_text":"Application errors:\n==================\nError: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )\nDescription: Memory Exploit Mitigation is malfunctioning","html":"

Application errors:\n==================\nError: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )\nDescription: Memory Exploit Mitigation is malfunctioning

"},{"id":"text-86","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.","html":"

Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.

"},{"id":"text-87","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.","html":"

Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions.

"},{"id":"text-88","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","html":"

Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

"},{"id":"text-89","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","html":"

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

"},{"id":"text-90","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","html":"

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

"},{"id":"text-91","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","html":"

Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

"},{"id":"text-92","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing","html":"

Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing

"},{"id":"text-93","type":"text","heading":"","plain_text":"System errors:\n=============\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

System errors:\n=============\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-94","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-95","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-96","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-97","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-98","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-99","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.SecurityAppBroker\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.SecurityAppBroker\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-100","type":"text","heading":"","plain_text":"Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.WscBrokerManager\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.","html":"

Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.WscBrokerManager\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

"},{"id":"text-101","type":"text","heading":"","plain_text":"CodeIntegrity:\n===================================","html":"

CodeIntegrity:\n===================================

"},{"id":"text-102","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:55.962\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:55.962\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-103","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:55.958\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:55.958\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-104","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:55.695\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:55.695\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-105","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:55.690\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:55.690\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-106","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:43.476\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:43.476\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-107","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:43.473\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:43.473\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-108","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:43.462\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:43.462\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-109","type":"text","heading":"","plain_text":"Date: 2020-06-13 05:28:43.458\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.","html":"

Date: 2020-06-13 05:28:43.458\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

"},{"id":"text-110","type":"text","heading":"","plain_text":"==================== Memory info ===========================","html":"

==================== Memory info ===========================

"},{"id":"text-111","type":"text","heading":"","plain_text":"BIOS: HUAWEI 1.22 02/26/2019\nMotherboard: HUAWEI KPL-W0X\nProcessor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx \nPercentage of memory in use: 60%\nTotal physical RAM: 7069.58 MB\nAvailable physical RAM: 2819.71 MB\nTotal Virtual: 17309.58 MB\nAvailable Virtual: 11480.89 MB","html":"

BIOS: HUAWEI 1.22 02/26/2019\nMotherboard: HUAWEI KPL-W0X\nProcessor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx \nPercentage of memory in use: 60%\nTotal physical RAM: 7069.58 MB\nAvailable physical RAM: 2819.71 MB\nTotal Virtual: 17309.58 MB\nAvailable Virtual: 11480.89 MB

"},{"id":"text-112","type":"text","heading":"","plain_text":"==================== Drives ================================","html":"

==================== Drives ================================

"},{"id":"text-113","type":"text","heading":"","plain_text":"Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS","html":"

Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS

"},{"id":"text-114","type":"text","heading":"","plain_text":"\\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS\n\\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32","html":"

\\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS\n\\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

"},{"id":"text-115","type":"text","heading":"","plain_text":"==================== MBR & Partition Table ====================","html":"

==================== MBR & Partition Table ====================

"},{"id":"text-116","type":"text","heading":"","plain_text":"==================== End of Addition.txt =======================","html":"

==================== End of Addition.txt =======================

"},{"id":"text-117","type":"text","heading":"","plain_text":"Click to rate this post!\n \n [Total: 0 Average: 0]","html":"

Click to rate this post!\n \n [Total: 0 Average: 0]

