Windows Defender a détecté Office2019.cmd comme HackTool: BAT / AutoKms! MTB False / real? – Un bon serveur Minecraft
[bzkshopping keyword= »Minecraft » count= »8″ template= »grid »]
Est-il correct d'exécuter l'outil d'analyse de récupération Farbar avec Windows Defender? Je crains que cela puisse interférer avec les résultats ou quelque chose … Résultat de l'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Admin (administrator) on DESKTOP-4SAGV8L (LENOVO 20193) (07-05-2021 21:32:10)
Exécution à partir de C: Users Admin Downloads
Profils chargés: Admin
Plate-forme: Windows 10 Pro Version 20H2 19042.928 (X64) Langue: Anglais (États-Unis)
Navigateur par défaut: Edge
Mode de démarrage: normal
==================== Processus (sur liste blanche) ==================
(Si une entrée est incluse dans la liste de correctifs, le processus sera fermé. Le fichier ne sera pas déplacé.)
(Microsoft Corporation -> Microsoft Corporation) C: Program Files (x86) Microsoft Edge Application msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C: Program Files Common Files microsoft shared ClickToRun OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C: Users Admin AppData Local Microsoft OneDrive 21.073.0411.0002 FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C: Users Admin AppData Local Microsoft OneDrive OneDrive.exe
(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe HxOutlook.exe
(Microsoft Corporation) C: Program Files WindowsApps microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe HxTsr.exe
(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 InputMethod CHS ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 oobe UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2103.7-0 MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2103.7-0 NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C: Program Files NVIDIA Corporation Display.NvContainer NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe
(Power Software Limited -> Power Software Ltd) C: Program Files PowerISO PWRISOVM.EXE
(Qualcomm Atheros -> Fournisseur DDK Windows ® Win 7) C: Windows System32 drivers AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C: Program Files Realtek Audio HDA RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C: Program Files Realtek Audio HDA RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C: Program Files Synaptics SynTP SynTPEnhService.exe
==================== Registre (sur liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, l'élément de registre sera restauré par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM … Exécuter: [RtHDVCpl] => C: Program Files Realtek Audio HDA RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM … Exécuter: [RtHDVBg_Dolby] => C: Program Files Realtek Audio HDA RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32 … Exécuter: [SunJavaUpdateSched] => C: Program Files (x86) Common Files Java Java Update jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32 … Exécuter: [PWRISOVM.EXE] => C: Program Files PowerISO PWRISOVM.EXE [455872 2020-06-21] (Power Software Limited -> Power Software Ltd)
HKLM SOFTWARE Policies Microsoft Windows Defender: Restriction <==== ATTENTION
HKU S-1-5-21-2960236716-1891352181-3316826821-1001 … Exécuter: [Discord] => C: Users Admin AppData Local Discord Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub)
HKLM … Print Monitors HP C211 Status Monitor: C: Windows system32 hpinkstsC211LM.dll [342232 2015-07-03] (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction? <==== ATTENTION
Stratégies: C: ProgramData NTUSER.pol: Restriction <==== ATTENTION
==================== Tâches planifiées (sur liste blanche) ============
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
Tâche: 1166C8FE-0B63-4E7B-8EDD-7B529CCB2376 – System32 Tasks Microsoft Office Office Automatic Updates 2.0 => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23966488 2018-09-08] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 290E63A1-6390-465A-A347-762334A26EC2 – System32 Tasks Microsoft Office OfficeBackgroundTaskHandlerLogon => C: Program Files (x86) Microsoft Office root Office16 officebackgroundtaskhandler.exe [1527064 2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 55A05E10-917D-4FD0-8D5B-DA93BCEA7A37 – System32 Tasks Microsoft Windows Windows Defender Windows Defender Verification => C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 MpCmdRun. EXE [566368 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Tâche: 6851006D-3D72-4034-B836-AF01641A23E8 – System32 Tasks Microsoft Office OfficeOsfInstaller => C: Program Files (x86) Microsoft Office root VFS ProgramFilesCommonX86 Microsoft Shared Office16 osfinstaller. EXE [87120 2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 6A3F8B86-E2A2-4DCC-A90B-C34C27347866 – System32 Tasks Microsoft Office OfficeBackgroundTaskHandlerRegistration => C: Program Files (x86) Microsoft Office root Office16 officebackgroundtaskhandler.exe [1527064 2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 77C11178-724E-415C-B9F9-15FDB9794A07 – System32 Tasks Microsoft Office OfficeTelemetryAgentLogOn2016 => C: Program Files (x86) Microsoft Office root Office16 msoia.exe [2417448 2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Tâche: 795DAD24-B754-487B-A43E-DDAEAB28D656 – System32 Tasks Microsoft Windows Windows Defender Windows Defender Cleanup => C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 MpCmdRun. EXE [566368 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Tâche: CBFAEC17-B00F-448D-90B4-0243C17A5D1D – System32 Tasks Microsoft Windows Windows Defender Windows Defender Cache Maintenance => C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 MpCmdRun .EXE [566368 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Tâche: E1D7ECCD-8C42-42B5-A4F2-9C1A70A5AD5A – System32 Tasks Microsoft Office OfficeTelemetryAgentFallBack2016 => C: Program Files (x86) Microsoft Office root Office16 msoia.exe [2417448 2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Tâche: E9150417-A6EA-43A1-8D7C-89Dedral18B578 – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23966488 2018-09-08] (Microsoft Corporation -> Microsoft Corporation)
Tâche: FCE5A01C-B17A-4BE6-BCA6-1DB1BDF5D436 – System32 Tasks Microsoft Windows Windows Defender Windows Defender Scheduled Scan => C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 MpCmdRun .EXE [566368 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
(Si une entrée est incluse dans la liste de correctifs, le fichier de la tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (sur liste blanche) ====================
(Si un élément est inclus dans la liste de correctifs, s'il s'agit d'un élément de registre, il sera supprimé ou restauré par défaut.)
Tcpip Paramètres: [DhcpNameServer] 192.168.43.1
Tcpip .. Interfaces 86694137-c608-4c81-8763-02eb0cc9d9f5: [DhcpNameServer] 192.168.43.1
Bord:
=======
Edge DefaultProfile: Par défaut
Profil Edge: C: Users Admin AppData Local Microsoft Edge User Data Default [2021-05-07]
Extension Edge: (Honey) – C: Users Admin AppData Local Microsoft Edge User Data Default Extensions amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-05-06]
Edge HKLM-x32 … Edge Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Renard de feu:
========
FF Plugin-x32: @ java.com / DTPlugin, version = 11.291.2 -> C: Program Files (x86) Java jre1.8.0_291 bin dtplugin npDeployJava1.dll [2021-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @ java.com / JavaPlugin, version = 11.291.2 -> C: Program Files (x86) Java jre1.8.0_291 bin plugin2 npjp2.dll [2021-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @ microsoft.com / Lync, version = 15.0 -> C: Program Files (x86) Microsoft Office root VFS ProgramFilesX86 Mozilla Firefox plugins npmeetingjoinpluginoc.dll [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @ microsoft.com / SharePoint, version = 14.0 -> C: Program Files (x86) Microsoft Office root Office16 NPSPWRAP.DLL [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
Profil CHR: C: Users Admin AppData Local Google Chrome User Data Default [2021-05-05]
Extension CHR: (Malwarebytes Browser Guard) – C: Users Admin AppData Local Google Chrome User Data Default Extensions ihcjicgdanjaechkgeegckofjjedodee [2021-05-05]
Extension CHR: (Paiements Chrome Web Store) – C: Users Admin AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-04-26]
Extension CHR: (Chrome Media Router) – C: Users Admin AppData Local Google Chrome User Data Default Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]
CHR HKLM-x32 … Chrome Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (sur liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
R2 ClickToRunSvc; C: Program Files Common Files Microsoft Shared ClickToRun OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5361256 2021-04-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 NisSrv.exe [2624104 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C: ProgramData Microsoft Windows Defender platform 4.18.2103.7-0 MsMpEng.exe [128376 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (sur liste blanche) ===================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
S3 RimVSerPort; C: Windows System32 drivers RimSerial_AMD64.sys [31744 2009-01-09] (Éditeur de compatibilité matérielle Microsoft Windows -> Research in Motion Ltd)
S3 SaiK0CCB; C: Windows System32 drivers SaiK0CCB.sys [180544 2012-09-20] (Mad Catz Inc -> Saitek)
S3 SaiU0CCB; C: Windows System32 drivers SaiU0CCB.sys [47168 2012-09-20] (Mad Catz Inc -> Saitek)
S3 usbglcs1100301; C: Windows system32 drivers usbglcs1100301.sys [25600 2012-04-24] (Éditeur de compatibilité matérielle Microsoft Windows -> Fournisseur DDK Windows ® Win 7)
S3 VBoxUSB; C: Windows System32 Drivers VBoxUSB.sys [174968 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C: Windows System32 drivers wd WdBoot.sys [49560 2021-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C: Windows System32 drivers wd WdFilter.sys [421088 2021-04-21] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C: Windows System32 drivers wd WdNisDrv.sys [72928 2021-04-21] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (sur liste blanche) ====================
(Si une entrée est incluse dans la liste de correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé sauf s'il est répertorié séparément.)
