AntiRecuvaAndDB.exe svchost.exe envoie à IP en Chine un ransomware chiffré – Bien monter son serveur
[bzkshopping keyword= »Minecraft » count= »8″ template= »grid »]
J'ai été touché par une rançon qui m'a incité à envoyer un autre e-mail backup.data24@tutonota J'ai envoyé et envoyé un e-mail mais je n'ai pas répondu. J'ai reçu un message indiquant que tous mes fichiers avaient été cryptés. Pour ces ordinateurs, j'ai dû réinitialiser le système d'exploitation. Un ordinateur (j'ai environ six ordinateurs portables) n'a pas semblé être affecté par la rançon, mais a été infecté par un logiciel malveillant. J'ai fait une analyse Windows Defender sur cet ordinateur et il a trouvé Rançon : Win32 / Phobos.PC ! VTT AntiRecuvaAndDB.exe sur mon lecteur partagé NAS et l'a garanti. Le logiciel malveillant est décrit ci-dessous https://www.bleepingcomputer.com/forums/t/688649/phobos-ransomware-id-idemailphobos-adame-help-support/page-59
Mes problèmes n'étaient pas terminés. Parfois, je ne pouvais pas me connecter à l'ordinateur via RDP, et la prochaine fois, j'ai reçu un avertissement svchost.exe envoie à une adresse IP en Chine. J'ai vissé le pare-feu. et a exécuté le scanner.
Résultat de l'analyse de Passable Recovery Scan Tool (FRST) (x64) Version : 16-06-2021
Piloté par papa (administrateur) sur DESKTOP-NBI7G7F (LENOVO 11ADS0B100) (17-06-2021 17:10:56)
Fonctionne à partir de C: Users papa Downloads
Profils chargés : papa & SQLTELEMETRY & MSSQLSERVER
Plate-forme : Windows 10 Pro Version 20H2 19042.1052 (X64) Langue : Anglais (États-Unis)
Navigateur par défaut : Chrome
Mode de démarrage : Normal
===================== Processus (approuvés) ==================
(Si une entrée est incluse dans la liste des correctifs, le processus se ferme. Le fichier n'est pas déplacé.)
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Browser CtxWebBrowser.exe <6>
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client AuthManager AuthManSvr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client Receiver UpdaterService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client redirector.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfcrun32.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C: Program Files (x86) Citrix ICA Client wfica32.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler.exe
(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.82 GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <23>
(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_82b77f8c4618e2d0esif_uf.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Common Files Intel WirelessCommon RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin EvtEng.exe
(Intel Corporation -> Intel® Corporation) C: Program Files Intel WiFi bin ZeroConfigService.exe
(Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_0b214be229a13e84jhi_service.exe
(Groupe Sous-systèmes et blocs IP intégrés Intel® -> Intel Corporation) C: Windows System32 DriverStore FileRepository lms.inf_amd64_51074a304c325b5d LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_8a301c120b987c01igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_523d41b353d185cfOneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_b9dbc85a6586959bIntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C: Windows Lenovo ImController Service Lenovo.Modern.ImController.exe
(Malwarebytes Inc -> Malwarebytes) C: Program Files Malwarebytes Anti-Malware MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDrive21.109.0530.0001FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:UsersdaddyAppDataLocalMicrosoftOneDriveOneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rdpclip.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C: Program Files (x86) Common Files Java Java Update jusched.exe
(PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed] C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe <2>
===================== S'inscrire (approuvé) ====================
(Si une entrée est incluse dans la liste des correctifs, l'entrée de registre est restaurée par défaut ou supprimée. Le fichier n'est pas déplacé.)
HKLM … Exécutez : [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_9971779a1c712866RtkAudUService64.exe [1201968 2020-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM … Exécutez : [Lenovo Essential Wireless Keyboard OSD] => C: Program Files Lenovo Lenovo Essential Wireless Keyboard KBOSD.exe [4485424 2019-04-11] (PRIMAX ÉLECTRONIQUE LTÉE ->) [File not signed]
HKLM-x32 … Exécutez : [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32 … Exécutez : [ConnectionCenter] => C:Program Files (x86)CitrixICA Clientconcentr.exe [2344552 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32 … Exécutez : [Redirector] => C:Program Files (x86)CitrixICA Clientredirector.exe [794728 2021-06-11] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32 … Exécutez : [InstallHelper] => C:Program Files (x86)CitrixCitrix WorkSpace 2106InstallHelper.exe [441448 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4532062511607] => cmd.exe/C rd/S/Q "C:UsersdaddyAppDataLocalTempnsx851F.tmpb" & reg.exe supprime HKCUSoftwareMicrosoftWindowsCurrentVersionRun/v Bomgar_Cleanup_ZD4532062511607/ f <==== REMARQUE !