"}],"sections":[{"id":"text-1","heading":"Text","content":"J'ai cliqué sur un lien que je ne devrais pas avoir vu, j'ai vu les URL changer rapidement et j'ai immédiatement fermé la fenêtre. Une semaine plus tard, mon logiciel parental m'a signalé qu'il essayait de visiter des sites Web pornographiques 100 fois en une minute. J'ai téléchargé des octets malveillants premium et supprimé 2 fichiers, un PUP.Optional.InstallCore dans mon registre et un fichier générique de malware appelé $ RFHLJ6G.EXE dans ma corbeille. J'ai également installé symantec qui ne signalait rien sauf mon pirate de processus. Dans les jours suivants, mon malwarebytes nouvellement installé me ​​dit que le logiciel parental visite plusieurs fois des sites Web malveillants via le fichier proxy, et je scanne mais rien ne vient. Mon ordinateur portable a été extrêmement lent et surchauffe pour une raison inconnue, les programmes malveillants ne détectent rien et le gestionnaire de tâches dit que rien ne va pas. Je suis presque prêt à simplement réinitialiser les paramètres d'usine. Voici mes journaux:"},{"id":"text-2","heading":"Text","content":"Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020\nRan by Ethan (ATTENTION: L'utilisateur n'est pas administrateur) sur ETHANLAPTOP (HUAWEI KPL-W0X) (13-06-2020 05:42:15)\nExécution à partir de C: Users Ethan Desktop\nProfils chargés: Ethan\nPlateforme: Windows 10 Home Version 1809 17763.1217 (X64) Langue: anglais (États-Unis)\nNavigateur par défaut: Chrome\nMode de démarrage: Normal"},{"id":"text-3","heading":"Text","content":"==================== Processus (liste blanche) ================="},{"id":"text-4","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)"},{"id":"text-5","heading":"Text","content":"(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext amdow.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext AMDRSServ.exe\n(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C: Program Files AMD CNext CNext RadeonSoftware.exe\n(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe \n(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware mbamtray.exe\n(Microsoft Corporation -> Microsoft Corporation) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe Calculator.exe\n(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 CastSrv.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe\n(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe\n(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe\n(Qustodio Technologies, SL ->) C: Program Files (x86) Qustodio qapp crashpad_handler.exe\n(Qustodio Technologies, SL -> Qustodio Technologies) C: Program Files (x86) Qustodio qapp QAppTray.exe\n(Realtek Semiconductor Corp. -> Realtek Semiconductor) C: Windows System32 RtkAudUService64.exe\n(Symantec Corporation -> Symantec Corporation) C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe\nImpossible d'accéder au processus -> amdlogsr.exe\nImpossible d'accéder au processus -> atieclxx.exe\nImpossible d'accéder au processus -> atiesrxx.exe\nImpossible d'accéder au processus -> ccSvcHst.exe\nImpossible d'accéder au processus -> conhost.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> crashpad_handler.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> csrss.exe\nImpossible d'accéder au processus -> dasHost.exe\nImpossible d'accéder au processus -> DAX3API.exe\nImpossible d'accéder au processus -> dllhost.exe\nImpossible d'accéder au processus -> dwm.exe\nImpossible d'accéder au processus -> EvtEng.exe\nImpossible d'accéder au processus -> FMService64.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> fontdrvhost.exe\nImpossible d'accéder au processus -> GoogleCrashHandler.exe\nImpossible d'accéder au processus -> GoogleCrashHandler64.exe\nImpossible d'accéder au processus -> LCD_Service.exe\nImpossible d'accéder au processus -> lsass.exe\nImpossible d'accéder au processus -> MateBookService.exe\nImpossible d'accéder au processus -> MBAMService.exe\nImpossible d'accéder au processus -> OfficeClickToRun.exe\nImpossible d'accéder au processus -> qengine.exe\nImpossible d'accéder au processus -> QUpdateService.exe\nImpossible d'accéder au processus -> RegSrvc.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> RtkAudUService64.exe\nImpossible d'accéder au processus -> SearchFilterHost.exe\nImpossible d'accéder au processus -> SearchIndexer.exe\nImpossible d'accéder au processus -> SearchProtocolHost.exe\nImpossible d'accéder au processus -> SecurityHealthService.exe\nImpossible d'accéder au processus -> sepWscSvc64.exe\nImpossible d'accéder au processus -> services.exe\nImpossible d'accéder au processus -> SgrmBroker.exe\nImpossible d'accéder au processus -> smss.exe\nImpossible d'accéder au processus -> spoolsv.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> svchost.exe\nImpossible d'accéder au processus -> unsecapp.exe\nImpossible d'accéder au processus -> wininit.exe\nImpossible d'accéder au processus -> winlogon.exe\nImpossible d'accéder au processus -> wlanext.exe\nImpossible d'accéder au processus -> WMIADAP.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> WmiPrvSE.exe\nImpossible d'accéder au processus -> ZeroConfigService.exe"},{"id":"text-6","heading":"Text","content":"==================== Registre (liste blanche) ==================="},{"id":"text-7","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)"},{"id":"text-8","heading":"Text","content":"HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [836672 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)\nHKLM … Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech, Inc.)\nHKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Fichiers communs Java Java Update jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)\nHKLM-x32 … Exécuter: [KeePass 2 PreLoad] => C: Program Files (x86) KeePass Password Safe 2 KeePass.exe [3331264 2020-01-20] (Développeur Open Source, Dominik Reichl -> Dominik Reichl)\nHKLM-x32 … Exécuter: [QAppTray] => C: Program Files (x86) Qustodio qapp QAppTray.exe [6429456 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 … MountPoints2: d731a143-c473-11e8-aff7-ef1b4a682e27 – "E: HiSuiteDownLoader.exe" \nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [GoogleChromeAutoLaunch_C4C526BDE8624B78F748783A47890366] => "C: Program Files (x86) Google Chrome Application chrome.exe" –no-startup-window / prefetch: 5\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [launchOnStartup] => C: Program Files (x86) GOG Galaxy GalaxyClient.exe [13971528 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … Run: [CCXProcess] => "C: Program Files Adobe Adobe Creative Cloud Experience CCXProcess.exe"\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #0] => C: Windows HelpPane.exe [1071616 2020-03-10] (Microsoft Windows -> Microsoft Corporation)\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … RunOnce: [Application Restart #1] => C: Program Files (x86) Google Chrome Application chrome.exe –profile-directory = Par défaut –flag-switches-begin –flag-switches-end –enable-audio-service-sandbox –restore-last-session\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 … MountPoints2: {d731a143-c473-11e8-aff7-aff4-a7274e2-aff4-aff7-aff4-aff7-aff4-aff7-aff4-aff7-aff4-e7a-b7 "E: HiSuiteDownLoader.exe" \nHKLM … Windows x64 Processeurs d'impression Processeur d'impression Canon iP110 series: C: Windows System32 spool prtprocs x64 CNMPDCH.DLL [30208 2014-06-08] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Windows x64 Processeurs d'impression Canon MX920 series Processeur d'impression: C: Windows System32 spool prtprocs x64 CNMPDBL.DLL [30208 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ FAX Language Monitor MX920 series: C: WINDOWS system32 CNCALBL.DLL [303104 2012-09-21] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM … Print Monitors Canon BJ Language Monitor MX920 series: C: WINDOWS system32 CNMLMBL.DLL [390656 2012-09-20] (Éditeur de compatibilité matérielle Microsoft Windows -> CANON INC.)\nHKLM Software Microsoft Active Setup Installed Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C: Program Files (x86) Google Chrome Application 83.0.4103.97 Installer chrmstp.exe [2020-06-05] (Google LLC -> Google LLC)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Rainmeter.lnk [2019-11-29]\nShortcutTarget: Rainmeter.lnk -> C: Program Files Rainmeter Rainmeter.exe (aucun fichier)\nDémarrage: C: Users Ethan AppData Roaming Microsoft Windows Start Menu Programs Startup Send to OneNote.lnk [2018-08-13]\nShortcutTarget: Envoyer à OneNote.lnk -> C: Program Files (x86) Microsoft Office root Office16 ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)\nGroupPolicy: Restriction? <==== ATTENTION"},{"id":"text-9","heading":"Text","content":"==================== Tâches planifiées (liste blanche) ============"},{"id":"text-10","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)"},{"id":"text-11","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, le fichier de tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)"},{"id":"text-12","heading":"Text","content":"==================== Internet (liste blanche) ===================="},{"id":"text-13","heading":"Text","content":"(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément du registre, il sera supprimé ou restauré par défaut.)"},{"id":"text-14","heading":"Text","content":"Tcpip Paramètres: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 0fd44dc5-54d3-4548-a4de-121a058f2fb6: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12\nTcpip .. Interfaces 42687b4e-4fd5-4ba8-b5dc-191ac714846c: [DhcpNameServer] 192.168.0.1\nTcpip .. Interfaces 794c4cd7-35de-4e43-975d-105099c2323b: [DhcpNameServer] 40.40.1.12\nTcpip .. Interfaces a73bdab8-9a7e-48ee-b785-5ecc46657b1c: [DhcpNameServer] 8.8.8.8 8.8.4.4"},{"id":"text-15","heading":"Text","content":"Internet Explorer:\n==================\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, page de démarrage = hxxps: //go.microsoft.com/fwlink/p/? LinkId = 620947 & OCID = AVRES000 & pc = UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17SWIN10.MSN.COM/? PC = NSJE\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Start Page = hxxps: // go. microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00\nHKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 Software Microsoft Internet Explorer Main, Default_Page_URL = hxxp: //OEM17S .COM /? PC = NSJE\nURLSearchHook: [S-1-5-21-1017088884-3281645122-1580351492-1001-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053623422] ATTENTION => URLSearchHook par défaut est manquant\nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> DefaultScope 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002 -> 19DD036C-D3F6-4E92-AC6C-D795D806EB14 URL = \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> DefaultScope {19DD036C-D3F6-4E92-AC6-D6C6-AC6 D6 \nSearchScopes: HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750 -> {19DD036C-D3F6-4E92-AC6C-D6F6E6-AC6C \nBHO: Skype Entreprise Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX64 Microsoft Office Office16 OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nBHO: Java ™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C: Program Files Java jre1.8.0_181 bin ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nBHO: Java ™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C: Program Files Java jre1.8.0_181 bin jp2ssv.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nHandler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)\nHandler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C: Program Files (x86) Microsoft Office root Office16 MSOSB.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)"},{"id":"text-16","heading":"Text","content":"Bord: \n======\nDownloadDir: C: Users Ethan Downloads"},{"id":"text-17","heading":"Text","content":"FireFox:\n========\nPlugin FF: @ java.com / DTPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin dtplugin npDeployJava1.