==================== Trois mois (créé) (sur liste blanche) =========
(Si une entrée est incluse dans la liste de correctifs, le fichier / dossier sera déplacé.)
2021-05-07 21:31 – 2021-05-07 21:31 – 002298368 _____ (Farbar) C: Users Admin Downloads FRST64 (1) .exe
07/05/2021 18:55 – 07/05/2021 18:56 – 000310292 _____ C: TDSSKiller.3.1.0.28_07.05.2021_18.55.46_log.txt
07/05/2021 11:56 – 07/05/2021 12:12 – 000011054 _____ C: Users Admin OneDrive Documents Leçon 1 avec pak dion.xlsx
2021-05-07 11:55 – 2021-05-07 11:55 – 000000000 ____D C: Users Admin OneDrive Documents Custom Office Templates
2021-05-07 10:49 – 2021-05-07 10:49 – 000000000 ____D C: Users Admin AppData Roaming Skype
2021-05-07 10:47 – 2021-05-07 10:47 – 000002508 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Skype Entreprise.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000002503 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Word.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000002502 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes PowerPoint.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000002466 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Access.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000002465 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Excel.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000002459 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Outlook.lnk
07/05/2021 10:47 – 07/05/2021 10:47 – 000002453 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Publisher.lnk
2021-05-07 10:47 – 2021-05-07 10:47 – 000000000 ____D C: ProgramData Microsoft Windows Menu Démarrer Programmes Microsoft Office Tools
2021-05-07 10:45 – 2021-05-07 10:47 – 000000000 ____D C: Program Files (x86) Microsoft Office
07/05/2021 10:45 – 07/05/2021 10:45 – 000000000 ____D C: Program Files Microsoft Office 15
2021-05-07 10:43 – 2021-05-07 10:43 – 000000863 _____ C: Users Public Desktop PowerISO.lnk
2021-05-07 10:43 – 2021-05-07 10:43 – 000000863 _____ C: ProgramData Desktop PowerISO.lnk
2021-05-07 10:43 – 2021-05-07 10:43 – 000000000 ____D C: ProgramData Microsoft Windows Menu Démarrer Programmes PowerISO
2021-05-07 10:43 – 2021-05-07 10:43 – 000000000 ____D C: Program Files PowerISO
2021-05-07 10:43 – 2017-06-06 18:36 – 000138296 _____ (Power Software Ltd) C: Windows system32 Drivers scdemu.sys
2021-05-07 10:41 – 2021-05-07 10:41 – 000000000 ____D C: Users Admin AppData Roaming WinRAR
2021-05-07 10:41 – 2021-05-07 10:41 – 000000000 ____D C: Users Admin AppData Roaming Microsoft Windows Menu Démarrer Programmes WinRAR
2021-05-07 10:41 – 2021-05-07 10:41 – 000000000 ____D C: ProgramData Microsoft Windows Menu Démarrer Programmes WinRAR
2021-05-07 10:41 – 2021-05-07 10:41 – 000000000 ____D C: Program Files WinRAR
07/05/2021 10:40 – 07/05/2021 10:40 – 003333552 _____ (Alexander Roshal) C: Users Admin Downloads winrar-x64-601.exe
2021-05-06 19:42 – 2021-05-06 19:43 – 000308282 _____ C: TDSSKiller.3.1.0.28_06.05.2021_19.42.56_log.txt
2021-05-05 21:13 – 2021-05-05 21:13 – 001310832 _____ (Google LLC) C: Users Admin Downloads ChromeSetup.exe
2021-05-05 11:21 – 2021-05-05 11:22 – 013319538 _____ C: Users Admin Downloads VanillaTweaks_r142431.zip
2021-05-05 11:06 – 2021-05-05 11:06 – 000010688 _____ C: Users Admin Downloads VanillaTweaks_d267491_UNZIP_ME.zip
2021-05-03 18:40 – 2021-05-03 18:40 – 001802704 _____ (Bleeping Computer, LLC) C: Users Admin Downloads rkill.exe
2021-05-03 18:39 – 2021-05-03 18:40 – 000307684 _____ C: TDSSKiller.3.1.0.28_03.05.2021_18.39.17_log.txt
2021-05-03 18:38 – 2021-05-03 18:39 – 005054744 _____ (AO Kaspersky Lab) C: Users Admin Downloads tdsskiller.exe
2021-05-03 18:37 – 2021-05-03 18:37 – 008534696 _____ (Malwarebytes) C: Users Admin Downloads AdwCleaner.exe
2021-05-03 00:03 – 2021-05-07 10:59 – 094109696 _____ C: Windows system32 config SOFTWARE
2021-05-02 23:58 – 2021-05-03 00:03 – 000000000 ____D C: Windows Microsoft Antimalware
2021-05-02 21:31 – 2021-05-02 21:31 – 001291685 _____ C: Users Admin Downloads algo-master.zip
02/05/2021 12:08 – 02/05/2021 12:08 – 000000000 ____H C: Windows system32 Drivers Msft_User_WpdFs_01_11_00.Wdf
2021-05-02 11:57 – 2019-10-22 11:57 – 3549331456 _____ C: Users Admin OneDrive Documents Office Professional Plus 2019 AIO.iso
2021-04-30 16:15 – 2021-04-30 16:16 – 001842156 _____ C: Users Admin Downloads amidst-v4-6.exe
2021-04-29 17:44 – 2021-04-29 17:46 – 000002464 _____ C: Users Admin Downloads FSS.txt
2021-04-29 17:44 – 2021-04-29 17:44 – 000909824 _____ (Farbar) C: Users Admin Downloads FSS.exe
2021-04-29 17:41 – 2021-04-29 17:41 – 000000410 __RSH C: ProgramData ntuser.pol
2021-04-28 22:20 – 2021-04-28 22:20 – 000022511 _____ C: Users Admin Downloads Shortcut.txt
2021-04-28 22:20 – 2021-04-28 22:20 – 000019259 _____ C: Users Admin Downloads Addition.txt
2021-04-28 22:16 – 2021-05-07 21:32 – 000012005 _____ C: Users Admin Downloads FRST.txt
2021-04-28 22:09 – 2021-05-07 21:32 – 000000000 ____D C: FRST
2021-04-28 22:08 – 2021-04-28 22:08 – 002298368 _____ (Farbar) C: Users Admin Downloads FRST64.exe
2021-04-28 22:03 – 2021-04-28 22:06 – 000000000 ____D C: AdwCleaner
2021-04-28 21:59 – 2021-04-28 21:59 – 008534696 _____ (Malwarebytes) C: Users Admin Downloads adwcleaner_8.2.exe
2021-04-28 21:56 – 2021-04-28 21:56 – 002078632 _____ (Malwarebytes) C: Users Admin Downloads MBSetup (2) .exe
2021-04-27 15:48 – 2021-04-27 15:51 – 000000000 ____D C: ProgramData HitmanPro
2021-04-27 15:29 – 2021-04-27 15:29 – 000000000 ____D C: Windows system32 appmgmt
2021-04-26 23:36 – 2021-04-26 23:36 – 000000000 ____D C: Users Admin AppData Local CrashDumps
2021-04-26 23:03 – 2021-04-26 23:03 – 000000000 ____D C: Users Admin AppData Local mbam
2021-04-26 23:01 – 2021-04-26 23:01 – 002078632 _____ (Malwarebytes) C: Users Admin Downloads MBSetup.exe
2021-04-26 23:01 – 2021-04-26 23:01 – 002078632 _____ (Malwarebytes) C: Users Admin Downloads MBSetup (1) .exe
2021-04-26 23:01 – 2021-04-26 23:01 – 000000000 ____D C: Program Files Malwarebytes
2021-04-26 18:26 – 2021-04-26 18:27 – 000000000 ____D C: Windows system32 MRT
2021-04-26 18:21 – 2021-05-07 15:44 – 000000000 ____D C: Program Files Microsoft Update Health Tools
2021-04-26 16:56 – 2021-05-07 21:00 – 000000444 _____ C: Windows system32 Drivers etc hosts.ics
2021-04-26 16:50 – 2021-04-26 16:50 – 000000000 ____D C: Windows system32 BestPractices
2021-04-26 16:21 – 2021-04-26 16:21 – 000000000 ____D C: Program Files Hyper-V
2021-04-26 16:01 – 2021-05-06 19:42 – 000000000 ____D C: Program Files (x86) Google
2021-04-26 16:01 – 2021-04-26 16:13 – 000000000 ____D C: Users Admin AppData Local Google
2021-04-26 15:21 – 2021-04-26 18:27 – 000000000 ____D C: Users Admin VirtualBox VMs
2021-04-26 15:17 – 2021-04-27 14:41 – 000000000 ____D C: Users Admin .VirtualBox
2021-04-26 15:17 – 2021-04-27 14:39 – 000000000 ____D C: ProgramData VirtualBox
2021-04-26 15:15 – 2021-04-26 15:15 – 000000000 ____D C: Program Files Oracle
2021-04-26 12:22 – 2021-04-26 12:22 – 000000000 ____D C: ProgramData HP
2021-04-26 12:20 – 2021-04-26 12:20 – 002286975 _____ C: Users Admin OneDrive Documents TNT Mom.pdf
2021-04-26 12:20 – 2021-04-26 12:20 – 000000000 ____D C: Users Admin AppData LocalLow Temp
2021-04-26 12:18 – 2021-04-26 12:19 – 002922396 _____ C: Users Admin Downloads TNTcommercial facture.pdf
2021-04-26 12:11 – 2021-04-26 12:11 – 000000000 ___HD C: $ WinREAgent
2021-04-23 18:28 – 2021-04-23 18:28 – 000010073 _____ C: Users Admin Downloads VanillaTweaks_r390486.zip
2021-04-23 18:27 – 2021-04-23 18:27 – 000015824 _____ C: Users Admin Downloads VanillaTweaks_r252079.zip
2021-04-23 18:26 – 2021-04-23 18:26 – 000094007 _____ C: Users Admin Downloads VanillaTweaks_r612916.zip
2021-04-23 18:26 – 2021-04-23 18:26 – 000005300 _____ C: Users Admin Downloads VanillaTweaks_r888557.zip
2021-04-23 18:25 – 2021-04-23 18:25 – 000007710 _____ C: Users Admin Downloads VanillaTweaks_r784676.zip
2021-04-23 18:24 – 2021-04-23 18:25 – 000049874 _____ C: Users Admin Downloads VanillaTweaks_r282927.zip
2021-04-23 18:24 – 2021-04-23 18:24 – 000141531 _____ C: Users Admin Downloads VanillaTweaks_r827839.zip
2021-04-23 18:24 – 2021-04-23 18:24 – 000021652 _____ C: Users Admin Downloads VanillaTweaks_r443269.zip