HKU S-1-5-21-801466221-149834458-993484874-1001 … Exécuter : [Bomgar_Cleanup_ZD4584768713342] => cmd.exe / C rd / S / Q " C: ProgramData bomgar-scc-0x60cb4a45 " & reg.exe supprime HKCU Software Microsoft Windows CurrentVersion Run / v Bomgar_Cleanup_ZD4584768713342 / f <==== NOTEZ CE QUI SUIT
HKLM Software Microsoft Active Setup Composants installés : [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program FilesGoogleChromeApplication91.0.4472.106Installerchrmstp.exe [2021-06-15] (Google LLC -> Google LLC)
Démarrage : C: Users Dad AppData Roaming Microsoft Windows Start Menu Programs Startup Citrix Workspace.lnk [2021-06-03]
ShortcutTarget : Citrix Workspace.lnk -> C: Program Files (x86) Citrix ICA Client SelfServicePlugin SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
====================== Tâches planifiées (approuvées) ==============
(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)
Tâche : 09246B3A-8233-4D2E-8EF0-46AE0AC253FC – System32 Tasks Microsoft Office Office Feature Updates Logon => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation)
Tâche : 2027384A-ECB2-433E-BB1A-CD9D54B1647D – System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Tâche : 23455BB9-9668-43FC-B0ED-85BCDE711F1A – System32 Tasks Lenovo ImController Plugins LenovoSystemUpdatePlugin_WeeklyTask => % windir% System32 reg.exe add hklm SOFTWARE d Lenovo SystemUp / f / reg : 32
Tâche : 372300DF-412C-4A4C-9EEE-867987C6E359 – System32 Tasks Microsoft VisualStudio Updates BackgroundDownload => C: Program Files (x86) Microsoft Visual Studio Installer resources app ServiceHub Services Microsoft .VisualStudio.Setup.Service BackgroundDownload.exe [65448 2021-06-09] (Microsoft Corporation -> Microsoft)
Tâche : 44C195B9-1903-437F-8238-794C6C73D541 – System32 Tasks Lenovo Vantage Schedule DailyTelemetryTransmission => C: Program Files (x86) Lenovo VantageService 3.7.19.0 ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.)
Tâche : 467D8F28-79FC-4EB3-A45C-D1B6AF13FFA0 – System32 Tasks Microsoft Office Office Automatic Updates 2.0 => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Tâche : 6B3E1EF4-0BFE-4967-9940-ACEC6A8816D8 – System32 Tasks Lenovo ImController TimeBasedEvents 7a69b1b2-dca2-42ef-9985-da1532cc6c00 => C: WINDOWS Lenovo ImControll. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Tâche : 71DFA76B-A967-4BBF-8DD7-8AE91F41B43A – System32 Tasks Lenovo ImController TimeBasedEvents 234d62ed-fd5f-40e6-b1d5-043bfd200c3f => C: WINDOWS. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Tâche : 973B2E7C-0921-4D91-844D-B129BC2B40B0 – System32 Tasks GoogleUpdateTaskMachineUA => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-09-30] (Google LLC -> Google LLC)
Tâche : A7E829CD-CF6D-4C8E-B76E-7E63D53BD257 – System32 Tasks Lenovo Vantage Lenovo.Vantage.ServiceMaintainance =>% systemroot% system32 sc.exe lance LenovoVantageService
Tâche : B570FA6A-C02E-4624-B571-D04BFD01C5FB – System32 Tasks Microsoft Office Office ClickToRun Service Monitor => C: Program Files Common Files Microsoft Shared ClickToRun OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Tâche : BADCA65F-EAC4-42FA-81F4-73B7444AA16E – System32 Tasks Lenovo ImController TimeBasedEvents 6b103bc8-ba88-488a-b474-7b2eb759846e => C: WINDOWS Lenovo ImC. Un service. ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Tâche : C72B7A4B-70B2-49F2-9E81-C7A474D942D4 – System32 Tasks Lenovo BatteryGauge BatteryGaugeMaintenance => C: ProgramData Lenovo ImController Plugins LenovoBatteryGaugePackage x64 BGH [144456 2021-05-19] (Lenovo -> Lenovo Group Ltd.)