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nPlugin FF: @ java.com / JavaPlugin, version = 11.181.2 -> C: Program Files Java jre1.8.0_181 bin plugin2 npjp2.dll [2018-07-28] (Oracle America, Inc. -> Oracle Corporation)\nFF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan AppData Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)\nPlugin FF HKU S-1-5-21-1017088884-3281645122-1580351492-1002- ED1FC765-E35E-4C3D-BF15-2C2B11260CE4 -06132020053622750: @ zoom.us / ZoomVideoPlugin -> C: Users Ethan Roaming Zoom bin npzoomplugin.dll [2020-05-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)"},{"id":"text-18","heading":"Text","content":"Chrome: \n=======\nCHR DefaultProfile: Par défaut\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data Default [2020-06-13]\nNotifications CHR: Par défaut -> hxxps: //www.youtube.com\nCHR StartupUrls: Par défaut -> "chrome: // newtab /", "hxxps: //mail.google.com/mail/u/0/#inbox"\nRestauration de session CHR: Par défaut -> est activé.\nExtension CHR: (diapositives) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]\nExtension CHR: (Docs) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions aohghmighlieiainnegkcijnfilokake [2018-07-27]\nExtension CHR: (Google Drive) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2019-12-21]\nExtension CHR: (YouTube) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]\nExtension CHR: (Honey) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions bmnlcjabgnpnenekpadlanbbkooimhnj [2020-05-30]\nExtension CHR: (Google Docs hors ligne) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnililnnbdlolhkhi [2020-05-30]\nExtension CHR: (Chrometana – Rediriger Bing quelque part mieux) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions kaicbfmipfpfpjmlbpejaoaflfdnabnc [2018-07-28]\nExtension CHR: (Paiements Chrome Web Store) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]\nExtension CHR: (AdBlocker Ultimate) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions ohahllgiabjaoigichmmfljhkcfikeof [2020-06-11]\nExtension CHR: (Modern Flat) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pdcjjgefkpoemmlcjfcfkeminneboaob [2018-09-05]\nExtension CHR: (Gmail) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]\nExtension CHR: (Chrome Media Router) – C: Users Ethan AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-24]\nExtension CHR: (extension de réponse quotidienne au questionnaire de la Couronne) – C: Users Ethan Documents Other Chrome Crowns Extension [2019-11-28]\nProfil CHR: C: Users Ethan AppData Local Google Chrome User Data System Profile [2020-06-08]"},{"id":"text-19","heading":"Text","content":"==================== Services (liste blanche) ==================="},{"id":"text-20","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)"},{"id":"text-21","heading":"Text","content":"S3 AALSvc; C: AlphaAntiLeak AAL bin server AALSvc.exe [11439992 2020-06-09] (Constantin Schreiber ->)\nS4 AGMService; C: Program Files (x86) Common Files Adobe AdobeGCClient AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)\nR2 AMD External Events Utility; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)\nR2 AMD Log Utility; C: WINDOWS System32 amdlogsr.exe [483248 2020-05-05] (Éditeur de compatibilité matérielle Microsoft Windows -> Advanced Micro Devices, Inc.)\nS3 BEService; C: Program Files (x86) Common Files BattlEye BEService.exe [7356680 2018-10-03] (BattlEye Innovations e.K. ->)\nR2 ClickToRunSvc; C: Program Files Fichiers communs Microsoft Shared ClickToRun OfficeClickToRun.exe [10637168 2020-05-29] (Microsoft Corporation -> Microsoft Corporation)\nR2 DolbyDAXAPI; C: WINDOWS system32 dolbyaposvc DAX3API.exe [602544 2018-09-27] (Dolby Laboratories, Inc. ->)\nS3 EasyAntiCheat; C: Program Files (x86) EasyAntiCheat EasyAntiCheat.exe [781440 2018-08-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)\nR2 FMAPOService; C: WINDOWS System32 FMService64.exe [294968 2018-09-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Fortemedia)\nS3 GalaxyClientService; C: Program Files (x86) GOG Galaxy GalaxyClientService.exe [1748552 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nS3 GalaxyCommunication; C: ProgramData GOG.com Galaxy redists GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. Z o.o. -> GOG.com)\nR2 LCD_Service; C: Program Files Huawei HwLcdEnhancement LCD_Service.exe [25584 2020-01-10] (Huawei Technologies Co., Ltd. -> Microsoft)\nLmhosts R3; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nLmhosts R3; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 MBAMainService; C: Program Files Huawei PCManager MateBookService.exe [1005040 2020-01-10] (Huawei Technologies Co., Ltd. ->)\nR2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [6933272 2020-05-20] (Malwarebytes Inc -> Malwarebytes)\nS3 MyWiFiDHCPDNS; C: Program Files Intel WiFi bin PanDhcpDns.exe [265864 2018-03-20] (Intel Corporation ->)\nR2 NlaSvc; C: WINDOWS System32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 NlaSvc; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS system32 svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 nsi; C: WINDOWS SysWOW64 svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 qengine; C: Program Files (x86) Qustodio qproxy qengine.exe [4139792 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qupdate; C: Program Files (x86) Qustodio qapp QUpdateService.exe [2358544 2020-06-04] (Qustodio Technologies, SL -> Qustodio Technologies)\nS4 SepLpsService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 SepMasterService; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin ccSvcHst.exe [159088 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR2 sepWscSvc; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 sepWscSvc64.exe [1834776 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SNAC; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 snac64.exe [394680 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nS3 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2004.6-0 MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)\nR2 ZeroConfigService; C: Program Files Intel WiFi bin ZeroConfigService.exe [3848328 2018-03-20] (Intel Corporation -> Intel® Corporation)\nS2 EraserSvc11910; "C: Program Files (x86) Fichiers communs Symantec Shared EENGINE ccSvcHst.exe" / h ccCommon [X]\nU4 weClientDataTransferService; "C: Program Files WE_Client wecdt.exe" [X]\nU4 weClientMessengerService; "C: Program Files WE_Client wecmsg.exe" [X]"},{"id":"text-22","heading":"Text","content":"===================== Pilotes (sur liste blanche) ==================="},{"id":"text-23","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)"},{"id":"text-24","heading":"Text","content":"S3 AALProtect; C: AlphaAntiLeak AAL bin server AALProtect.sys [35984 2020-03-24] (OOO AMEKS ->)\nR3 amdacpbus; C: WINDOWS System32 drivers amdacpbus.sys [6170544 2020-05-19] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdgpio2; C: WINDOWS System32 drivers amdgpio2.sys [34664 2018-03-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 AMDHDAudBusService; C: WINDOWS System32 drivers amdhdaudbus.sys [79224 2018-08-08] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nR3 amdi2c; C: WINDOWS System32 drivers amdi2c.sys [52680 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)\nR3 amdkmdag; C: WINDOWS System32 DriverStore FileRepository u0355166.inf_amd64_b850e0f0c3bce936 B355483 amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdlog; C: WINDOWS System32 drivers amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR0 amdpsp; C: WINDOWS System32 drivers amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nR3 AMDXE; C: WINDOWS System32 drivers amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. ->)\nS3 AppleLowerFilter; C: WINDOWS System32 drivers AppleLowerFilter.sys [35560 2018-05-10] (Version WDKTestCert, 131474841775766162 -> Apple Inc.)\nR3 AtiHDAudioService; C: WINDOWS system32 drivers AtihdWT6.sys [107936 2020-03-13] (Éditeur de compatibilité matérielle Microsoft Windows -> Micro périphériques avancés)\nS3 BEDaisy; C: Program Files (x86) Fichiers communs BattlEye BEDaisy.sys [2551864 2018-10-03] (BattlEye Innovations e.K. ->)\nR1 BHDrvx64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions BASHDefs 20200609.001 BHDrvx64.sys [1952136 2020-05-11] (Symantec Corporation -> Symantec Corporation)\nR1 ccSettings_ D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 ccSetx64.sys [179416 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 CH341SER_A64; C: WINDOWS System32 Drivers CH341S64.SYS [69024 2019-05-29] (Éditeur de compatibilité matérielle Microsoft Windows -> www.winchiphead.com)\nR1 eeCtrl; C: Program Files (x86) Common Files Symantec Shared EENGINE eeCtrl64.sys [516784 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR3 EraserUtilRebootDrv; C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilRebootDrv.sys [154288 2020-05-23] (Symantec Corporation -> Symantec Corporation)\nR1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [153312 2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nR1 IDSVia64; C: ProgramData Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Data Definitions IPSDefs 20200611.061 IDSvia64.sys [1455288 2020-05-19] (Symantec Corporation -> Symantec Corporation)\nR2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [214496 2020-06-02] (Malwarebytes Inc -> Malwarebytes)\nS0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)\nR3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [195432 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMProtection; C: WINDOWS system32 DRIVERS mbam.sys [73368 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248968 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [131736 2020-06-13] (Malwarebytes Inc -> Malwarebytes)\nR1 netfilter_wfp_ev_64; C: WINDOWS System32 drivers netfilter_wfp_ev_64.sys [96864 2018-04-12] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur Windows® Win 7 DDK)\nR1 qwdf64; C: WINDOWS system32 Drivers qwdf64.sys [41872 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR1 qwdr64; C: WINDOWS system32 Drivers qwdr64.sys [55696 2019-08-01] (Qustodio Technologies, SL -> Qustodio Technologies)\nR2 qwfp; C: WINDOWS system32 Drivers qwfp64.sys [47736 2019-08-01] (Éditeur de compatibilité matérielle Microsoft Windows -> Technologies Qustodio)\nS3 SPUVCbv; C: WINDOWS System32 Drivers SPUVCbv64.sys [766040 2017-10-26] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)\nR1 SRTSP; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSP64.SYS [870792 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SRTSPX; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SRTSPX64.SYS [51080 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 SyDvCtrl; C: Program Files (x86) Symantec Symantec Endpoint Protection 14.2.5569.2100.105 Bin64 SyDvCtrl64.sys [44568 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR0 SymEFASI; C: WINDOWS System32 drivers symefasi 0603040.009 symefasi64.sys [1822600 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS0 SymELAM; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SymELAM.sys [26000 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)\nR3 SymEvent; C: WINDOWS system32 Drivers SYMEVENT64x86.SYS [99920 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SymIRON; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 Ironx64.SYS [311264 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SYMNETS; C: WINDOWS System32 Drivers SEP 0E0215C1 0834.105 x64 SYMNETS.SYS [568712 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nR1 SysPlant; C: WINDOWS System32 Drivers SysPlant.sys [231360 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 tapnordvpn; C: WINDOWS System32 drivers tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> Le projet OpenVPN)\nR1 Teefer2; C: WINDOWS system32 DRIVERS Teefer.sys [132992 2020-05-20] (Symantec Corporation -> Symantec Corporation)\nS3 USBTINSP; C: WINDOWS System32 drivers tinspusb.sys [142848 2017-07-27] (Éditeur de compatibilité matérielle Microsoft Windows -> Texas Instruments)\nS3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)\nS3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nS3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)\nR3 WDTDrv; C: WINDOWS System32 Drivers WDTDrv.sys [27048 2018-02-27] (Huawei Technologies Co., Ltd. -> Appareil Huawei)\nS3 EraserUtilDrv11910; ?? C: Program Files (x86) Common Files Symantec Shared EENGINE EraserUtilDrv11910.sys [X]"},{"id":"text-25","heading":"Text","content":"==================== NetSvcs (liste blanche) ===================="},{"id":"text-26","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)"},{"id":"text-27","heading":"Text","content":"==================== Un mois (créé) ==================="},{"id":"text-28","heading":"Text","content":"(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)"},{"id":"text-29","heading":"Text","content":"2020-06-13 05:42 – 2020-06-13 05:42 – 000031721 _____ C: Users Ethan Desktop FRST.txt\n2020-06-13 05:42 – 2020-06-13 05:42 – 000000000 ____D C: FRST\n2020-06-13 05:40 – 2020-06-13 05:40 – 002289152 _____ (Farbar) C: Users Ethan Desktop FRST64.exe\n2020-06-13 05:36 – 2020-06-13 05:36 – 000195432 _____ (Malwarebytes) C: WINDOWS system32 Drivers farflt.