2021-04-23 18:24 – 2021-04-23 18:24 – 000018534 _____ C: Users Admin Downloads VanillaTweaks_r209250.zip
2021-04-23 18:24 – 2021-04-23 18:24 – 000012900 _____ C: Users Admin Downloads VanillaTweaks_r237965.zip
2021-04-23 18:23 – 2021-04-23 18:23 – 000117722 _____ C: Users Admin Downloads VanillaTweaks_r415285.zip
2021-04-23 18:23 – 2021-04-23 18:23 – 000010774 _____ C: Users Admin Downloads VanillaTweaks_r205238.zip
2021-04-23 18:23 – 2021-04-23 18:23 – 000010005 _____ C: Users Admin Downloads VanillaTweaks_r250976.zip
2021-04-23 18:23 – 2021-04-23 18:23 – 000008668 _____ C: Users Admin Downloads VanillaTweaks_r319067.zip
2021-04-23 18:23 – 2021-04-23 18:23 – 000008240 _____ C: Users Admin Downloads VanillaTweaks_r827195.zip
2021-04-23 18:22 – 2021-04-23 18:22 – 000160524 _____ C: Users Admin Downloads VanillaTweaks_r270880.zip
2021-04-23 18:22 – 2021-04-23 18:22 – 000059871 _____ C: Users Admin Downloads VanillaTweaks_r688696.zip
2021-04-23 18:22 – 2021-04-23 18:22 – 000040492 _____ C: Users Admin Downloads VanillaTweaks_r501217.zip
2021-04-23 18:22 – 2021-04-23 18:22 – 000007795 _____ C: Users Admin Downloads VanillaTweaks_r959720.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000204079 _____ C: Users Admin Downloads VanillaTweaks_r264482.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000152627 _____ C: Users Admin Downloads VanillaTweaks_r758780.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000133011 _____ C: Users Admin Downloads VanillaTweaks_r602613.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000101851 _____ C: Users Admin Downloads VanillaTweaks_r292088.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000076512 _____ C: Users Admin Downloads VanillaTweaks_r690878.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000070735 _____ C: Users Admin Downloads VanillaTweaks_r223120.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000033100 _____ C: Users Admin Downloads VanillaTweaks_r391861.zip
2021-04-23 18:21 – 2021-04-23 18:21 – 000009544 _____ C: Users Admin Downloads VanillaTweaks_r361930.zip
2021-04-23 18:20 – 2021-04-23 18:21 – 000543123 _____ C: Users Admin Downloads VanillaTweaks_r100512.zip
2021-04-23 18:20 – 2021-04-23 18:20 – 000064454 _____ C: Users Admin Downloads VanillaTweaks_r719507.zip
2021-04-23 18:20 – 2021-04-23 18:20 – 000017521 _____ C: Users Admin Downloads VanillaTweaks_r347242.zip
2021-04-23 18:19 – 2021-04-23 18:19 – 000009187 _____ C: Users Admin Downloads VanillaTweaks_r983366.zip
2021-04-23 18:19 – 2021-04-23 18:19 – 000008611 _____ C: Users Admin Downloads VanillaTweaks_r801027.zip
2021-04-23 18:18 – 2021-04-23 18:18 – 000035129 _____ C: Users Admin Downloads VanillaTweaks_r248681.zip
2021-04-23 18:17 – 2021-04-23 18:17 – 000011835 _____ C: Users Admin Downloads VanillaTweaks_r981932.zip
2021-04-23 18:12 – 2021-04-23 18:12 – 000010688 _____ C: Users Admin Downloads VanillaTweaks_d678806_UNZIP_ME.zip
2021-04-23 12:58 – 2021-04-23 12:58 – 000000000 ____D C: Users Admin AppData Local OneDrive
2021-04-23 12:51 – 2021-04-23 12:51 – 000418984 _____ C: Users Admin Downloads sodium-fabric-mc1.16.3-0.1.0.jar
2021-04-22 23:16 – 2021-04-22 23:16 – 000150618 _____ C: Users Admin Downloads InventoryHUD-fabric-[1.16.2-1.16.5]-3.2.2.jar
2021-04-22 23:13 – 2021-04-22 23:14 – 000793769 _____ C: Users Admin Downloads Xaeros_Minimap_21.7.0_Fabric_1.16.5.jar
2021-04-22 23:11 – 2021-04-22 23:11 – 000938491 _____ C: Users Admin Downloads fabric-api-0.33.0 + 1.16.jar
2021-04-22 00:26 – 2021-04-22 00:26 – 000164640 _____ (Oracle Corporation) C: Windows SysWOW64 WindowsAccessBridge-32.dll
2021-04-22 00:26 – 2021-04-22 00:26 – 000000000 ____D C: Users Admin AppData Roaming Sun
2021-04-22 00:26 – 2021-04-22 00:26 – 000000000 ____D C: Users Admin AppData LocalLow Sun
2021-04-22 00:26 – 2021-04-22 00:26 – 000000000 ____D C: ProgramData Microsoft Windows Menu Démarrer Programmes Java
2021-04-22 00:25 – 2021-04-22 00:25 – 000000000 ____D C: ProgramData Oracle
2021-04-22 00:25 – 2021-04-22 00:25 – 000000000 ____D C: Program Files (x86) Java
2021-04-22 00:20 – 2021-04-22 00:20 – 002079496 _____ (Oracle Corporation) C: Users Admin Downloads JavaSetup8u291.exe
2021-04-22 00:15 – 2021-04-22 00:15 – 000417291 _____ (Fabric Team) C: Users Admin Downloads fabric-installer-0.7.3 (1) .exe
2021-04-22 00:00 – 2021-04-22 00:00 – 000000000 ____D C: Users Admin AppData Local NVIDIA
2021-04-21 20:39 – 2021-04-21 20:39 – 000000000 ____D C: Users Admin AppData Local PeerDistRepub
2021-04-21 20:22 – 2021-04-21 20:23 – 000417291 _____ (Fabric Team) C: Users Admin Downloads fabric-installer-0.7.3.exe
2021-04-21 20:20 – 2021-05-01 23:15 – 000000120 ____R C: Users Admin OneDrive Documents My Notebook.url
2021-04-21 20:20 – 2021-04-21 20:20 – 000000000 ___HD C: OneDriveTemp
2021-04-21 10:04 – 2021-05-07 20:17 – 000000000 ____D C: Users Admin AppData Roaming discord
2021-04-21 10:04 – 2021-04-21 10:04 – 000000000 ____D C: Users Admin AppData Roaming Microsoft Windows Menu Démarrer Programmes Discord Inc
2021-04-21 10:03 – 2021-05-07 19:06 – 000000000 ____D C: Users Admin AppData Local Discord
2021-04-21 10:03 – 2021-04-21 10:04 – 000000000 ____D C: Users Admin AppData Local SquirrelTemp
2021-04-21 10:02 – 2021-04-21 10:03 – 070939752 _____ (Discord Inc.) C: Users Admin Downloads DiscordSetup.exe
2021-04-21 09:43 – 2021-05-07 16:02 – 000000000 ____D C: Users Admin AppData Roaming .minecraft
2021-04-21 09:43 – 2021-05-07 15:49 – 000000000 ____D C: Program Files (x86) Minecraft Launcher
2021-04-21 09:43 – 2021-04-21 09:43 – 000001113 _____ C: Users Public Desktop Minecraft Launcher.lnk
2021-04-21 09:43 – 2021-04-21 09:43 – 000001113 _____ C: ProgramData Desktop Minecraft Launcher.lnk
2021-04-21 09:43 – 2021-04-21 09:43 – 000000000 ____D C: Users Admin AppData Local CEF
2021-04-21 09:43 – 2021-04-21 09:43 – 000000000 ____D C: ProgramData Microsoft Windows Menu Démarrer Programmes Minecraft Launcher
2021-04-21 09:42 – 2021-04-21 09:42 – 002674688 _____ C: Users Admin Downloads MinecraftInstaller.msi
2021-04-21 09:23 – 2021-04-21 09:23 – 000000000 _____ C: Recovery.txt
2021-04-21 09:12 – 2021-04-21 09:12 – 000000000 ____D C: Users Admin AppData Local Comms
2021-04-21 09:05 – 2021-04-21 09:05 – 000000000 ____D C: Users Admin AppData Local D3DSCache
2021-04-21 09:04 – 2021-05-07 20:19 – 000000000 ___RD C: Users Admin OneDrive
2021-04-21 09:04 – 2021-05-06 17:44 – 000003380 _____ C: Windows system32 Tasks OneDrive Standalone Update Task-S-1-5-21-2960236716-1891352181-3316826821-1001
2021-04-21 09:04 – 2021-04-26 23:33 – 000000000 ____D C: Users Admin AppData Local PlaceholderTileLogoFolder
2021-04-21 09:04 – 2021-04-21 09:04 – 000000000 ____H C: ProgramData DP45977C.lfl
2021-04-21 09:04 – 2021-04-21 09:04 – 000000000 ____D C: ProgramData Microsoft OneDrive
2021-04-21 09:03 – 2021-04-21 09:03 – 000000000 ____D C: Users Admin AppData Local Publishers
2021-04-21 09:02 – 2021-04-26 23:37 – 000000000 ____D C: Users Admin AppData Local Packages
2021-04-21 09:02 – 2021-04-21 20:20 – 000000000 ____D C: ProgramData Packages
2021-04-21 09:02 – 2021-04-21 19:31 – 000000000 ____D C: Users Admin AppData Local ConnectedDevicesPlatform
2021-04-21 09:02 – 2021-04-21 09:47 – 000000000 __RHD C: Users Public AccountPictures
2021-04-21 09:02 – 2021-04-21 09:02 – 000000000 ___RD C: Users Admin 3D Objects
2021-04-21 09:02 – 2021-04-21 09:02 – 000000000 ____D C: Users Admin AppData Roaming Adobe
2021-04-21 09:02 – 2021-04-21 09:02 – 000000000 ____D C: Users Admin AppData Local VirtualStore
2021-04-21 09:01 – 2021-05-07 19:06 – 000000000 ____D C: Users Admin
2021-04-21 09:01 – 2021-05-06 17:44 – 000002377 _____ C: Users Admin AppData Roaming Microsoft Windows Menu Démarrer Programmes OneDrive.lnk
2021-04-21 09:01 – 2021-04-21 09:01 – 000000020 ___SH C: Users Admin ntuser.ini
2021-04-21 08:39 – 2021-05-07 11:47 – 000840602 _____ C: Windows system32 PerfStringBackup.INI
2021-04-21 08:35 – 2021-04-21 08:35 – 000000000 _SHDL C: Users Default User
2021-04-21 08:35 – 2021-04-21 08:35 – 000000000 _SHDL C: Users All Users
2021-04-21 08:35 – 2021-04-21 08:35 – 000000000 _SHDL C: Documents and Settings
2021-04-21 08:32 – 2021-04-21 08:54 – 000000000 ____D C: ProgramData NVIDIA Corporation