Tâche : E29BE27F-C5C9-4AE4-A380-C94B093182BB – System32 Tasks Microsoft Office Office Feature Updates => C: Program Files Microsoft Office root Office16 sdxhelper.exe [147272 2021-06-12] (Microsoft Corporation -> Microsoft Corporation)
Tâche : E8B59FCF-6C9E-4D51-995C-2BF5F9DFC0E0 – System32 Tasks Lenovo Vantage Schedule VantageTelemetryAddinTask => C: Program Files (x86) Lenovo VantageService 3.6.15.0 Schedule
Tâche : EDE9BF48-B14C-4338-BDC9-F9C96FA5E73A – System32 Tasks Lenovo ImController Lenovo iM Controller Scheduled Maintenance => "% windir% system32 sc.exe" DÉMARRER ImControllerService
Tâche : F74EB83B-ED68-467D-9EA3-24C05309FFA2 – System32 Tasks Lenovo ImController Lenovo iM Controller Monitor => C: WINDOWS system32 ImController.InfInstaller.exe [62392 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
(Si une entrée est incluse dans la liste des correctifs, le fichier de tâche (.job) est déplacé. Le fichier exécuté par la tâche n'est pas déplacé.)
===================== Internet (approuvé) ====================
(Si un élément est inclus dans la liste de correctifs, il sera supprimé ou restauré à la valeur par défaut s'il s'agit d'un élément de registre.)
Tcpip Paramètres : [DhcpNameServer] 192.168.50.1
Tcpip..Interfacecf7f8ba5-4198-4503-9a29-4d55a6560ba7 : [DhcpNameServer] 192.168.50.1
Bord:
=======
Extension Edge : (sans nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions AutoFormFill [not found]
Extension Edge : (Sans nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets BookViewer [not found]
Extension Edge : (sans nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions LearningTools [not found]
Extension Edge : (Sans nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C: windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe Assets HostExtensions PinJSAPI [not found]
Profil par défaut Edge : par défaut
Profil Edge : C: Users Dad AppData Local Microsoft Edge User Data Default [2021-06-17]
Alertes Edge : Par défaut -> hxxps : //voice.google.com
FireFox :
========
Plugin FF : @ java.com/DTPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261bindtpluginnpDeployJava1.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)
FF-plugin : @ java.com/JavaPlugin, version = 11.261.2 -> C:Program FilesJavajre1.8.0_261binplugin2npjp2.dll [2020-08-07] (Oracle America, Inc. -> Oracle Corporation)
Plugin FF : @microsoft.com/SharePoint, version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Plugin FF-x32 : @ microsoft.com/SharePoint, version = 14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
Profil par défaut du CHR : par défaut
Profil CHR : C: Users Dad AppData Local Google Chrome User Data Default [2021-06-17]
Alertes CHR : Par défaut -> hxxps : //drive.google.com
CHR StartupUrls : Par défaut -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"
Extension CHR : (diapositives) – C: Users Dad AppData Local Google Chrome User Data Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2020-09-30]
Extension CHR : (Adblocker pour Chrome – NoAds) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions alplpnakfeabeiebipdmaenpmbgknjce [2020-09-30]
Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions aohghmighlieiainnegkcijnfilokake [2020-09-30]
Extension CHR : (Google Drive) – C: Users Dad AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2020-11-19]
Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-30]
Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2020-12-10]
Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2020-09-30]
Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions fhbjgbiflinjbdggehcddcbncdddomop [2020-09-30]
Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Default Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09]
Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09]
Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25]
Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09]
Extension CHR : (Extension Cisco Webex) – C: Users papa AppData Local Google Chrome User Data Default Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10]
Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-17]
Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-02-03]
Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
Extension CHR : (Lecteur EPUB simple) – C:UsersdaddyAppDataLocalGoogleChromeUser DataStandardExtensionsojhbgcchcbdjdenibfmjofobklkkhofc [2020-09-30]
Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pjkljhegncpnkpknbcohdijeoejaedia [2020-11-18]
Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Standard Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09]
Profil CHR : C: Users Dad AppData Local Google Chrome User Data Guest Profile [2021-06-17]
Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 1 [2021-06-03]
CHR StartupUrls : Profil 1 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"
URL de recherche par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/? Q = termes de recherche
Mots-clés de recherche par défaut du CHR : Profil 1 -> duckduckgo.com
CHR DefaultNewTabURL : Profil 1 -> hxxps : //duckduckgo.com/chrome_newtab
URL de suggestion par défaut du CHR : Profil 1 -> hxxps : //duckduckgo.com/ac/? Q = searchTerms & type = liste
Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]
Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25]
Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25]
Extension CHR : (DuckDuckGo) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions bkdgflcldnnnapblkhphbgpggdiikppg [2021-05-21]
Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25]
Extension CHR : (Google Chromecast Video Stream) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions cnciopoikihiagdjbjpnocolokfelagl [2021-03-25]
Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25]
Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 1 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25]
Extension CHR : (Readium) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fepbnnnkkadjhjahcafoaglimekefifl [2021-03-25]
Extension CHR : (Postman) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25]
Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-03]
Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-03]
Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-21]
Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-05-21]
Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-03-25]
Extension CHR : (Tag Assistant Legacy (par Google)) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions kejbdjndbnbjgmefkgdddjlbokphdefk [2021-03-25]
Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-03]
Extension CHR : (Virtru Email Protection) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nemmanchfojaehgkbgcfmdiidbopakpp [2021-06-03]
Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25]
Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]
Extension CHR : (Lecteur EPUB simple) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25]
Extension CHR : (Gmail) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]
Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 1 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-21]
Profil CHR : C: Users Dad AppData Local Google Chrome User Data Profile 2 [2021-06-10]
CHR StartupUrls : Profil 2 -> "hxxp : //www.google.com/ig", "hxxp : //www.google.com/"
Extension CHR : (Diapositives) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]
Extension CHR : (Docs) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions aohghmighlieiainnegkcijnfilokake [2021-03-25]
Extension CHR : (Google Drive) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions apdfllckaahabafndbhieahigkjlhalf [2021-03-25]
Extension CHR : (YouTube) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25]
Extension CHR : (Google Play Music) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fahmaaghhglfmonjliepjlchgpgfmobi [2021-03-25]
Extension CHR : (Feuille) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions felcaaldnbdncclmgdcncolpebgiejap [2021-03-25]
Extension CHR : (Mailbox) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fhbjgbiflinjbdggehcddcbncdddomop [2021-03-25]
Extension CHR : (React Developer Tools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions fmkadmapgofadopljbjfkapdkoienihi [2021-06-09]
Extension CHR : (FantasyPros : Gagnez votre Fantasy League) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2021-06-09]
Extension CHR : (Google Docs offline) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-25]
Extension CHR : (AdBlock – meilleur bloqueur de publicités) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions gighmmpiobklfepjocnamgkkbiglidom [2021-06-09]
Extension CHR : (Extension Cisco Webex) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions jlhmfgmfgeifomenelglieieghnjghma [2021-06-10]
Extension CHR : (Loom for Chrome) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions liecbddmkiiihnedobmlmillhodjkdmb [2021-06-09]
Extension CHR : (Vue.js devtools) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nhdogjmejiglipccpnnnanhbledajbpd [2021-03-25]
Extension CHR : (Chrome Web Store Payments) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]
Extension CHR : (Simple EPUB Reader) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions ojhbgcchcbdjdenibfmjofobklkkhofc [2021-03-25]
Extension CHR : (Gmail) – C: Users Dad AppData Local Google Chrome User Data Profile 2 Extensions pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]
Extension CHR : (Chrome Media Router) – C: Users daddy AppData Local Google Chrome User Data Profile 2 Extensions pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10]
Profil CHR : C: Users papa AppData Local Google Chrome User Data System Profile [2021-06-17]
====================== Services (approuvés) ====================
(Si une entrée est incluse dans la liste des correctifs, elle sera supprimée du registre. Le fichier ne sera pas déplacé à moins qu'il ne soit répertorié séparément.)
R2 AzureAttestService ; C:Program FilesMicrosoftAzureAttestServiceAzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc ; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Service de mise à jour CWA R2 ; C:Program Files (x86)CitrixClient ICARécepteurUpdaterService.exe [51816 2021-06-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 ImControllerService ; C: WINDOWS Lenovo ImController Service Lenovo.Modern.ImController.exe [81824 2021-03-14] (Lenovo -> Lenovo Group Ltd.)