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000131736 _____ (Malwarebytes) C: WINDOWS system32 Drivers mwac.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000073368 _____ (Malwarebytes) C: WINDOWS system32 Drivers mbam.sys\n2020-06-13 05:36 – 2020-06-13 05:36 – 000000000 ____D C: Users Ethan AppData LocalLow IGDump\n2020-06-13 05:30 – 2020-06-13 05:34 – 000417646 _____ C: WINDOWS ntbtlog.txt\n2020-06-12 22:53 – 2020-06-12 22:53 – 001920738 _____ C: Users Ethan Downloads iCloud Photos.zip\n2020-06-12 20:53 – 2020-06-12 22:54 – 000511438 _____ C: Users Ethan Downloads IMG_1020.JPEG\n2020-06-12 19:02 – 2019-08-01 16:48 – 000055696 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdr64.sys\n2020-06-12 19:02 – 2019-08-01 16:48 – 000041872 _____ (Qustodio Technologies) C: WINDOWS system32 Drivers qwdf64.sys\n2020-06-12 07:53 – 2020-06-12 07:53 – 000002608 _____ C: Users Ethan Downloads Player.plr\n2020-06-12 05:00 – 2020-06-12 05:00 – 000000000 ____D C: Users Ethan Downloads processhacker-2.39-bin\n2020-06-12 04:59 – 2020-06-12 04:59 – 003392412 _____ C: Users Ethan Downloads processhacker-2.39-bin.zip\n2020-06-12 02:28 – 2020-06-12 02:28 – 000000000 ____D C: Users Ethan Desktop tools\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002357 _____ C: Users Ethan AppData Roaming Microsoft Windows Menu Démarrer Programmes Lunar Client.lnk\n2020-06-09 19:06 – 2020-06-09 19:06 – 000002349 _____ C:UsersEthanDesktopLunar Client.lnk\n2020-06-09 19:05 – 2020-06-09 19:05 – 000755688 _____ (Moonsworth, LLC) C:UsersEthanDownloadsLunar Client v2.0.2.exe\n2020-06-09 01:47 – 2020-06-09 01:47 – 000000000 ____D C:UsersEthanAppDataLocalATI\n2020-06-09 01:43 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopruntime\n2020-06-09 01:42 – 2020-06-09 01:43 – 000000000 ____D C:UsersEthanDesktopgame\n2020-06-09 01:33 – 2020-06-12 02:28 – 002970008 _____ (Mojang) C:UsersEthanDesktopMinecraft.exe\n2020-06-09 00:03 – 2020-06-09 00:03 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable (1).zip\n2020-06-08 23:35 – 2020-06-08 23:58 – 000000000 ____D C:UsersEthanDownloadsRevoUninstaller_Portable\n2020-06-08 23:34 – 2020-06-08 23:34 – 009589547 _____ C:UsersEthanDownloadsRevoUninstaller_Portable.zip\n2020-06-08 23:11 – 2020-06-08 23:11 – 000000761 _____ C:UsersEthanDocumentsDownloads.lnk\n2020-06-08 22:13 – 2020-06-08 22:14 – 000000000 ___HD C:temp\n2020-06-08 09:38 – 2020-06-08 22:06 – 000000000 ____D C:35cf2c581e43e0fd0f2302ce54fb\n2020-06-08 09:29 – 2020-06-08 22:06 – 000000000 ____D C:68e9a7aba4aecf4ec4\n2020-06-08 08:06 – 2020-06-08 08:06 – 000000000 ___HD C:ProgramDataCanonIJFAX\n2020-06-07 23:17 – 2020-06-07 23:22 – 000000000 ____D C:UsersEthanEpubee Library\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanBookManager\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthanAppDataRoaming.cover\n2020-06-07 23:17 – 2020-06-07 23:17 – 000000000 ____D C:UsersEthan.Epubor_Keys\n2020-06-07 23:14 – 2020-06-08 22:16 – 000000000 ____D C:Program Files (x86)ePUBee\n2020-06-05 23:17 – 2020-06-05 23:17 – 000000000 ____D C:8527c8ea7501eb69401877adc732\n2020-06-05 23:07 – 2020-06-05 23:07 – 000000000 ____D C:de22f4d81bbf950b5e0f7a8642297b\n2020-06-05 22:57 – 2020-06-05 22:57 – 000000000 ____D C:f4b9a65bd3630368995b8ced06\n2020-06-05 22:37 – 2020-06-05 22:37 – 000000000 ____D C:faa6e5d10903a99a286ff6\n2020-06-05 22:27 – 2020-06-05 22:28 – 000000000 ____D C:4fa0f45da0c207e28fce354dfbcbb45a\n2020-06-05 22:24 – 2020-06-05 22:24 – 000000000 ____D C:UsersEthanAppDataLocalcache\n2020-06-05 22:19 – 2020-06-05 22:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAMD Radeon Software\n2020-06-05 22:17 – 2020-06-05 22:22 – 000000000 ____D C:25a06eb4cb678d6510bb02b4e69c\n2020-06-05 22:17 – 2020-06-05 22:17 – 000000000 ____D C:ProgramDataAMD\n2020-06-05 22:04 – 2020-06-05 22:12 – 000000000 ____D C:96699b5329d1ea66b0a663de302c5a\n2020-06-05 22:03 – 2020-06-05 22:03 – 000000000 ____D C:AMD\n2020-06-05 21:56 – 2020-06-05 21:56 – 000000000 ____D C:UsersEthanAppDataLocalRadeonSettings\n2020-06-05 21:52 – 2020-06-05 22:12 – 000000000 ____D C:59149044dd0aac2303de\n2020-06-05 21:44 – 2020-06-05 22:12 – 000000000 ____D C:bd86fd4774132980229e4d5232ae\n2020-06-05 04:05 – 2020-06-05 21:37 – 000000000 ____D C:873d716d2277afe5bee1c44e0b878d87\n2020-06-05 03:54 – 2020-06-05 21:37 – 000000000 ____D C:dbd59e3d47cf23fa38e6b2b4\n2020-06-05 03:46 – 2020-06-05 21:37 – 000000000 ____D C:8878178fedc450c4b9\n2020-06-05 03:30 – 2020-06-05 21:37 – 000000000 ____D C:3aa04f0e181a6ef6283335\n2020-06-05 02:34 – 2020-06-05 21:37 – 000000000 ____D C:b7af3d3859975eec9620db8b5a5f6e41\n2020-06-05 02:26 – 2020-06-05 21:37 – 000000000 ____D C:487c789bbfdb27e0f8\n2020-06-05 02:14 – 2020-06-05 21:37 – 000000000 ____D C:d88254605b4e82c096\n2020-06-05 02:05 – 2020-06-05 21:37 – 000000000 ____D C:e25ee765e720e9e181c0a4\n2020-06-05 01:55 – 2020-06-05 21:37 – 000000000 ____D C:8986be08c43b083cf019\n2020-06-05 01:45 – 2020-06-05 21:37 – 000000000 ____D C:24b77074821232b8eee377b656\n2020-06-05 01:35 – 2020-06-05 21:37 – 000000000 ____D C:76cca42bb37e3cd7e09f354112b60b\n2020-06-05 01:25 – 2020-06-05 21:37 – 000000000 ____D C:514f6c63d0b4235c42ea\n2020-06-05 01:15 – 2020-06-05 21:37 – 000000000 ____D C:a82951183443a4c4ff\n2020-06-05 01:05 – 2020-06-05 21:37 – 000000000 ____D C:1500873c57dc503bb2583144b776\n2020-06-05 00:55 – 2020-06-05 21:37 – 000000000 ____D C:2608ecb4b26d61af942bbe9aef91a4\n2020-06-05 00:45 – 2020-06-05 21:37 – 000000000 ____D C:d0bd3ae4cfc3cb2d19\n2020-06-05 00:35 – 2020-06-05 21:37 – 000000000 ____D C:b8593ace07e295202c\n2020-06-05 00:25 – 2020-06-05 21:37 – 000000000 ____D C:aefea5c399639a508a8d0cc319bada\n2020-06-05 00:15 – 2020-06-05 21:37 – 000000000 ____D C:d34e9191b27aad94f2aa2e6e\n2020-06-05 00:05 – 2020-06-05 21:37 – 000000000 ____D C:746cad1319b45c0fa13d3542b5\n2020-06-04 23:55 – 2020-06-05 21:37 – 000000000 ____D C:761aa80eda44dc967c55336087417a\n2020-06-04 23:45 – 2020-06-05 21:37 – 000000000 ____D C:b015b1b5cce422460fcedb4\n2020-06-04 23:35 – 2020-06-05 21:37 – 000000000 ____D C:21bb368a3acf317e654c\n2020-06-04 23:25 – 2020-06-05 21:37 – 000000000 ____D C:1eb161e731e359e492622ac3330bc8\n2020-06-04 23:15 – 2020-06-05 21:37 – 000000000 ____D C:9954edefd2c4ee760f21\n2020-06-04 23:05 – 2020-06-05 21:37 – 000000000 ____D C:4996eff18111c7145a68\n2020-06-04 22:55 – 2020-06-05 21:37 – 000000000 ____D C:dbfc9b3663e052d664a93b73\n2020-06-04 22:45 – 2020-06-05 21:37 – 000000000 ____D C:e15f2439316aa3b95ecb\n2020-06-04 22:35 – 2020-06-05 21:37 – 000000000 ____D C:812b054302348352f\n2020-06-03 21:45 – 2020-06-05 21:42 – 000000000 ___HD C:adobeTemp\n2020-06-02 22:05 – 2020-06-02 22:05 – 000000000 ___HD C:ProgramDataCanonBJ\n2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 ____D C:UsersEthanAppDataLocalUXP\n2020-06-02 21:49 – 2020-06-02 21:49 – 000000000 ____D C:UsersEthanAppDataLocalLowAdobe\n2020-06-02 21:47 – 2020-06-08 22:09 – 000000000 ___RD C:UsersEthanCreative Cloud Files\n2020-06-02 21:42 – 2020-06-02 21:47 – 000000000 ____D C:ProgramDataAdobe\n2020-06-02 21:40 – 2020-06-08 22:13 – 000000000 ____D C:Program FilesCommon FilesAdobe\n2020-06-02 21:40 – 2020-06-08 22:12 – 000000000 ____D C:Program FilesAdobe\n2020-06-02 21:38 – 2020-06-02 21:47 – 000000000 ____D C:UsersEthanAppDataLocalAdobe\n2020-06-02 17:15 – 2020-06-13 05:36 – 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys\n2020-06-02 17:15 – 2020-06-02 17:15 – 000214496 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys\n2020-06-01 01:12 – 2020-06-01 01:12 – 000000000 ____D C:UsersEthanAppDataLocalAdobe_Systems_Incorporate\n2020-06-01 01:06 – 2020-06-08 23:12 – 000000000 ____D C:Program Files (x86)Adobe\n2020-05-27 14:20 – 2020-05-27 14:20 – 064809688 _____ C:WINDOWSsystem32amd_comgr.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 053685456 _____ C:WINDOWSSysWOW64amd_comgr32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004631248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amfrt64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 004141776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amfrt32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001784536 _____ C:WINDOWSsystem32vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001775320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001374936 _____ C:WINDOWSSysWOW64vulkaninfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001342168 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64atiadlxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 001085976 _____ C:WINDOWSsystem32vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000944824 _____ C:WINDOWSSysWOW64vulkan-1.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000761040 _____ (AMD) C:WINDOWSsystem32atieclxx.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000737496 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32Rapidfire64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000621784 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64Rapidfire.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000497360 _____ C:WINDOWSsystem32GameManager64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000493776 _____ C:WINDOWSsystem32dgtrayicon.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000469200 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32atidemgy.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000456920 _____ C:WINDOWSsystem32atieah64.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000433360 _____ C:WINDOWSsystem32EEURestart.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000380624 _____ C:WINDOWSSysWOW64GameManager32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000352464 _____ C:WINDOWSSysWOW64atieah32.