2021-04-21 08:32 – 2021-04-21 08:32 – 000000000 ____H C: Windows system32 Drivers Msft_Kernel_SynTP_01011.Wdf
2021-04-21 08:32 – 2021-04-21 08:32 – 000000000 ____H C: Windows system32 Drivers Msft_Kernel_Smb_driver_Intel_01011.Wdf
2021-04-21 08:31 – 2021-05-07 19:22 – 000000000 ____D C: ProgramData NVIDIA
2021-04-21 08:31 – 2021-05-07 15:39 – 000000000 ____D C: Windows system32 SleepStudy
2021-04-21 08:31 – 2021-05-07 10:59 – 000462792 _____ C: Windows system32 FNTCACHE.DAT
2021-04-21 08:31 – 2021-05-07 10:59 – 000008192 ___SH C: DumpStack.log.tmp
2021-04-21 08:31 – 2021-05-07 10:59 – 000000006 ____H C: Windows Tasks SA.DAT
2021-04-21 08:31 – 2021-05-02 11:52 – 000002448 _____ C: ProgramData Microsoft Windows Menu Démarrer Programmes Microsoft Edge.lnk
2021-04-21 08:31 – 2021-05-02 11:52 – 000002286 _____ C: Users Public Desktop Microsoft Edge.lnk
2021-04-21 08:31 – 2021-05-02 11:52 – 000002286 _____ C: ProgramData Desktop Microsoft Edge.lnk
2021-04-21 08:31 – 2021-04-26 12:16 – 000003480 _____ C: Windows system32 Tasks MicrosoftEdgeUpdateTaskMachineUA
2021-04-21 08:31 – 2021-04-26 12:16 – 000003356 _____ C: Windows system32 Tasks MicrosoftEdgeUpdateTaskMachineCore
2021-04-21 08:31 – 2021-04-21 23:53 – 000000000 ____D C: Windows system32 Drivers wd
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Windows SysWOW64 RTCOM
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Windows system32 Drivers NVIDIA Corporation
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Windows ServiceProfiles
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Program Files Realtek
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Program Files NVIDIA Corporation
2021-04-21 08:31 – 2021-04-21 08:31 – 000000000 ____D C: Program Files (x86) NVIDIA Corporation
2021-04-21 08:31 – 2019-04-09 05:43 – 005365744 _____ (NVIDIA Corporation) C: Windows system32 nvcpl.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 002624824 _____ (NVIDIA Corporation) C: Windows system32 nvsvc64.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 001767736 _____ (NVIDIA Corporation) C: Windows system32 nvsvcr.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 000651576 _____ (NVIDIA Corporation) C: Windows system32 nv3dappshext.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 000450872 _____ (NVIDIA Corporation) C: Windows system32 nvmctray.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 000148848 _____ (NVIDIA Corporation) C: Windows SysWOW64 oemdspif.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 000124784 _____ (NVIDIA Corporation) C: Windows system32 nvshext.dll
2021-04-21 08:31 – 2019-04-09 05:43 – 000082984 _____ (NVIDIA Corporation) C: Windows system32 nv3dappshextr.dll
2021-04-21 08:31 – 2019-04-09 04:08 – 008530822 _____ C: Windows system32 nvcoproc.bin
2021-04-21 08:31 – 2019-03-30 03:37 – 000001951 _____ C: Windows NvContainerRecovery.bat
2021-04-21 06:42 – 2021-04-21 08:35 – 000000000 ____D C: Windows Panther
2021-04-21 06:40 – 2021-04-21 06:40 – 000000000 ____D C: Program Files Synaptics
2021-04-21 06:39 – 2021-04-21 06:39 – 000008192 _____ C: Windows system32 config userdiff
2021-04-21 06:38 – 2021-04-21 09:19 – 000000000 ____D C: Windows OCR
2021-04-21 06:38 – 2021-04-21 08:37 – 000000000 ____D C: Windows system32 FxsTmp
21/04/2021 06:38 – 21/04/2021 06:38 – 000000000 ____D C: Windows SysWOW64 winrm
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C: Windows SysWOW64 WCN
21/04/2021 06:38 – 21/04/2021 06:38 – 000000000 ____D C: Windows SysWOW64 sysprep
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C: Windows SysWOW64 slmgr
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64Printing_Admin_Scripts
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64MailContactsCalendarSync
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64FxsTmp
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64 409
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32winrm
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32WCN
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32slmgr
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32Printing_Admin_Scripts
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32OpenSSH
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32MailContactsCalendarSync
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32 409
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSetup
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:WindowsDigitalLocker
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Windowsaddins
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:ProgramDatassh
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesReference Assemblies
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesMSBuild
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Program Files (x86)Reference Assemblies
2021-04-21 06:38 – 2021-04-21 06:38 – 000000000 ____D C:Program Files (x86)MSBuild
2021-04-21 06:36 – 2021-04-21 06:34 – 000215943 _____ C:WindowsSysWOW64dssec.dat
2021-04-21 06:36 – 2021-04-21 06:34 – 000003103 _____ C:WindowsSysWOW64mmc.exe.config
2021-04-21 06:36 – 2021-04-21 06:34 – 000000741 _____ C:WindowsSysWOW64NOISE.DAT
2021-04-21 06:35 – 2021-05-07 19:22 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-04-21 06:35 – 2021-05-07 10:45 – 000000000 ___RD C:Program Files (x86)
2021-04-21 06:35 – 2021-05-07 10:45 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-04-21 06:35 – 2021-05-05 10:23 – 000000000 ____D C:WindowsAppReadiness
2021-04-21 06:35 – 2021-05-03 13:46 – 000000000 ___HD C:Program FilesWindowsApps
2021-04-21 06:35 – 2021-04-29 17:37 – 000000000 ___HD C:Windowssystem32GroupPolicy
2021-04-21 06:35 – 2021-04-29 17:23 – 000000000 ___HD C:WindowsELAMBKUP
2021-04-21 06:35 – 2021-04-26 16:50 – 000000000 ____D C:Windowsschemas
2021-04-21 06:35 – 2021-04-22 08:12 – 000000000 ____D C:Windowsappcompat
2021-04-21 06:35 – 2021-04-21 23:53 – 000000000 ____D C:Program FilesWindows Defender
2021-04-21 06:35 – 2021-04-21 20:39 – 000000000 ____D C:Windowssystem32NDF
2021-04-21 06:35 – 2021-04-21 09:23 – 000028672 _____ C:Windowssystem32configBCD-Template
2021-04-21 06:35 – 2021-04-21 09:19 – 000000000 ___RD C:WindowsPrintDialog
2021-04-21 06:35 – 2021-04-21 09:19 – 000000000 ____D C:WindowsServiceState
2021-04-21 06:35 – 2021-04-21 09:02 – 000000000 ___RD C:WindowsImmersiveControlPanel
2021-04-21 06:35 – 2021-04-21 09:01 – 000000000 ____D C:Windowssystem32WinBioDatabase
2021-04-21 06:35 – 2021-04-21 08:53 – 000000000 ____D C:ProgramDataUSOPrivate
2021-04-21 06:35 – 2021-04-21 08:37 – 000000000 ____D C:Windowssystem32spool
2021-04-21 06:35 – 2021-04-21 08:35 – 000000000 ____D C:WindowsCSC
2021-04-21 06:35 – 2021-04-21 08:31 – 000000000 ____D C:Windowssystem32configTxR
2021-04-21 06:35 – 2021-04-21 08:31 – 000000000 ____D C:WindowsHelp
2021-04-21 06:35 – 2021-04-21 06:42 – 000000000 ____D C:WindowsContainers
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ___SD C:WindowsSysWOW64F12
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ___SD C:WindowsSysWOW64DiagSvcs
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ___SD C:Windowssystem32F12
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ___SD C:Windowssystem32dsc
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ___SD C:Windowssystem32DiagSvcs
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64setup
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64oobe
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64MUI
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64Dism
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSysWOW64Com
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsSystemResources
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32WinBioPlugIns
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32SystemResetPlatform
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32Sysprep
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32setup
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32PerceptionSimulation
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32oobe
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32MUI
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32migwiz