Service LenovoVantage R2 ; C: Program Files (x86) Lenovo VantageService 3.7.19.0 LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C: Program Files Malwarebytes Anti-Malware MBAMService.exe [7391408 2021-06-03] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQLSERVER ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
Sens S3 ; C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [5393304 2021-06-08] (Éditeur Microsoft Windows -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnSQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTÉLÉMÉTRIE ; C:Program FilesMicrosoft SQL ServerMSSQL15.MSSQLSERVERMSSQLBinnsqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150 ; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C: ProgramData Microsoft Windows Defender Platform 4.18.2104.14-0 MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
====================== Drivere (godkjent) ====================
(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)
R2 ctxusbm; C: WINDOWS system32 DRIVERS ctxusbmon.sys [135160 2021-04-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R1 ESProtectionDriver; C: WINDOWS system32 drivers mbae64.sys [199128 2021-04-22] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C: WINDOWS System32 Drivers MbamChameleon.sys [220752 2021-06-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C: WINDOWS System32 DRIVERS MbamElam.sys [19912 2020-12-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C: WINDOWS System32 DRIVERS farflt.sys [198888 2021-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMBeskyttelse; C: WINDOWS system32 DRIVERS mbam.sys [77496 2021-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C: WINDOWS System32 Drivers mbamswissarmy.sys [248992 2021-06-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C: WINDOWS system32 DRIVERS mwac.sys [156880 2021-06-16] (Malwarebytes Inc -> Malwarebytes)
S4 RsFx0600; C: WINDOWS System32 DRIVERS RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R1 vbdenum; C: WINDOWS System32 drivers vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 WdBoot; C: WINDOWS system32 drivers wd WdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C: WINDOWS system32 drivers wd WdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C: WINDOWS System32 drivers wd WdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation)
R3 WiMan; C: WINDOWS System32 DriverStore FileRepository wiman.inf_amd64_98b999a70a116eaa WiMan WiMan.sys [163824 2020-04-13] (Intel® trådløse tilkoblingsløsninger ->)
==================== NetSvcs (godkjent) =====================
(Hvis en oppføring er inkludert i fikslisten, vil den bli fjernet fra registeret. Filen blir ikke flyttet med mindre den er oppført separat.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-17 17:10 – 2021-06-17 17:11 – 000029449 _____ C:UsersdaddyDownloadsFRST.txt
2021-06-17 17:10 – 2021-06-17 17:11 – 000000000 ____D C:FRST
2021-06-17 17:07 – 2021-06-17 17:07 – 002300416 _____ (Farbar) C:UsersdaddyDownloadsFRST64.exe
2021-06-17 16:44 – 2021-06-17 16:44 – 000000852 _____ C:Usersdaddy.bash_history
2021-06-17 16:35 – 2021-06-17 16:35 – 000000000 ____D C:UsersdaddyAppDataLocalLowIGDump
2021-06-17 16:22 – 2021-06-17 16:22 – 000000020 _____ C:Usersdaddy.lesshst
2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2019.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002727 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection 2016.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002713 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams for Web.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002711 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsMF Cobol File Explorer.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002705 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuPrograms2016 File Explorer.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsSecurity Central.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook Web Access.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002703 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002699 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsHR Connect Time.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002691 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemedyforce.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002689 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002681 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneNote.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002671 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPowerPoint.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002667 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsPublisher.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002659 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook (1).lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002651 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExcel.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsWord.lnk
2021-06-17 09:19 – 2021-06-17 09:19 – 000000000 ____D C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsEmail
2021-06-17 09:15 – 2021-06-17 09:15 – 000002541 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsCitrix Workspace.lnk