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000340176 _____ C:WINDOWSsystem32clinfo.exe\n2020-05-27 14:20 – 2020-05-27 14:20 – 000245976 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atig6txx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000213712 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atigktxx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000187600 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantle64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000183008 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32aticfx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167632 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atisamu64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000167128 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mantleaxl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000159264 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64aticfx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000157408 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantle32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000143056 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mantleaxl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000141528 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atisamu32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000136400 _____ (AMD) C:WINDOWSsystem32atimuixx.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000135384 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000126160 _____ C:WINDOWSsystem32atidxx64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000123088 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdxc64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000121048 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000108240 _____ C:WINDOWSSysWOW64atidxx32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000107728 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdxc32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000091352 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32mcl64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000075984 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64mcl32.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000070872 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32ati2erec.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000047320 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32RapidFireServer64.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000044248 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64RapidFireServer.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSSysWOW64detoured.dll\n2020-05-27 14:20 – 2020-05-27 14:20 – 000020392 _____ (Microsoft Corporation) C:WINDOWSsystem32detoured.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 071473360 _____ (Advanced Micro Devices Inc.) C:WINDOWSsystem32amdhip64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001686624 _____ (AMD) C:WINDOWSsystem32amf-mft-mjpeg-decoder64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 001365984 _____ (AMD) C:WINDOWSSysWOW64amf-mft-mjpeg-decoder32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000941776 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdlvr64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000769232 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdlvr32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000554192 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdmcl64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000547424 _____ C:WINDOWSsystem32amdmiracast.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000490192 _____ C:WINDOWSsystem32amdgfxinfo64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000467152 _____ C:WINDOWSsystem32amdlogum.exe\n2020-05-27 14:19 – 2020-05-27 14:19 – 000384208 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdmcl32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000380624 _____ C:WINDOWSSysWOW64amdgfxinfo32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000198928 _____ (Advanced Micro Devices, Inc.) C:WINDOWSsystem32amdihk64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000168016 _____ (Advanced Micro Devices, Inc.) C:WINDOWSSysWOW64amdihk32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32atimpc64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000130864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdpcom64.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108880 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdpcom32.dll\n2020-05-27 14:19 – 2020-05-27 14:19 – 000108864 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64atimpc32.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000136544 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSsystem32amdave64.dll\n2020-05-27 14:18 – 2020-05-27 14:18 – 000120896 _____ (Advanced Micro Devices, Inc. ) C:WINDOWSSysWOW64amdave32.dll\n2020-05-26 20:09 – 2020-05-26 20:09 – 000000000 ____D C:UsersEthanAppDataLocalpackage.nw.new\n2020-05-25 20:28 – 2020-05-25 20:28 – 003471376 _____ C:WINDOWSSysWOW64atiumdva.cap\n2020-05-25 20:28 – 2020-05-25 20:28 – 003437632 _____ C:WINDOWSsystem32atiumd6a.cap\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSSysWOW64ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000204952 _____ C:WINDOWSsystem32ativvsvl.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSSysWOW64ativvsva.dat\n2020-05-25 20:26 – 2020-05-25 20:26 – 000157144 _____ C:WINDOWSsystem32ativvsva.dat\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSSysWOW64atiapfxx.blb\n2020-05-25 20:01 – 2020-05-25 20:01 – 000543400 _____ C:WINDOWSsystem32atiapfxx.blb\n2020-05-24 02:33 – 2020-06-09 18:08 – 000001445 _____ C:UsersPublicDesktopTerraria.lnk\n2020-05-24 02:23 – 2020-05-24 02:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com\n2020-05-24 02:20 – 2020-05-24 02:33 – 000000000 ____D C:ProgramDataGOG.com\n2020-05-23 16:18 – 2020-06-12 05:07 – 000000000 ____D C:UsersEthanAppDataLocalCrashDumps\n2020-05-20 08:04 – 2020-06-13 05:26 – 000074800 _____ (Symantec Corporation) C:WINDOWSsystem32msln.exe\n2020-05-20 08:00 – 2020-05-20 08:00 – 000000000 ____D C:UsersEthanAppDataLocalSymantec\n2020-05-20 07:56 – 2020-05-20 07:56 – 000609208 _____ (Symantec Corporation) C:WINDOWSsystem32SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000505120 _____ (Symantec Corporation) C:WINDOWSsystem32sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000485304 _____ (Symantec Corporation) C:WINDOWSSysWOW64SymVPN.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000434976 _____ (Symantec Corporation) C:WINDOWSSysWOW64sysfer.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000231360 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSysPlant.sys\n2020-05-20 07:56 – 2020-05-20 07:56 – 000224184 _____ (Symantec Corporation) C:WINDOWSsystem32FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000219576 _____ (Symantec Corporation) C:WINDOWSSysWOW64FwsVpn.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000099920 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSYMEVENT64x86.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000096184 _____ (Symantec Corporation) C:WINDOWSsystem32snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000085432 _____ (Symantec Corporation) C:WINDOWSSysWOW64snacnp.dll\n2020-05-20 07:56 – 2020-05-20 07:56 – 000048232 _____ (Symantec Corporation) C:WINDOWSsystem32DriversWGX64.SYS\n2020-05-20 07:56 – 2020-05-20 07:56 – 000010396 _____ C:WINDOWSsystem32DriversSYMEVENT64x86.CAT\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:WINDOWSsystem32Driverssymefasi\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataSymEFASI\n2020-05-20 07:56 – 2020-05-20 07:56 – 000000000 ____D C:Program FilesCommon FilesSymantec Shared\n2020-05-20 07:55 – 2020-05-20 16:02 – 000000000 ____D C:ProgramDataSymantec\n2020-05-20 07:55 – 2020-05-20 07:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:WINDOWSsystem32DriversSEP\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:ProgramDataregid.1992-12.com.symantec\n2020-05-20 07:55 – 2020-05-20 07:55 – 000000000 ____D C:Program Files (x86)Symantec\n2020-05-20 07:53 – 2020-05-20 07:53 – 000132992 _____ (Symantec Corporation) C:WINDOWSsystem32DriversTeefer.sys\n2020-05-20 07:25 – 2020-06-02 17:14 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys\n2020-05-20 07:25 – 2020-05-20 07:25 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbamtray\n2020-05-20 07:25 – 2020-05-20 07:25 – 000000000 ____D C:UsersEthanAppDataLocalmbam\n2020-05-20 07:25 – 2020-05-20 07:24 – 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:ProgramDataMalwarebytes\n2020-05-20 07:24 – 2020-05-20 07:24 – 000000000 ____D C:Program FilesMalwarebytes\n2020-05-19 11:20 – 2020-05-19 11:20 – 006170544 _____ (Advanced Micro Devices) C:WINDOWSsystem32Driversamdacpbus.sys\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocalLow3D Aim Trainer\n2020-05-16 22:50 – 2020-05-16 22:50 – 000000000 ____D C:UsersEthanAppDataLocal3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms3D Aim Trainer\n2020-05-16 22:49 – 2020-05-16 22:49 – 000000000 ____D C:Program Files (x86)3D Aim Trainer Launcher\n2020-05-14 07:59 – 2020-05-14 07:59 – 000000000 ____D C:UsersEthanAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom"},{"id":"text-30","heading":"Text","content":"==================== One month (modified) =================="},{"id":"text-31","heading":"Text","content":"(If an entry is included in the fixlist, the file/folder will be moved.)"},{"id":"text-32","heading":"Text","content":"2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSSysWOW64qengineOff.ini\n2020-06-13 05:43 – 2018-07-27 21:24 – 000013008 _____ C:WINDOWSsystem32qengineOff.ini\n2020-06-13 05:42 – 2019-05-04 21:51 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI\n2020-06-13 05:42 – 2018-09-15 09:31 – 000000000 ____D C:WINDOWSINF\n2020-06-13 05:40 – 2018-07-27 21:20 – 000000000 ____D C:ProgramDataQustodio\n2020-06-13 05:36 – 2020-04-03 14:18 – 000000000 ____D C:ProgramDataboost_interprocess\n2020-06-13 05:36 – 2019-05-04 21:52 – 000000006 ____H C:WINDOWSTasksSA.DAT\n2020-06-13 05:36 – 2018-09-15 09:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft\n2020-06-13 05:35 – 2019-06-28 22:15 – 000000000 ____D C:UsersEthanAppDataRoaming.minecraft\n2020-06-13 05:29 – 2019-05-04 21:42 – 000000000 ____D C:UsersEthan\n2020-06-13 05:28 – 2018-12-18 11:43 – 000000000 ____D C:UsersEthanAppDataRoamingdiscord\n2020-06-13 04:54 – 2019-05-04 21:41 – 000000000 ____D C:WINDOWSsystem32SleepStudy\n2020-06-13 02:51 – 2018-09-25 19:31 – 000000000 ____D C:WINDOWSsystem32AMD\n2020-06-12 20:23 – 2019-03-19 09:02 – 000000000 ___HD C:$WINDOWS.