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32Dism
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Windowssystem32Com
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsPolicyDefinitions
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:WindowsIME
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesWindows Photo Viewer
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesWindows NT
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program FilesCommon FilesSystem
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program Files (x86)Windows NT
2021-04-21 06:35 – 2021-04-21 06:38 – 000000000 ____D C:Program Files (x86)Windows Defender
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ___SD C:WindowsSysWOW64Nui
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64WinMetadata
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64PerceptionSimulation
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64migwiz
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64Keywords
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64icsxml
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64downlevel
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64Bthprops
2021-04-21 06:35 – 2021-04-21 06:36 – 000000000 ____D C:WindowsSysWOW64AdvancedInstallers
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 __SHD C:WindowsBitLockerDiscoveryVolumeContents
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 __SHD C:Program FilesWindows Sidebar
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 __SHD C:Program Files (x86)Windows Sidebar
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 __RSD C:WindowsMedia
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 __RHD C:UsersPublicLibraries
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:WindowsSysWOW64Configuration
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:Windowssystem32UNP
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:Windowssystem32Nui
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:Windowssystem32Configuration
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:Windowssystem32AppV
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___SD C:WindowsDownloaded Program Files
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___RD C:WindowsOffline Web Pages
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ___HD C:WindowsLanguageOverlayCache
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsWeb
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsWaaS
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsVss
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowstracing
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsTAPI
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64SMI
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64ras
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64NDF
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64Msdtc
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64Ipmi
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64InputMethod
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64inetsrv
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64IME
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64GroupPolicyUsers
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64GroupPolicy
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSysWOW64AppLocker
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSystemApps
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32WinMetadata
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32winevt
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ti-et
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ta-lk
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ta-in
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32si-lk
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ShellExperiences
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32Sgrm
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32SecureBootUpdates
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ras
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ProximityToast
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32PointOfService
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32osa-Osge-001
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32my-mm
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32MsDtc
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32Keywords
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32Ipmi
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32InputMethod
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32inetsrv
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32IME
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32icsxml
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ias
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32Hydrogen
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32GroupPolicyUsers
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ff-Adlm-SN
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32DriverState
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32DriversDriverData
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32downlevel
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32DDFs
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32ContainerSettingsProviders
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32configsystemprofile
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32configRegBack
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32configJournal
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32Bthprops
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32appraiser
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32AppLocker
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32am-et
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32AdvancedInstallers
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSystem
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSKB
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsShellExperiences
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsShellComponents
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowssecurity
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsSchCache
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsResources
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowsrescache
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsRemotePackages
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsRegistration
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsProvisioning
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsPLA
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsPerformance
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsModemLogs
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsLiveKernelReports
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsL2Schemas
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsInputMethod
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsIdentityCRL
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsGlobalization
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsGameBarPresenceWriter
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsDiagTrack
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsCursors
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:WindowsBranding
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Windowsbcastdvr
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:ProgramDataWindowsHolographicDevices
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:ProgramDataUSOShared
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program FilesWindows Security
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program FilesWindows Portable Devices
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program FilesWindows Multimedia Platform
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program FilesModifiableWindowsApps
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program FilesCommon FilesServices
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program Files (x86)Windows Portable Devices