2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataCitrix
2021-06-17 09:15 – 2021-06-17 09:15 – 000000000 ____D C:ProgramDataboost_interprocess
2021-06-17 09:13 – 2021-06-17 09:13 – 152107624 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp (1).exe
2021-06-17 09:12 – 2021-06-17 09:21 – 000000000 ____D C:ProgramDatabomgar-scc-0x60cb4a45
2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalDeployment
2021-06-17 09:12 – 2021-06-17 09:12 – 000000000 ____D C:UsersdaddyAppDataLocalApps2.0
2021-06-16 20:37 – 2021-06-16 20:37 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2021-06-16 20:37 – 2021-06-16 20:37 – 000156880 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2021-06-16 20:37 – 2021-06-16 20:37 – 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2021-06-15 20:26 – 2021-06-15 20:26 – 002699372 _____ C:WINDOWSMinidump 61521-8109-01.dmp
2021-06-12 23:30 – 2021-06-12 23:30 – 002469564 _____ C:WINDOWSMinidump 61221-7046-01.dmp
2021-06-12 21:16 – 2021-06-12 21:16 – 002730700 _____ C:WINDOWSMinidump 61221-7187-02.dmp
2021-06-12 20:02 – 2021-06-12 20:02 – 002536164 _____ C:WINDOWSMinidump 61221-7187-01.dmp
2021-06-12 16:57 – 2021-06-12 16:57 – 002468524 _____ C:WINDOWSMinidump 61221-7156-01.dmp
2021-06-11 08:52 – 2021-06-14 10:44 – 000000000 ____D C:UsersdaddyAppDataRoamingnpm-cache
2021-06-11 05:52 – 2021-06-11 05:52 – 002756608 _____ C:UsersdaddyDownloadspixusArchive.bak
2021-06-11 03:40 – 2021-06-11 03:40 – 000000000 ____D C:Usersdaddy.librarymanager
2021-06-11 03:11 – 2021-06-11 03:11 – 000000000 ____D C:UsersdaddyDownloadsComponentArt
2021-06-11 03:10 – 2021-06-11 03:10 – 099987155 _____ C:UsersdaddyDownloadsComponentArt.zip
2021-06-11 02:56 – 2021-06-15 20:26 – 1054587914 _____ C:WINDOWSMEMORY.DMP
2021-06-11 02:56 – 2021-06-15 20:26 – 000000000 ____D C:WINDOWSMinidump
2021-06-10 10:02 – 2021-06-10 10:03 – 359271624 _____ C:UsersdaddyDownloadsCRforVS13SP25_0-10010309.EXE
2021-06-10 09:55 – 2021-06-10 09:55 – 000000000 ____D C:inetpub
2021-06-10 09:50 – 2021-06-10 09:53 – 103895040 _____ C:UsersdaddyDownloadsCR13SP25MSI64_0-10010309.MSI
2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataMacrovision
2021-06-10 09:45 – 2021-06-10 09:45 – 000000000 ____D C:ProgramDataFLEXnet
2021-06-10 09:44 – 2021-06-10 09:44 – 000000000 ____D C:WINDOWSsystem32appmgmt
2021-06-10 09:29 – 2021-06-10 09:29 – 000000000 ____D C:UsersdaddyAppDataLocalLowTemp
2021-06-10 09:21 – 2021-06-10 09:21 – 000000056 _____ C:Usersdaddy.gitconfig
2021-06-10 09:09 – 2021-06-10 09:11 – 2996994048 _____ C:UsersdaddyDownloadspixus_mock.bak
2021-06-10 09:09 – 2021-06-10 09:09 – 044163072 _____ C:UsersdaddyDownloadspixuscontact_mock.bak
2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsComponentArt
2021-06-10 09:02 – 2021-06-11 03:14 – 000000000 ____D C:Program Files (x86)ComponentArt
2021-06-10 09:01 – 2021-06-10 09:01 – 000000000 ____D C:UsersdaddyDownloadsDisk1
2021-06-10 08:42 – 2021-06-10 10:05 – 000000000 ____D C:Program Files (x86)SAP BusinessObjects
2021-06-10 08:35 – 2021-06-10 08:57 – 095855968 _____ C:UsersdaddyDownloads 0049561.exe
2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:UsersdaddyAppDataLocalNuGet
2021-06-10 08:19 – 2021-06-10 08:19 – 000000000 ____D C:Usersdaddy.nuget
2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalToolbox Reseter
2021-06-10 08:13 – 2021-06-10 08:13 – 000000000 ____D C:UsersdaddyAppDataLocalDevExpress
2021-06-10 08:12 – 2021-06-11 09:16 – 000000000 ____D C:UsersdaddyDocumentsSQL Server Management Studio
2021-06-10 08:11 – 2021-06-10 08:11 – 000000000 ____D C:UsersdaddyDocumentsASP.NET AJAX Control Toolkit
2021-06-10 08:09 – 2021-06-10 08:09 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress 20.2
2021-06-10 08:08 – 2021-06-10 08:18 – 000000000 ____D C:UsersdaddyAppDataRoamingDevExpress
2021-06-10 08:08 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDevExpress
2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:UsersPublicDocumentsDevExpress Demos 20.2
2021-06-10 08:07 – 2021-06-10 08:08 – 000000000 ____D C:ProgramDataDocumentsDevExpress Demos 20.2
2021-06-10 08:07 – 2021-06-10 08:07 – 000000000 ____D C:Program Files (x86)DevExpress 20.2
2021-06-10 07:48 – 2021-06-10 07:48 – 000002422 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsDevExpress Documentation for VS 2017 and 2019.lnk
2021-06-10 07:40 – 2021-06-10 07:40 – 000000000 ____D C:Program Files (x86)DevExpress
2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsOneDrive_1_6-9-2021
2021-06-10 07:39 – 2021-06-10 07:39 – 000000000 ____D C:UsersdaddyDownloadsDevExpress
2021-06-09 15:38 – 2021-06-09 15:38 – 000000000 ____D C:UsersdaddyAppDataRoamingNuGet
2021-06-09 15:37 – 2021-06-09 15:45 – 686894260 _____ C:UsersdaddyDownloadsOneDrive_1_6-9-2021.zip
2021-06-09 14:00 – 2021-06-09 14:01 – 1289095444 _____ C:UsersdaddyDownloadsDevExpress.zip
2021-06-09 13:24 – 2021-01-19 12:48 – 000002492 _____ C:UsersdaddyDesktopOhio Capital Corporation MFA.rdp
2021-06-09 11:24 – 2021-06-11 09:19 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2019
2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalServiceHub
2021-06-09 11:24 – 2021-06-09 11:24 – 000000000 ____D C:UsersdaddyAppDataLocalIdentityNexusIntegration