~BT\n2020-06-12 19:59 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSAppReadiness\n2020-06-12 19:57 – 2018-09-15 09:33 – 000000000 ___HD C:Program FilesWindowsApps\n2020-06-12 19:01 – 2018-09-14 19:13 – 000000000 ____D C:Program Files (x86)Qustodio\n2020-06-12 19:01 – 2018-07-27 21:24 – 000000000 __SHD C:WINDOWSSysWOW64AI_RecycleBin\n2020-06-12 03:02 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSLiveKernelReports\n2020-06-12 02:28 – 2020-04-06 17:11 – 000000000 ____D C:UsersEthanAppDataRoaminglunarclient\n2020-06-11 03:58 – 2019-05-03 10:10 – 000000000 ___DC C:WINDOWSPanther\n2020-06-09 22:11 – 2018-09-15 09:23 – 000000000 ____D C:WINDOWSCbsTemp\n2020-06-09 19:14 – 2020-03-24 13:02 – 000000000 ____D C:UsersEthan.lunarclient\n2020-06-09 18:08 – 2018-09-29 13:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTerraria [GOG.com]\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagwrn.xml\n2020-06-09 04:19 – 2019-05-04 21:51 – 000028578 _____ C:WINDOWSdiagerr.xml\n2020-06-09 03:07 – 2018-09-15 09:33 – 000000000 ____D C:WINDOWSRegistration\n2020-06-09 00:08 – 2018-07-27 21:22 – 000000000 ____D C:Program Files (x86)Microsoft Office\n2020-06-08 23:57 – 2018-08-31 20:24 – 000000000 ____D C:UsersEthanDocumentsChurch\n2020-06-08 22:16 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalPackages\n2020-06-08 22:12 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataRoamingAdobe\n2020-06-08 22:06 – 2020-05-01 05:13 – 000000000 ____D C:Program FilesBadlion Client\n2020-06-08 22:06 – 2019-05-04 21:42 – 000000000 ____D C:Usersdadministrator\n2020-06-07 23:18 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalVirtualStore\n2020-06-07 22:50 – 2018-07-30 00:34 – 000000000 ____D C:UsersEthanAppDataLocalD3DSCache\n2020-06-07 19:08 – 2019-05-04 21:41 – 000488632 _____ C:WINDOWSsystem32FNTCACHE.DAT\n2020-06-05 22:24 – 2018-07-27 21:35 – 000000000 ____D C:UsersEthanAppDataLocalAMD\n2020-06-05 22:19 – 2018-05-03 21:32 – 000000000 ____D C:Program FilesAMD\n2020-06-05 02:56 – 2018-07-27 21:18 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk\n2020-06-03 03:32 – 2018-09-15 09:36 – 000835480 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerApp.exe\n2020-06-03 03:32 – 2018-09-15 09:36 – 000179608 _____ (Adobe) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl\n2020-06-02 21:45 – 2018-07-28 19:27 – 000000000 ____D C:ProgramDataPackages\n2020-06-02 21:42 – 2018-05-03 20:44 – 000000000 ____D C:ProgramDataPackage Cache\n2020-06-02 21:40 – 2018-09-15 09:33 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared\n2020-05-24 02:27 – 2018-09-29 08:34 – 000000000 ____D C:Program Files (x86)GOG Galaxy\n2020-05-20 07:56 – 2018-09-15 09:33 – 000000000 ___HD C:WINDOWSELAMBKUP\n2020-05-17 05:16 – 2018-09-15 08:09 – 000000000 ____D C:WINDOWSservicing\n2020-05-14 07:59 – 2020-04-02 11:01 – 000000000 ____D C:UsersEthanAppDataRoamingZoom"},{"id":"text-33","heading":"Text","content":"==================== Files in the root of some directories ========"},{"id":"text-34","heading":"Text","content":"2020-06-02 21:50 – 2020-06-02 21:50 – 000000000 _____ () C:UsersEthanAppDataLocaloobelibMkey.log\n2020-02-09 15:02 – 2020-02-09 15:02 – 000000218 _____ () C:UsersEthanAppDataLocalrecently-used.xbel"},{"id":"text-35","heading":"Text","content":"==================== FLock =============================="},{"id":"text-36","heading":"Text","content":"2020-05-13 20:50 C:PerfLogs\n2020-06-12 19:49 C:WINDOWSsystem32config\n2018-09-15 09:33 C:WINDOWSsystem32Configuration\n2018-09-15 09:33 C:WINDOWSsystem32DriverState\n2018-09-15 09:33 C:WINDOWSsystem32FxsTmp\n2018-09-15 09:34 C:WINDOWSsystem32ias\n2018-09-15 09:34 C:WINDOWSsystem32MsDtc\n2018-09-15 09:33 C:WINDOWSsystem32networklist\n2020-06-13 04:54 C:WINDOWSsystem32SleepStudy\n2020-06-13 05:29 C:WINDOWSsystem32sru\n2020-06-05 22:22 C:WINDOWSsystem32Tasks\n2019-05-05 07:40 C:WINDOWSsystem32Tasks_Migrated\n2019-07-19 20:15 C:WINDOWSsystem32WDI\n2020-06-12 19:57 C:Program FilesWindowsApps\n2020-06-09 04:19 C:WINDOWSdiagerr.xml\n2020-06-09 04:19 C:WINDOWSdiagwrn.xml\n2019-05-05 07:38 C:WINDOWSInfusedApps\n2020-06-12 03:02 C:WINDOWSLiveKernelReports\n2020-02-15 18:45 C:WINDOWSMinidump\n2018-09-15 09:33 C:WINDOWSModemLogs\n2020-06-13 05:42 C:WINDOWSPrefetch\n2019-05-04 22:10 C:WINDOWSServiceState\n2020-06-13 05:41 C:WINDOWSTemp\n2018-09-15 09:33 C:WINDOWSSysWOW64config\n2018-09-15 09:33 C:WINDOWSSysWOW64Configuration\n2018-09-15 09:33 C:WINDOWSSysWOW64Msdtc\n2018-09-15 09:33 C:WINDOWSSysWOW64networklist\n2018-09-15 09:33 C:WINDOWSSysWOW64sru\n2018-09-15 09:33 C:WINDOWSSysWOW64Tasks\n2018-09-15 09:33 C:WINDOWSsystem32DriversDriverData\n2020-06-08 22:06 C:Usersdadministrator\n2020-06-02 21:45 C:ProgramDataPackages\n2019-05-04 21:44 C:ProgramDataUSOPrivate"},{"id":"text-37","heading":"Text","content":"==================== SigCheck ============================"},{"id":"text-38","heading":"Text","content":"(There is no automatic fix for files that do not pass verification.)"},{"id":"text-39","heading":"Text","content":"ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.\nAccess is denied."},{"id":"text-40","heading":"Text","content":"==================== End of FRST.txt ========================"},{"id":"text-41","heading":"Text","content":"Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020\nRan by Ethan (13-06-2020 05:43:40)\nRunning from C:UsersEthanDesktop\nWindows 10 Home Version 1809 17763.1217 (X64) (2019-05-04 19:53:29)\nBoot Mode: Normal\n=========================================================="},{"id":"text-42","heading":"Text","content":"==================== Accounts: ============================="},{"id":"text-43","heading":"Text","content":"Administrator (S-1-5-21-1017088884-3281645122-1580351492-500 – Administrator – Disabled)\ndadministrator (S-1-5-21-1017088884-3281645122-1580351492-1001 – Administrator – Enabled) => C:Usersdadministrator\nDefaultAccount (S-1-5-21-1017088884-3281645122-1580351492-503 – Limited – Disabled)\nEthan (S-1-5-21-1017088884-3281645122-1580351492-1002 – Limited – Enabled) => C:UsersEthan\nGuest (S-1-5-21-1017088884-3281645122-1580351492-501 – Limited – Disabled)\nWDAGUtilityAccount (S-1-5-21-1017088884-3281645122-1580351492-504 – Limited – Disabled)"},{"id":"text-44","heading":"Text","content":"==================== Security Center ========================"},{"id":"text-45","heading":"Text","content":"(If an entry is included in the fixlist, it will be removed.)"},{"id":"text-46","heading":"Text","content":"AV: Symantec Endpoint Protection (Enabled – Up to date) 1122B19A-E671-38EC-8EAC-87048FD4528D\nAV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nAV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B\nAS: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46\nFW: Symantec Endpoint Protection (Enabled) 291930BF-AC1E-39B4-A5F3-2E31710715F6"},{"id":"text-47","heading":"Text","content":"==================== Installed Programs ======================"},{"id":"text-48","heading":"Text","content":"(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)"},{"id":"text-49","heading":"Text","content":"3D Aim Trainer Launcher version 1.01 (HKLM-x32…DEBD852F-7476-4715-B6AC-8A3C560EAAAA_is1) (Version: 1.01 – 3D Aim Trainer)\n7-Zip 18.05 (x64) (HKLM…7-Zip) (Version: 18.05 – Igor Pavlov)\nAMD Software (HKLM…AMD Catalyst Install Manager) (Version: 20.5.1 – Advanced Micro Devices, Inc.)\nASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)\nBranding64 (HKLM…856DA29A-EA4A-468B-BBC2-B5F60DD75BFE) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Discord) (Version: 0.0.306 – Discord Inc.)\nDiscord (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Discord) (Version: 0.0.306 – Discord Inc.)\nEdgeDeflector (HKLM-x32…EdgeDeflector) (Version:  – )\nEpic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nGlorious Model O Software (HKLM-x32…969D386-B5B4-41BD-98E3-4A1A7D32CB97_is1) (Version: 1.0.9 – Glorious PC Gaming Race LLC.)\nGOG GALAXY (HKLM-x32…7258BA11-600C-430E-A759-27E2C691A335_is1) (Version:  – GOG.com)\nGoogle Chrome (HKLM-x32…Google Chrome) (Version: 83.0.4103.97 – Google LLC)\nGoogle Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.35.451 – Google LLC) Hidden\nIntel® PROSet/Wireless Software (HKLM-x32…3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad) (Version: 20.50.0 – Intel Corporation)\nJava 8 Update 181 (64-bit) (HKLM…26A24AE4-039D-4CA4-87B4-2F64180181F0) (Version: 8.0.1810.13 – Oracle Corporation)\nKeePass Password Safe 2.44 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.44 – Dominik Reichl)\nLauncher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden\nLogger Pro 3.15 (HKLM-x32…096EA23-A525-41C3-9DBC-E7FA5F02608C) (Version: 5.185.1506 – Vernier Software & Technology)\nLogitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nLunar Client (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.0.2 – Moonsworth, LLC)\nMalwarebytes version 4.1.0.56 (HKLM…35065F43-4BB2-439A-BFF7-0F1014F2E0CD_is1) (Version: 4.1.0.56 – Malwarebytes)\nMicrosoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.12827.20268 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…F0C3E5D1-1ADE-321E-8167-68EF0DE699A5) (Version: 10.0.40219 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…33d1fd90-4274-48a1-9bc1-97e33d9c2d6f) (Version: 11.0.61030.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…61087a79-ac85-455c-934d-1fa22cc64f36) (Version: 12.0.40660.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32…852adda4-4c78-4a38-b583-c0b360a329d6) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…45231ab4-69fd-486a-859d-7a59fcd11013) (Version: 14.23.27820.0 – Microsoft Corporation)\nMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32…2BFC7AA0-544C-4E3A-8796-67F3BE655BE9) (Version: 4.0.20823.0 – Microsoft Corporation)\nMinecraft (HKLM-x32…756E195A-CB58-4B99-917F-0DDA0D881204) (Version: 1.0.4.0 – Mojang)\nMinecraft Launcher (HKLM-x32…E15F69FA-660D-45CC-B28F-6CBC4CAD2091) (Version: 1.0.0.0 – Mojang)\nOEM Application Profile (HKLM-x32…12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50) (Version: 1.00.0000 – Advanced Micro Devices, Inc.)\nOffice 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.12827.20268 – Microsoft Corporation) Hidden\nOffice 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.12827.20160 – Microsoft Corporation) Hidden\nPC Manager (HKLM…PC Manager) (Version: 10.0.5.51 – Huawei Technologies Co., Ltd.)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nPopcorn-Time (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…Popcorn-Time) (Version: 0.4.1 – Popcorn Time)\nQustodio (HKLM-x32…3BE72491-5A26-4935-9500-4EADA48A4068) (Version: 181.11.274.0 – Qustodio Technologies) Hidden\nQustodio (HKLM-x32…Qustodio) (Version: 181.11.274.0 – Qustodio)\nRealtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8459 – Realtek Semiconductor Corp.)\nSymantec Endpoint Protection (HKLM…CE2F0EC1-BF6B-42A6-993C-1D9655D0C9DF) (Version: 14.2.5569.2100 – Symantec Corporation)\nTerraria (HKLM-x32…1207665503_is1) (Version: v1.4.0.5 – GOG.com)\nTI-Nspire™ CX Student Software (HKLM-x32…465DD59-DB1D-4245-9050-B5C04EED9F52) (Version: 4.5.0.1180 – Texas Instruments Inc.)\nVulkan Run Time Libraries 1.0.61.0 (HKLM…VulkanRT1.0.61.0) (Version: 1.0.61.0 – LunarG, Inc.) Hidden\nVulkan Run Time Libraries 1.1.70.0 (HKLM…VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden\nWDT Device Driver version 1.0.2.5 (HKLM-x32…5B06CB06-0929-48BC-BE1F-7E41461440C7_is1) (Version: 1.0.2.5 – Huawei Technologies Co., Ltd.)\nWindows Driver Package – Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)\nWindows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nWizard101 (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…A9E27FF5-6294-46A8-B8FD-77B1DECA3021) (Version: 1.0.0 – KingsIsle Entertainment, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)\nZoom (HKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…ZoomUMX) (Version: 5.0 – Zoom Video Communications, Inc.)"