2021-04-21 06:35 – 2021-04-21 06:35 – 000000000 ____D C:Program Files (x86)Windows Multimedia Platform
2021-04-21 06:35 – 2021-04-21 06:34 – 000215943 _____ C:Windowssystem32dssec.dat
2021-04-21 06:35 – 2021-04-21 06:34 – 000020908 _____ C:Windowssystem32OEMDefaultAssociations.xml
2021-04-21 06:35 – 2021-04-21 06:34 – 000017635 _____ C:Windowssystem32Driversetcservices
2021-04-21 06:35 – 2021-04-21 06:34 – 000003683 _____ C:Windowssystem32Driversetclmhosts.sam
2021-04-21 06:35 – 2021-04-21 06:34 – 000003103 _____ C:Windowssystem32mmc.exe.config
2021-04-21 06:35 – 2021-04-21 06:34 – 000001358 _____ C:Windowssystem32Driversetcprotocol
2021-04-21 06:35 – 2021-04-21 06:34 – 000000858 _____ C:Windowssystem32DefaultQuestions.json
2021-04-21 06:35 – 2021-04-21 06:34 – 000000741 _____ C:Windowssystem32NOISE.DAT
2021-04-21 06:35 – 2021-04-21 06:34 – 000000407 _____ C:Windowssystem32Driversetcnetworks
2021-04-21 06:35 – 2021-04-21 06:34 – 000000219 _____ C:Windowssystem.ini
2021-04-21 06:35 – 2021-04-21 06:34 – 000000092 _____ C:Windowswin.ini
2021-04-21 06:34 – 2021-05-07 11:47 – 000000000 ____D C:WindowsINF
2021-04-21 06:31 – 2021-04-27 14:45 – 000000000 ____D C:WindowsCbsTemp
2021-04-21 06:30 – 2021-05-07 10:59 – 068419584 _____ C:Windowssystem32configSYSTEM
2021-04-21 06:30 – 2021-05-07 10:59 – 001048576 _____ C:Windowssystem32configDEFAULT
2021-04-21 06:30 – 2021-05-07 10:59 – 000524288 _____ C:Windowssystem32configBBI
2021-04-21 06:30 – 2021-05-07 10:59 – 000131072 _____ C:Windowssystem32configSAM
2021-04-21 06:30 – 2021-05-07 10:59 – 000065536 _____ C:Windowssystem32configSECURITY
2021-04-21 06:30 – 2021-04-26 19:01 – 000000000 ____D C:Windowsservicing
2021-04-21 06:30 – 2021-04-21 08:56 – 000032768 _____ C:Windowssystem32configELAM
2021-04-21 06:30 – 2021-04-21 06:35 – 000000000 ____D C:Windowssystem32SMI
2021-04-21 06:29 – 2021-04-21 09:30 – 000000000 ___HD C:$SysReset
2021-04-20 09:57 – 2021-04-20 09:57 – 000374072 _____ C:Windowssystem32vp9fs.dll
2021-04-20 09:56 – 2021-04-20 09:56 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi
2021-04-20 09:56 – 2021-04-20 09:56 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll
2021-04-20 09:56 – 2021-04-20 09:56 – 000011357 _____ C:Windowssystem32DrtmAuthTxt.wim
2021-04-19 22:38 – 2021-04-19 22:38 – 000249512 _____ (Oracle Corporation) C:Windowssystem32DriversVBoxNetLwf.sys
2021-04-19 22:38 – 2021-04-19 22:38 – 000239616 _____ (Oracle Corporation) C:Windowssystem32DriversVBoxNetAdp6.sys
2021-04-01 21:54 – 2019-10-15 14:50 – 000001696 _____ C:Windowssystem32NOISE.CHS
2021-03-18 19:42 – 2021-03-18 19:42 – 002755584 ____N (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2021-03-18 19:42 – 2021-03-18 19:42 – 002755584 ____N (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2021-03-18 19:42 – 2021-03-18 19:42 – 001314128 ____N (Microsoft Corporation) C:Windowssystem32SecConfig.efi
2021-03-18 19:42 – 2021-03-18 19:42 – 000480256 ____N C:Windowssystem32AssignedAccessCsp.dll
2021-03-18 19:41 – 2021-03-18 19:41 – 001394024 ____N (Microsoft Corporation) C:Windowssystem32winresume.efi
2021-03-18 19:41 – 2021-03-18 19:41 – 001163776 ____N C:Windowssystem32MBR2GPT.EXE
2021-03-18 19:41 – 2021-03-18 19:41 – 000707016 ____N C:Windowssystem32TextShaping.dll
2021-03-18 19:41 – 2021-03-18 19:41 – 000611952 ____N C:WindowsSysWOW64TextShaping.dll
2021-03-18 19:41 – 2021-03-18 19:41 – 000091136 ____N C:Windowssystem32Driverscimfs.sys
2021-02-23 15:34 – 2021-02-23 15:34 – 003860832 ____N (Microsoft Corporation) C:WindowsSysWOW64rtmpltfm.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 001333760 ____N C:WindowsSysWOW64TextInputMethodFormatter.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000980320 ____N (Microsoft Corporation) C:WindowsSysWOW64rtmpal.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000915296 ____N (Microsoft Corporation) C:WindowsSysWOW64rtmcodecs.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000732000 ____N (Microsoft Corporation) C:WindowsSysWOW64ortcengine.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000729600 ____N (Microsoft Corporation) C:Windowssystem32hhctrl.ocx
2021-02-23 15:34 – 2021-02-23 15:34 – 000671744 _____ C:Windowssystem32hgattest.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000595968 ____N (Microsoft Corporation) C:Windowssystem32appwiz.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000581120 ____N (Microsoft Corporation) C:Windowssystem32PhotoScreensaver.scr
2021-02-23 15:34 – 2021-02-23 15:34 – 000575488 ____N (Microsoft Corporation) C:WindowsSysWOW64hhctrl.ocx
2021-02-23 15:34 – 2021-02-23 15:34 – 000499200 ____N (Microsoft Corporation) C:WindowsSysWOW64PhotoScreensaver.scr
2021-02-23 15:34 – 2021-02-23 15:34 – 000469504 ____N (Microsoft Corporation) C:WindowsSysWOW64appwiz.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000455680 ____N C:WindowsSysWOW64WindowManagementAPI.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000446976 ____N (Microsoft Corporation) C:WindowsSysWOW64mmsys.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000422912 ____N (Microsoft Corporation) C:WindowsSysWOW64winspool.drv
2021-02-23 15:34 – 2021-02-23 15:34 – 000330752 ____N C:WindowsSysWOW64ssdm.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000304128 ____N (Microsoft Corporation) C:Windowssystem32ksproxy.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000266240 ____N C:WindowsSysWOW64Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000266240 ____N (Microsoft Corporation) C:Windowssystem32mpg2splt.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000240640 ____N C:WindowsSysWOW64CoreMas.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000235520 ____N C:WindowsSysWOW64HeatCore.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000234496 ____N (Microsoft Corporation) C:WindowsSysWOW64ksproxy.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000221184 ____N (Microsoft Corporation) C:WindowsSysWOW64bthprops.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000204800 ____N (Microsoft Corporation) C:WindowsSysWOW64mpg2splt.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000182272 ____N (Microsoft Corporation) C:WindowsSysWOW64timedate.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000178688 ____N (Microsoft Corporation) C:WindowsSysWOW64intl.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000170496 ____N (Microsoft Corporation) C:Windowssystem32VBICodec.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000157184 ____N C:Windowssystem32uwfcsp.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000138056 ____N C:Windowssystem32HvsiManagementApi.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000135168 ____N (Microsoft Corporation) C:WindowsSysWOW64VBICodec.ax
2021-02-23 15:34 – 2021-02-23 15:34 – 000112128 ____N (Microsoft Corporation) C:WindowsSysWOW64activeds.tlb
2021-02-23 15:34 – 2021-02-23 15:34 – 000101704 ____N C:WindowsSysWOW64HvsiManagementApi.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000100864 ____N (Microsoft Corporation) C:WindowsSysWOW64ncpa.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000095744 ____N C:Windowssystem32VirtualMonitorManager.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000087552 ____N (Microsoft Corporation) C:Windowssystem32tdc.ocx
2021-02-23 15:34 – 2021-02-23 15:34 – 000084992 ____N (Microsoft Corporation) C:Windowssystem32wscui.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000072704 ____N (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx
2021-02-23 15:34 – 2021-02-23 15:34 – 000067584 ____N (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl
2021-02-23 15:34 – 2021-02-23 15:34 – 000067072 ____N C:Windowssystem32BWContextHandler.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000055376 ____N (Microsoft Corporation) C:WindowsSysWOW64rtmmvrortc.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000053760 ____N C:WindowsSysWOW64BWContextHandler.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000047472 ____N C:WindowsSysWOW64umpdc.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000045880 ____N C:Windowssystem32HvSocket.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000039936 ____N (Adobe Systems) C:WindowsSysWOW64atmlib.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000023552 ____N (Microsoft Corporation) C:WindowsSysWOW64msacm32.drv