2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGit
2021-06-09 11:13 – 2021-06-09 11:13 – 000000000 ____D C:Program FilesGit
2021-06-09 11:11 – 2021-06-09 11:11 – 051179176 _____ (The Git Development Community ) C:UsersdaddyDownloadsGit-2.32.0-64-bit.exe
2021-06-09 11:10 – 2021-06-09 15:37 – 000000000 ____D C:Usersdaddysource
2021-06-09 11:01 – 2021-06-10 09:18 – 000000000 ____D C:UsersdaddyDocumentsVisual Studio 2017
2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server Tools 18
2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAzure Data Studio
2021-06-09 11:01 – 2021-06-09 11:01 – 000000000 ____D C:Program FilesAzure Data Studio
2021-06-09 11:00 – 2021-06-15 11:57 – 000000000 ____D C:UsersdaddyAppDataLocal.IdentityService
2021-06-09 11:00 – 2021-06-09 11:00 – 000001799 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBlend for Visual Studio 2019.lnk
2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program FilesMicrosoft Analysis Services
2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server Management Studio 18
2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Help Viewer
2021-06-09 11:00 – 2021-06-09 11:00 – 000000000 ____D C:Program Files (x86)Microsoft Analysis Services
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW643082
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW642052
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641055
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641049
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641046
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641045
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641042
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641041
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641040
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641036
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641031
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641029
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSSysWOW641028
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem323082
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem322052
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321055
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321049
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321046
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321045
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321042
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321041
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321040
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321036
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321031
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321029
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:WINDOWSsystem321028
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Azure
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:ProgramDatadftmp
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2012Schemas
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesVS2010Schemas
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesMicrosoft SDKs
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program FilesIIS
2021-06-09 10:58 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)IIS
2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsMy Web Sites
2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:UsersdaddyDocumentsIISExpress
2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesIIS Express
2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft Web Tools
2021-06-09 10:57 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)IIS Express
2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:WINDOWSsystem32RsFx
2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program FilesMicrosoft Visual Studio 10.0
2021-06-09 10:56 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)NuGet
2021-06-09 10:55 – 2021-06-09 10:58 – 000000000 ____D C:Program Files (x86)Microsoft SDKs
2021-06-09 10:55 – 2021-06-09 10:56 – 000000000 ____D C:Program Files (x86)Windows Kits
2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Usersdaddy.dotnet
2021-06-09 10:55 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)Reference Assemblies
2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSSysWOW641033
2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:WINDOWSsystem321033
2021-06-09 10:54 – 2021-06-09 11:00 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019
2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Filesdotnet
2021-06-09 10:54 – 2021-06-09 10:55 – 000000000 ____D C:Program Files (x86)dotnet
2021-06-09 10:54 – 2021-06-09 10:54 – 000001798 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019.lnk
2021-06-09 10:54 – 2021-06-09 10:54 – 000000000 ____D C:Program Files (x86)MSBuild
2021-06-09 10:53 – 2021-06-09 10:57 – 000000000 ____D C:Program Files (x86)Microsoft SQL Server
2021-06-09 10:53 – 2021-06-09 10:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft SQL Server 2019
2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:SQL2019
2021-06-09 10:52 – 2021-06-09 10:53 – 000000000 ____D C:Program Files (x86)Microsoft Visual Studio
2021-06-09 10:52 – 2021-06-09 10:52 – 000001432 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Installer.lnk