},{"id":"text-50","heading":"Text","content":"Packages:\n=========\nAdobe Reader Touch -> C:Program FilesWindowsAppsAdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [0000-00-00] (Adobe Systems Incorporated)\nArduino IDE -> C:Program FilesWindowsAppsArduinoLLC.ArduinoIDE_1.8.33.0_x86__mdqgnx93n4wtt [0000-00-00] (Arduino LLC)\nDolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nDolby Atmos Sound System -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [0000-00-00] (Dolby Laboratories)\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMicrosoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation) [MS Ad]\nMPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nPhotos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [0000-00-00] (Microsoft Corporation)\nRealtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.156.0_x64__dt26b99r8h8gj [0000-00-00] (Realtek Semiconductor Corp)\nSpotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [0000-00-00] (Spotify AB) [Startup Task]"},{"id":"text-51","heading":"Text","content":"==================== Custom CLSID (Whitelisted): =============="},{"id":"text-52","heading":"Text","content":"(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)"},{"id":"text-53","heading":"Text","content":"CustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSIDE270DAA-1BE6-48F2-AC49-5AC63241FAAA -> [Creative Cloud Files] => C:UsersEthanCreative Cloud Files [2020-06-02 21:47]\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID7AFDFDDB-F914-11E4-8377-6C3BE50D980CInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nCustomCLSID: HKUS-1-5-21-1017088884-3281645122-1580351492-1002_ClassesCLSID82CA8DE3-01AD-4CEA-9D75-BE4C51810A9EInprocServer32 -> C:UsersEthanAppDataLocalMicrosoftOneDrive19.152.0801.0007amd64FileSyncShell64.dll => No File\nContextMenuHandlers1: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers1: [HwShareMenu] -> 41b3b91f-d6b3-3430-bb86-a143f85353ca => C:Program FilesHuaweiPCManagerHwShellMenuHwShareMenu9.DLL [2020-01-10] (Huawei Technologies Co., Ltd. -> )\nContextMenuHandlers1: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers2: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers3: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)\nContextMenuHandlers4: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers5: [ACE] -> 5E2121EE-0300-11D4-8D3B-444553540000 => C:Program FilesAMDCNextCNextatiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)\nContextMenuHandlers6: [7-Zip] -> 23170F69-40C1-278A-1000-000100020000 => C:Program Files7-Zip7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]\nContextMenuHandlers6: [LDVPMenu] -> 8BEEE74D-455E-4616-A97A-F6E86C317F32 => C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64vpshell2.dll [2020-05-20] (Symantec Corporation -> Symantec Corporation)\nContextMenuHandlers6: [MBAMShlExt] -> 57CE581A-0CB6-4266-9CA0-19364C90A0B3 => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-20] (Malwarebytes Corporation -> Malwarebytes)"},{"id":"text-54","heading":"Text","content":"==================== Codecs (Whitelisted) ===================="},{"id":"text-55","heading":"Text","content":"==================== Shortcuts & WMI ========================"},{"id":"text-56","heading":"Text","content":"(The entries could be listed to be restored or removed.)"},{"id":"text-57","heading":"Text","content":"ShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome School.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Profile 1"\nShortcutWithArgument: C:UsersEthanDocumentsShortcutsChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarChrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory="Default"\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutsd249d9ddd424b688Ethan – Chrome.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default\nShortcutWithArgument: C:UsersEthanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts76f9e4d33b60b312Popcorn-Time.lnk -> C:UsersEthanAppDataLocalPopcorn-TimePopcorn-Time.exe (The NW.js Community) -> –user-data-dir="C:UsersEthanAppDataLocalPopcorn-TimeUser Data" –profile-directory=Default –app-id=hecfofbbdfadifpemejbbdcjmfmboohj"},{"id":"text-58","heading":"Text","content":"==================== Loaded Modules (Whitelisted) ============="},{"id":"text-59","heading":"Text","content":"2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003567616 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll\n2018-07-29 18:39 – 2018-04-30 14:00 – 000075776 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqgif.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqicns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqico.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000413696 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqjpeg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqsvg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqtga.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwbmp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000519168 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsimageformatsqwebp.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001431040 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsplatformsqwindows.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001180672 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginssqldriversqsqlite.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000135680 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextpluginsstylesqwindowsvistastyle.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 006010880 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 006345216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001078272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 004000256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 003802624 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickControls2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 001083904 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5QuickTemplates2.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000205312 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Sql.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000376320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 092323328 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 005560832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000188416 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 002888704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000287232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControls.2qtquickcontrols2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000329216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000089088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000312320 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickTemplates.2qtquicktemplates2plugin.dll\n2019-07-18 11:23 – 2019-07-18 11:23 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll\n2020-05-25 14:17 – 2020-05-25 14:17 – 000085504 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtWebEngineqtwebengineplugin.dll\n2019-07-31 18:28 – 2019-07-31 18:28 – 005112440 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program Files (x86)QustodioqappQt5Core.dll"},{"id":"text-60","heading":"Text","content":"==================== Alternate Data Streams (Whitelisted) ========"},{"id":"text-61","heading":"Text","content":"(If an entry is included in the fixlist, only the ADS will be removed.)"},{"id":"text-62","heading":"Text","content":"AlternateDataStreams: C:WINDOWSsystem32msln.exe:31b498626fde803a3eb44bd105d3469d [1818]\nAlternateDataStreams: C:UsersEthanOneDrive:$3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0.SyncRootIdentity [118]\nAlternateDataStreams: C:UsersPublicShared Files:VersionCache [482]"},{"id":"text-63","heading":"Text","content":"==================== Safe Mode (Whitelisted) =================="},{"id":"text-64","heading":"Text","content":"(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)"},{"id":"text-65","heading":"Text","content":"HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkccSettings_D8E0573B-6B4C-4DC0-8F5C-4764B8E079F9.sys => ""="Driver"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => ""="Service"\nHKLMSYSTEMCurrentControlSetControlSafeBootNetworkSepMasterService => ""="Service""},{"id":"text-66","heading":"Text","content":"==================== Association (Whitelisted) ================="},{"id":"text-67","heading":"Text","content":"==================== Internet Explorer trusted/restricted =========="},{"id":"text-68","heading":"Text","content":"==================== Hosts content: ========================="},{"id":"text-69","heading":"Text","content":"(If needed Hosts: directive could be included in the fixlist to reset Hosts.)"},{"id":"text-70","heading":"Text","content":"2017-09-29 15:46 – 2017-09-29 15:44 – 000000824 _____ C:WINDOWSsystem32driversetchosts"},{"id":"text-71","heading":"Text","content":"2018-07-30 02:34 – 2020-03-23 22:02 – 000000854 _____ C:WINDOWSsystem32driversetchosts.ics\n2.168.137.66 HUAWEI_Mate_10_lite-22508.mshome.net # 2020 3 3 25 17 48 50 703\n135 Selims-android.mshome.net # 2020 3 2 17 12 35 10 156\n68.137.72 iPhone.mshome.net # 2020 3 2 17 10 10 44 788\n192.168.137.155 Ismails-iPhone.mshome.net # 2020 3 2 17 10 20 26 328\n192.168.137.205 Mustafas-iPhone.mshome.net # 2020 3 2 17 11 31 44 941\n192.168.137.135 Selims-android.mshome.net # 2020 3 2 17 11 34 45 162\n45 162"},{"id":"text-72","heading":"Text","content":"==================== Other Areas ==========================="},{"id":"text-73","heading":"Text","content":"(Currently there is no automatic fix for this section.)"},{"id":"text-74","heading":"Text","content":"HKLMSystemCurrentControlSetControlSession ManagerEnvironment\\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;%SYSTEMROOT%System32OpenSSH\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750Control PanelDesktop\\Wallpaper -> C:UsersEthanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper\nDNS Servers: 68.105.28.11 – 68.105.29.11\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)\nHKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )\nWindows Firewall is enabled."},{"id":"text-75","heading":"Text","content":"==================== MSCONFIG/TASK MANAGER disabled items =="},{"id":"text-76","heading":"Text","content":"(If an entry is included in the fixlist, it will be removed.)"},{"id":"text-77","heading":"Text","content":"HKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002…StartupApprovedRun: => "launchOnStartup"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Send to OneNote.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedStartupFolder: => "Rainmeter.lnk"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "OneDrive"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "EpicGamesLauncher"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "NordVPN"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "CCXProcess"\nHKUS-1-5-21-1017088884-3281645122-1580351492-1002-ED1FC765-E35E-4C3D-BF15-2C2B11260CE4-06132020053622750…StartupApprovedRun: => "launchOnStartup""},{"id":"text-78","heading":"Text","content":"==================== FirewallRules (Whitelisted) ================"},{"id":"text-79","heading":"Text","content":"(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)"},{"id":"text-80","heading":"Text","content":"FirewallRules: [UDP Query User12F0F1BF-0F1F-4AB8-B85A-D9666E12CC7BC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [TCP Query UserAAC7522B-41B2-483C-98AB-7D9706CC568CC:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe] => (Allow) C:program filesjetbrainspycharm community edition 2018.2.4binpycharm64.exe => No File\nFirewallRules: [UDP Query UserB655ADFE-D471-4273-8DF6-3AA2EB7238D0C:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User3772B830-C4A3-434E-84E3-0675F7D0A32AC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User88BB2546-D116-4625-B254-3335A5E7E666C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query User7AEAEE55-FD0D-4187-A7DD-74DF301A87D5C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEFD389F3-4BB9-4F23-877E-D3EFCF7F504EC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [TCP Query User55312368-2298-429C-8470-337C2DFF83EBC:usersethanappdatalocalpopcorn-timepopcorn-time.exe] => (Block) C:usersethanappdatalocalpopcorn-timepopcorn-time.exe (The NW.js Community) [File not signed]\nFirewallRules: [UDP Query User87D15FF9-546C-4936-80E1-FA5C69CFB167C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [TCP Query UserB3624AFD-AF17-4707-AE2A-1FA524548AE6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Block) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe => No File\nFirewallRules: [UDP Query UserBED176F5-E088-4E80-A439-A2E0C5296F65C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [TCP Query UserE8066C27-5541-4B56-82F1-DC100EEC4D6AC:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Block) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe => No File\nFirewallRules: [UDP Query UserEB916461-5625-4A23-8084-B456FFFB8368C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [TCP Query UserFA84BDB4-5A67-486F-B1CD-3E992B6E3C80C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwarejrebinjava.exe\nFirewallRules: [UDP Query