2021-02-23 15:34 – 2021-02-23 15:34 – 000014848 _____ C:Windowssystem32hnsproxy.dll
2021-02-23 15:34 – 2021-02-23 15:34 – 000010752 ____N C:WindowsSysWOW64agentactivationruntimestarter.exe
2021-02-23 15:33 – 2021-02-23 15:33 – 004898144 ____N (Microsoft Corporation) C:Windowssystem32rtmpltfm.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 004227116 ____N C:Windowssystem32DefaultHrtfs.bin
2021-02-23 15:33 – 2021-02-23 15:33 – 002260992 ____N C:Windowssystem32TextInputMethodFormatter.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 002260480 ____N (The ICU Project) C:Windowssystem32icu.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 002254336 ____N C:Windowssystem32dwmscene.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 001354080 ____N (Microsoft Corporation) C:Windowssystem32rtmpal.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 001091936 ____N (Microsoft Corporation) C:Windowssystem32rtmcodecs.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 001032544 ____N (Microsoft Corporation) C:Windowssystem32ortcengine.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000643072 ____N C:Windowssystem32WindowManagementAPI.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000562688 ____N (Microsoft Corporation) C:Windowssystem32winspool.drv
2021-02-23 15:33 – 2021-02-23 15:33 – 000544768 ____N (Microsoft Corporation) C:Windowssystem32mmsys.cpl
2021-02-23 15:33 – 2021-02-23 15:33 – 000455168 ____N C:Windowssystem32ssdm.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000363520 ____N C:Windowssystem32Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000306688 ____N C:Windowssystem32HeatCore.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000287232 ____N C:Windowssystem32CoreMas.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000266752 ____N (Microsoft Corporation) C:Windowssystem32bthprops.cpl
2021-02-23 15:33 – 2021-02-23 15:33 – 000243200 ____N (Microsoft Corporation) C:Windowssystem32timedate.cpl
2021-02-23 15:33 – 2021-02-23 15:33 – 000238592 ____N (Microsoft Corporation) C:Windowssystem32intl.cpl
2021-02-23 15:33 – 2021-02-23 15:33 – 000197632 ____N C:Windowssystem32IHDS.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000190976 ____N C:Windowssystem32BthpanContextHandler.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000165888 ____N C:Windowssystem32DataStoreCacheDumpTool.exe
2021-02-23 15:33 – 2021-02-23 15:33 – 000152064 ____N C:Windowssystem32EoAExperiences.exe
2021-02-23 15:33 – 2021-02-23 15:33 – 000112128 ____N (Microsoft Corporation) C:Windowssystem32activeds.tlb
2021-02-23 15:33 – 2021-02-23 15:33 – 000102912 ____N (Microsoft Corporation) C:Windowssystem32ncpa.cpl
2021-02-23 15:33 – 2021-02-23 15:33 – 000089088 ____N C:Windowssystem32windows.applicationmodel.conversationalagent.proxystub.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000074240 ____N C:Windowssystem32rdsxvmaudio.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000073216 ____N C:Windowssystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000064552 ____N C:Windowssystem32umpdc.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000060928 ____N C:Windowssystem32runexehelper.exe
2021-02-23 15:33 – 2021-02-23 15:33 – 000056672 ____N (Microsoft Corporation) C:Windowssystem32rtmmvrortc.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000048640 ____N (Adobe Systems) C:Windowssystem32atmlib.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000030208 ____N (Microsoft Corporation) C:Windowssystem32msacm32.drv
2021-02-23 15:33 – 2021-02-23 15:33 – 000029696 ____N (The ICU Project) C:Windowssystem32icuuc.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000025088 ____N (The ICU Project) C:Windowssystem32icuin.dll
2021-02-23 15:33 – 2021-02-23 15:33 – 000013312 ____N C:Windowssystem32agentactivationruntimestarter.exe
2021-02-23 15:33 – 2021-02-23 15:33 – 000001370 ____N C:Windowssystem32ThirdPartyNoticesBySHS.txt
2021-02-23 15:27 – 2019-10-15 15:53 – 000076060 ____N C:Windowssystem32xpsrchvw.xml
2021-02-23 15:27 – 2019-04-18 20:49 – 000076060 ____N C:WindowsSysWOW64xpsrchvw.xml
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
==================== SigCheckExt =========================
2021-04-30 16:15 – 2021-04-30 16:16 – 001842156 _____ C:UsersAdminDownloadsamidst-v4-6.exe
2021-04-22 00:15 – 2021-04-22 00:15 – 000417291 _____ (Fabric Team) C:UsersAdminDownloadsfabric-installer-0.7.3 (1).exe
2021-04-21 20:22 – 2021-04-21 20:23 – 000417291 _____ (Fabric Team) C:UsersAdminDownloadsfabric-installer-0.7.3.exe
2021-05-07 21:31 – 2021-05-07 21:31 – 002298368 _____ (Farbar) C:UsersAdminDownloadsFRST64 (1).exe
2021-04-28 22:08 – 2021-04-28 22:08 – 002298368 _____ (Farbar) C:UsersAdminDownloadsFRST64.exe
2021-04-29 17:44 – 2021-04-29 17:44 – 000909824 _____ (Farbar) C:UsersAdminDownloadsFSS.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Windows Boot Manager
——————–
identifier bootmgr
device partition=DeviceHarddiskVolume1
description Windows Boot Manager
locale en-US
inherit globalsettings
default current
resumeobject 7e64812f-a2b5-11eb-aebf-8aea6e7616a7
displayorder current
toolsdisplayorder memdiag
timeout 30
Windows Boot Loader
——————-
identifier current
device partition=C:
path Windowssystem32winload.exe
description Windows 10
locale en-US
inherit bootloadersettings
recoverysequence 7eb5dafa-a2b5-11eb-aebf-8aea6e7616a7
displaymessageoverride Recovery
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot Windows
resumeobject 7e64812f-a2b5-11eb-aebf-8aea6e7616a7
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
——————-
identifier 7eb5dafa-a2b5-11eb-aebf-8aea6e7616a7
device ramdisk=[DeviceHarddiskVolume3]RecoveryWindowsREWinre.wim,7eb5dafb-a2b5-11eb-aebf-8aea6e7616a7
path windowssystem32winload.exe
description Windows Recovery Environment
locale en-US
inherit bootloadersettings
displaymessage Recovery
osdevice ramdisk=[DeviceHarddiskVolume3]RecoveryWindowsREWinre.wim,7eb5dafb-a2b5-11eb-aebf-8aea6e7616a7
systemroot windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
———————
identifier 7e64812f-a2b5-11eb-aebf-8aea6e7616a7
device partition=C:
path Windowssystem32winresume.exe
description Windows Resume Application
locale en-US
inherit resumeloadersettings
recoverysequence 7eb5dafa-a2b5-11eb-aebf-8aea6e7616a7
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
———————
identifier memdiag
device partition=DeviceHarddiskVolume1
path bootmemtest.exe
description Windows Memory Diagnostic
locale en-US
inherit globalsettings
badmemoryaccess Yes
EMS Settings
————
identifier emssettings
bootems No
Debugger Settings
—————–
identifier dbgsettings
debugtype Local
RAM Defects
———–
identifier badmemory
Global Settings
—————
identifier globalsettings
inherit dbgsettings
emssettings
badmemory
Boot Loader Settings
——————–
identifier bootloadersettings
inherit globalsettings
hypervisorsettings
Hypervisor Settings
——————-
identifier hypervisorsettings
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
———————-
identifier resumeloadersettings
inherit globalsettings
Device options
————–
identifier 7eb5dafb-a2b5-11eb-aebf-8aea6e7616a7
description Windows Recovery
ramdisksdidevice partition=DeviceHarddiskVolume3
ramdisksdipath RecoveryWindowsREboot.sdi
==================== End of FRST.txt ========================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Admin (07-05-2021 21:35:26)
Running from C:UsersAdminDownloads
Windows 10 Pro Version 20H2 19042.928 (X64) (2021-04-21 14:35:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-2960236716-1891352181-3316826821-1001 – Administrator – Enabled) => C:UsersAdmin
Administrator (S-1-5-21-2960236716-1891352181-3316826821-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2960236716-1891352181-3316826821-503 – Limited – Disabled)
Guest (S-1-5-21-2960236716-1891352181-3316826821-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-2960236716-1891352181-3316826821-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Discord (HKUS-1-5-21-2960236716-1891352181-3316826821-1001…Discord) (Version: 1.0.9001 – Discord Inc.)
Java 8 Update 291 (HKLM-x32…26A24AE4-039D-4CA4-87B4-2F32180291F0) (Version: 8.0.2910.10 – Oracle Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.51 – Microsoft Corporation)
Microsoft Office Professional Plus 2019 – en-us (HKLM…ProPlus2019Retail – en-us) (Version: 16.0.10730.20102 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-2960236716-1891352181-3316826821-1001…OneDriveSetup.exe) (Version: 21.073.0411.0002 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…A0E1B43D-5F4A-46AF-9925-ABA3423325DC) (Version: 2.77.0.0 – Microsoft Corporation)
Minecraft Launcher (HKLM-x32…911FBC64-4C64-4B8F-A637-B34832638C86) (Version: 1.0.0.0 – Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…90160000-008C-0000-0000-0000000FF1CE) (Version: 16.0.10730.20102 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…90160000-00DD-0000-1000-0000000FF1CE) (Version: 16.0.10730.20102 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…90160000-008F-0000-1000-0000000FF1CE) (Version: 16.0.10730.20102 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32…90160000-008C-0409-0000-0000000FF1CE) (Version: 16.0.10730.20102 – Microsoft Corporation) Hidden
PowerISO (HKLM-x32…PowerISO) (Version: 7.7 – Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.6873 – Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM…SynTPDeinstKey) (Version: 19.0.17.58 – Synaptics Incorporated)
WinRAR 6.01 (64-bit) (HKLM…WinRAR archiver) (Version: 6.01.0 – win.rar GmbH)
Packages:
=========
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-04-26] (Microsoft Corporation)
Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-03] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [PowerISO] -> 967B2D40-8B7D-4127-9049-61EA0C2C6DCE => C:Program FilesPowerISOPWRISOSH.DLL [2020-06-21] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> 967B2D40-8B7D-4127-9049-61EA0C2C6DCE => C:Program FilesPowerISOPWRISOSH.DLL [2020-06-21] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> 3D1975AF-48C6-4f8e-A182-BE0E08FA86A9 => C:Windowssystem32nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> 967B2D40-8B7D-4127-9049-61EA0C2C6DCE => C:Program FilesPowerISOPWRISOSH.DLL [2020-06-21] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C:Program Files (x86)Microsoft OfficerootOffice16OCHelper.dll [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:Program Files (x86)Javajre1.8.0_291binssv.dll [2021-04-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:Program Files (x86)Javajre1.8.0_291binjp2ssv.dll [2021-04-22] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-05-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-04-21 06:35 – 2021-04-28 22:34 – 000000852 _____ C:Windowssystem32driversetchosts
2021-04-26 16:56 – 2021-05-07 21:00 – 000000444 _____ C:Windowssystem32driversetchosts.ics
172.27.224.1 DESKTOP-4SAGV8L.mshome.net # 2026 5 4 7 3 0 40 410
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH
HKUS-1-5-21-2960236716-1891352181-3316826821-1001Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
DNS Servers: 192.168.43.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [B5930461-F240-4B82-9A33-0D11DF8DA6B5] => (Block) C:program files (x86)microsoftedgeapplicationmsedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [8688D1DA-29AA-4D67-97AF-4C210C61671F] => (Block) C:program files (x86)microsoftedgeapplicationmsedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query UserABE58D33-69DD-4EEE-9BEE-7F2CF945C26DC:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe
FirewallRules: [UDP Query UserC278E9CB-78A8-43CE-9E04-9C00CC272E44C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe
FirewallRules: [C6485E7D-702D-4C2F-AB54-87CEB3218860] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [A70D72BB-25DE-43A0-86B7-25E62C9F2762] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [CF78B257-EA12-42E2-B772-095B1F4C2901] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [CFEEEA89-DB3B-4B7F-AE78-C65DC897953B] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [535823C3-7096-4634-BE28-BAB080F14720] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [9EFBFB31-34F1-4F99-8053-C509FDFA5346] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [B0BBE320-DD95-4285-B3C5-BFCBF98D21C8] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [53214EE9-69ED-497C-B7CB-A4E5825AFA3F] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query UserD28C3BB1-529F-4BF2-8CB4-EAA016124605C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe
FirewallRules: [UDP Query UserB07A2F91-6D4A-4178-B257-35F7EA21A89AC:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:program files (x86)minecraft launcherruntimejre-legacywindows-x64jre-legacybinjavaw.exe
FirewallRules: [045DD892-13DB-44D5-AB1F-33703CD84AE7] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [569008B7-AF71-4109-97E0-F434C21BBB68] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FFBCFB7E-314F-4A70-8843-B5A44977448C] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [1D572820-EDA0-4EB2-83AF-2FA68D1F89D2] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [9EF8144A-436B-4438-8D74-7EBD4A844883] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
06-05-2021 19:31:51 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: 4d36e972-e325-11ce-bfc1-08002be10318
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/07/2021 10:59:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/07/2021 10:59:23 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID 4e14fba2-2e22-11d1-9964-00c04fbbb345 and name CEventSystem cannot be started.[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress
]
Error: (05/07/2021 10:47:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:Program Files (x86)Microsoft OfficerootOffice16lync.exe.Manifest".Error in manifest or policy file "C:Program Files (x86)Microsoft OfficerootOffice16UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/07/2021 10:44:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID 4e14fba2-2e22-11d1-9964-00c04fbbb345 and name CEventSystem cannot be started.[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress
]
Error: (05/02/2021 12:21:43 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA-1TB (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/29/2021 10:08:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (04/29/2021 10:08:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID 4e14fba2-2e22-11d1-9964-00c04fbbb345 and name CEventSystem cannot be started.[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress[0x8007045bAsystemshutdownisinprogress
]
Error: (04/29/2021 09:58:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
System errors:
=============
Error: (05/07/2021 08:17:33 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 07:04:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 05:57:28 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 03:24:38 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 01:08:35 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 11:44:36 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/07/2021 10:59:42 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Error: (05/07/2021 10:44:24 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Windows Defender:
================
Date: 2021-05-07 18:31:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms!MTB&threatid=2147764693&enterprise=0
Name: HackTool:BAT/AutoKms!MTB
Severity: High
Category: Tool
Path: file:_E:Office2019.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:Windowsexplorer.exe
Security intelligence Version: AV: 1.337.654.0, AS: 1.337.654.0, NIS: 1.337.654.0
Engine Version: AM: 1.1.18100.5, NIS: 1.1.18100.5
Date: 2021-05-07 17:59:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms!MTB&threatid=2147764693&enterprise=0
Name: HackTool:BAT/AutoKms!MTB
Severity: High
Category: Tool
Path: file:_C:UsersAdminDocumentsOffice2019.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.337.654.0, AS: 1.337.654.0, NIS: 1.337.654.0
Engine Version: AM: 1.1.18100.5, NIS: 1.1.18100.5
Date: 2021-05-06 19:13:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-25 23:20:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-23 13:02:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-05-07 18:17:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.654.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-05-07 18:17:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.654.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-05-07 10:44:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.654.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2021-05-07 10:44:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.654.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2021-05-06 18:37:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.654.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80070643
Error description: Fatal error during installation.
CodeIntegrity:
===============
Date: 2021-04-21 08:34:39
Description:
Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-04-21 08:34:39
Description:
Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: LENOVO 6BCN42WW(V2.02) 02/08/2013
Motherboard: LENOVO INVALID
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 16334.36 MB
Available physical RAM: 11645.06 MB
Total Virtual: 18766.36 MB
Available Virtual: 12743.74 MB
==================== Drives ================================
Drive c: (BOOT-mSata) (Fixed) (Total:118.29 GB) (Free:58.69 GB) NTFS
Drive d: (DATA-1TB) (Fixed) (Total:931.39 GB) (Free:931.26 GB) NTFS
\?Volumef06fe991-0000-0000-0000-100000000000 (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\?Volumef06fe991-0000-0000-0000-e0981d000000 () (Fixed) (Total:0.85 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: F06FE991)
Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=118.3 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=873 MB) – (Type=27)
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by Oh My!, Yesterday, 12:19 PM.
Commentaires
Laisser un commentaire