User36DCE1FF-F8D8-495A-A43E-D2BF089793F5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User645C505C-46E6-4752-9BC5-AA58291278D5C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [36DD776C-BEF9-4E6F-AD69-D718727D2319] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )\nFirewallRules: [TCP Query UserCBBD9637-D57F-4C62-BCCE-9A803B3B51EEC:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [UDP Query User5276D7A7-B6C4-4FFB-8C82-6EFA3165BB39C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x641.8.0_51binjavaw.exe => No File\nFirewallRules: [TCP Query UserEF82179C-59B6-4ADE-A26D-446FA52A5CCDC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [UDP Query User6A83EBA7-F319-4BCF-8D93-1EDB3C5AACFCC:usersethandownloadsruntimejre-x64binjavaw.exe] => (Block) C:usersethandownloadsruntimejre-x64binjavaw.exe => No File\nFirewallRules: [TCP Query User3FCC1C5D-9C46-4511-A102-919442135289C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query User1AE9246F-C286-436B-BB56-3037FBD0481FC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe\nFirewallRules: [TCP Query User02EFDE10-5C83-432F-ADA9-8BB6C6F18B59C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [UDP Query User984318C3-E844-45F5-95DF-9A4E8E08A073C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wttjavabinjavaw.exe => No File\nFirewallRules: [TCP Query UserB552C42A-EC61-4C72-8990-FE2ED796B10FC:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [UDP Query UserD3A17CA4-E12F-4B7A-96D3-066637371298C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe] => (Block) C:program files (x86)ti educationti-nspire cx student softwareti-nspire cx student software.exe (Texas Instruments -> Texas Instruments Incorporated)\nFirewallRules: [TCP Query User9F107497-D41A-46D3-80D9-C6B45B400C64C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [UDP Query User5FF66BEF-280F-4A88-A2EF-C5DA5956F1AFC:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe] => (Block) C:program fileswindowsappsarduinollc.arduinoide_1.8.33.0_x86__mdqgnx93n4wttjavabinjavaw.exe\nFirewallRules: [TCP Query UserD1CECEFF-BED1-4434-B871-8D5885AB6954C:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [UDP Query User126BD9DD-AF43-48E6-B4D2-BD72730DC3FAC:alphaantileakaalbinserveralphaantileak.exe] => (Block) C:alphaantileakaalbinserveralphaantileak.exe (Constantin Schreiber -> )\nFirewallRules: [TCP Query User9D7BDA86-7780-4BCB-9F94-9EF418916881C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [UDP Query UserD5BF7527-430F-4B92-BCA0-899E2AF39F0AC:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraft launcherruntimejre-x64binjavaw.exe\nFirewallRules: [6FC5A841-7F25-40DE-8A63-9D024257A7B8] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)\nFirewallRules: [TCP Query User81B37590-D222-4DC8-8999-59D3EDCA5718C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [UDP Query User14E58F6C-EBC9-4F1F-9F87-8795FF5F6FB8C:programdatabadlionclientjrebinjavaw.exe] => (Block) C:programdatabadlionclientjrebinjavaw.exe\nFirewallRules: [TCP Query User250ED133-0730-488D-A1D2-179D8124346CC:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [UDP Query UserE77D4C9A-65EF-415A-A9F6-720AA01E83F1C:program fileswe_clientwecdt.exe] => (Allow) C:program fileswe_clientwecdt.exe => No File\nFirewallRules: [BE86A0A2-2E3A-45BF-BD16-4FA988C2D2CF] => (Allow) C:Program FilesHuaweiPCManagerMBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> )\nFirewallRules: [582DC69D-F666-438F-AEEF-F7A98301E425] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [5B801E2C-89CA-45F2-8C8A-E34140BA5CB2] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinccSvcHst.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [D01E0175-B747-4800-B9EF-8D085402C350] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [3B512B5A-785E-4623-9D5E-A0B20854D1AA] => (Allow) C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105Bin64snac64.exe (Symantec Corporation -> Symantec Corporation)\nFirewallRules: [EE510510-A744-49B4-A8FB-3BCD9EC53DF5] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [398E3692-9769-4C56-8B5B-47860A11AC06] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [AE3B13C3-5BAC-4FCD-925E-65903C1B41E6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [83D17164-7624-4A27-8562-A4FAD02C5D6A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7CE68124-5460-4E6B-9835-6B827DFAFEE4] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [49B3A2C1-1884-4FBC-AEAB-3D91BAF96F05] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [FA9DE9FF-0B3D-4BF4-9967-5F9758AC2AF9] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [94F091D3-8AB0-4970-9FF7-69DFB31E5651] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)\nFirewallRules: [7AEC1DCC-8FBC-4CAE-8D3D-3D42B7A3B744] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)\nFirewallRules: [C59750B7-A6AD-486A-886B-D9F7DC67C995] => (Allow) %programfiles%Qustodioqappqwelcomewzd.exe => No File\nFirewallRules: [6C6EC456-3AE1-487B-A7E7-9E1897801E6B] => (Allow) %programfiles%QustodioqappQUpdateService.exe => No File\nFirewallRules: [68715DB0-C67D-4FF5-AA9C-FAE2AF083407] => (Allow) %programfiles%QustodioqappQReport.exe => No File\nFirewallRules: [32281869-1447-48F6-AB4A-0AE369098AD9] => (Allow) %programfiles%Qustodioqproxyqengine.exe => No File\nFirewallRules: [87EFFECC-2FD3-40DB-8A19-C7CE3164F080] => (Allow) %programfiles%QustodioqappQAppTray.exe => No File"},{"id":"text-81","heading":"Text","content":"==================== Restore Points ========================="},{"id":"text-82","heading":"Text","content":"ATTENTION: System Restore is disabled (Total:237.36 GB) (Free:96.61 GB) (41%)\nCheck "VSS" service"},{"id":"text-83","heading":"Text","content":"==================== Faulty Device Manager Devices ============"},{"id":"text-84","heading":"Text","content":"==================== Event log errors: ========================"},{"id":"text-85","heading":"Text","content":"Application errors:\n==================\nError: (06/13/2020 05:34:12 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )\nDescription: Memory Exploit Mitigation is malfunctioning"},{"id":"text-86","heading":"Text","content":"Error: (06/13/2020 05:33:19 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions."},{"id":"text-87","heading":"Text","content":"Error: (06/13/2020 05:33:03 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )\nDescription: Symantec Endpoint Protection has failed to load the latest virus definitions."},{"id":"text-88","heading":"Text","content":"Error: (06/13/2020 05:26:46 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing"},{"id":"text-89","heading":"Text","content":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing"},{"id":"text-90","heading":"Text","content":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing"},{"id":"text-91","heading":"Text","content":"Error: (06/13/2020 05:26:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing"},{"id":"text-92","heading":"Text","content":"Error: (06/13/2020 05:26:43 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )\nDescription: Security Risk Found! Hacktool.ProcHack in File: c:UsersEthandownloadsprocesshacker-2.39-binx64kprocesshacker.sys by: Auto-Protect scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: Reboot Processing"},{"id":"text-93","heading":"Text","content":"System errors:\n=============\nError: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-94","heading":"Text","content":"Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-95","heading":"Text","content":"Error: (06/13/2020 05:42:37 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-96","heading":"Text","content":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-97","heading":"Text","content":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-98","heading":"Text","content":"Error: (06/13/2020 05:42:14 AM) (Source: DCOM) (EventID: 10016) (User: ETHANLAPTOP)\nDescription: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID \nE579AB5F-1CC4-44B4-BED9-DE0991FF0623\n and APPID \n56BE716B-2F76-4DFA-8702-67AE10044F0B\n to the user ETHANLAPTOPEthan SID (S-1-5-21-1017088884-3281645122-1580351492-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-99","heading":"Text","content":"Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.SecurityAppBroker\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-100","heading":"Text","content":"Error: (06/13/2020 05:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)\nDescription: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID \nWindows.SecurityCenter.WscBrokerManager\n and APPID \nUnavailable\n to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."},{"id":"text-101","heading":"Text","content":"CodeIntegrity:\n==================================="},{"id":"text-102","heading":"Text","content":"Date: 2020-06-13 05:28:55.962\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-103","heading":"Text","content":"Date: 2020-06-13 05:28:55.958\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-104","heading":"Text","content":"Date: 2020-06-13 05:28:55.695\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-105","heading":"Text","content":"Date: 2020-06-13 05:28:55.690\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-106","heading":"Text","content":"Date: 2020-06-13 05:28:43.476\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-107","heading":"Text","content":"Date: 2020-06-13 05:28:43.473\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-108","heading":"Text","content":"Date: 2020-06-13 05:28:43.462\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-109","heading":"Text","content":"Date: 2020-06-13 05:28:43.458\nLa description: \nWindows is unable to verify the image integrity of the file DeviceHarddiskVolume3Program Files (x86)SymantecSymantec Endpoint Protection14.2.5569.2100.105BinWSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."},{"id":"text-110","heading":"Text","content":"==================== Memory info ==========================="},{"id":"text-111","heading":"Text","content":"BIOS: HUAWEI 1.22 02/26/2019\nMotherboard: HUAWEI KPL-W0X\nProcessor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx \nPercentage of memory in use: 60%\nTotal physical RAM: 7069.58 MB\nAvailable physical RAM: 2819.71 MB\nTotal Virtual: 17309.58 MB\nAvailable Virtual: 11480.89 MB"},{"id":"text-112","heading":"Text","content":"==================== Drives ================================"},{"id":"text-113","heading":"Text","content":"Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:96.61 GB) NTFS"},{"id":"text-114","heading":"Text","content":"\\?Volume38965f00-0083-43f6-a798-2a33a7b7f4a4 (WinRE) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS\n\\?Volumea3c90bc4-f030-4e42-aae4-a27a0935a741 (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32"},{"id":"text-115","heading":"Text","content":"==================== MBR & Partition Table ===================="},{"id":"text-116","heading":"Text","content":"==================== End of Addition.txt ======================="},{"id":"text-117","heading":"Text","content":"Click to rate this post!\n \n [Total: 0 Average: 0]"}],"media":{"primary_image":"https://tutos-gameserver.fr/wp-content/uploads/2020/03/1585419619_meta_image.png"},"relations":[{"rel":"canonical","href":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/"},{"rel":"alternate","href":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm","type":"text/html"},{"rel":"alternate","href":"https://tutos-gameserver.fr/2020/06/13/apres-le-telechargement-accidentel-dun-malware-lordinateur-nest-plus-le-meme-bien-choisir-son-serveur-d-impression/llm.json","type":"application/json"},{"rel":"llm-manifest","href":"https://tutos-gameserver.fr/llm-endpoints-manifest.json","type":"application/json"}],"http_headers":{"X-LLM-Friendly":"1","X-LLM-Schema":"1.1.0","Content-Security-Policy":"default-src 'none'; img-src * data:; style-src 'unsafe-inline'"},"license":"CC BY-ND 4.0","attribution_required":true,"allow_cors":false}