2021-06-09 10:52 – 2021-06-09 10:52 – 000000000 ____D C:UsersdaddyAppDataRoamingVisual Studio Setup
2021-06-09 10:51 – 2021-06-09 10:57 – 000000000 ____D C:Program FilesMicrosoft SQL Server
2021-06-09 10:50 – 2021-06-09 10:50 – 000000000 ____D C:ProgramDataMicrosoft Visual Studio
2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb
2021-06-08 17:18 – 2021-06-08 17:18 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb
2021-06-08 17:18 – 2021-06-08 17:18 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll
2021-06-08 17:18 – 2021-06-08 17:18 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll
2021-06-08 17:18 – 2021-06-08 17:18 – 001823792 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2021-06-08 17:18 – 2021-06-08 17:18 – 001393496 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi
2021-06-08 17:18 – 2021-06-08 17:18 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi
2021-06-08 17:18 – 2021-06-08 17:18 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll
2021-06-08 17:18 – 2021-06-08 17:18 – 000568832 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2021-06-08 17:18 – 2021-06-08 17:18 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv
2021-06-08 17:18 – 2021-06-08 17:18 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll
2021-06-08 17:18 – 2021-06-08 17:18 – 000451072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2021-06-08 17:18 – 2021-06-08 17:18 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv
2021-06-08 17:18 – 2021-06-08 17:18 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll
2021-06-08 17:18 – 2021-06-08 17:18 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe
2021-06-08 17:18 – 2021-06-08 17:18 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2021-06-08 17:18 – 2021-06-08 17:18 – 000097280 _____ C:WINDOWSsystem32Driverscimfs.sys
2021-06-08 17:18 – 2021-06-08 17:18 – 000011353 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-06-03 15:27 – 2021-06-03 15:27 – 000000000 ____H C:WINDOWSsystem32DriversMsft_User_WpdFs_01_11_00.Wdf
2021-06-03 13:32 – 2021-06-03 13:32 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2021-06-03 12:43 – 2021-06-03 12:43 – 000002707 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsRemote Desktop Connection.lnk
2021-06-03 12:43 – 2021-06-03 12:43 – 000002693 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk
2021-06-03 12:43 – 2021-06-03 12:43 – 000002675 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsExplorer++.lnk
2021-06-03 12:43 – 2021-06-03 12:43 – 000002647 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook.lnk
2021-06-03 12:43 – 2021-06-03 12:43 – 000002641 _____ C:UsersdaddyDesktopExplorer++.lnk
2021-06-03 12:43 – 2021-06-03 12:43 – 000000000 ____D C:UsersdaddyAppDataRoamingCitrix
2021-06-03 12:39 – 2021-06-03 12:39 – 000000634 _____ C:UsersdaddyDownloadsreceiverconfig.cr
2021-06-03 12:37 – 2021-06-17 15:48 – 000000000 ____D C:UsersdaddyAppDataLocalCitrix
2021-06-03 12:37 – 2021-06-03 12:48 – 000000000 ____D C:UsersdaddyAppDataRoamingICAClient
2021-06-03 12:36 – 2021-06-17 09:15 – 000000000 ____D C:Program Files (x86)Citrix
2021-06-03 12:36 – 2021-06-03 12:36 – 149436000 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixWorkspaceApp.exe
2021-06-03 12:26 – 2021-06-03 12:58 – 000000000 ____D C:Program Files (x86)ZohoMeeting
2021-06-03 12:26 – 2021-06-03 12:26 – 001063048 _____ (ZOHO Corporation) C:UsersdaddyDownloadsZA_Connect.exe
2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:UsersdaddyAppDataLocalZohoMeeting
2021-06-03 12:26 – 2021-06-03 12:26 – 000000000 ____D C:ProgramDataZohoMeeting
2021-06-03 12:14 – 2021-06-03 12:14 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (2).exe
2021-06-03 12:11 – 2021-06-03 12:11 – 043462544 _____ (Citrix Systems, Inc.) C:UsersdaddyDownloadsCitrixReceiverWeb (1).exe
2021-06-01 09:43 – 2021-06-01 09:43 – 000000000 ___HD C:OneDriveTemp
2021-05-20 12:52 – 2021-05-21 07:02 – 000000000 ____D C:UsersdaddyDocumentsOutlook Files
2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140d.i386.dll
2021-05-19 17:08 – 2021-05-19 17:08 – 001319288 _____ (LLVM) C:WINDOWSSysWOW64libomp140.i386.dll
2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140d.x86_64.dll
2021-05-19 17:06 – 2021-05-19 17:06 – 001664912 _____ (LLVM) C:WINDOWSsystem32libomp140.x86_64.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-17 17:04 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-06-17 16:44 – 2021-03-25 12:52 – 000000000 ____D C:Usersdaddy
2021-06-17 16:18 – 2021-03-25 12:51 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-06-17 08:10 – 2020-08-06 19:59 – 000000000 ___RD C:UsersdaddyOneDrive
2021-06-16 20:48 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState
2021-06-16 20:41 – 2021-03-25 12:58 – 001013234 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-06-16 20:41 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF
2021-06-16 20:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-06-16 20:37 – 2021-03-25 12:55 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-06-16 20:37 – 2021-03-25 12:51 – 000008192 ___SH C:DumpStack.log.tmp
2021-06-16 20:37 – 2020-08-06 19:57 – 000000000 __SHD C:UsersdaddyIntelGraphicsProfiles
2021-06-16 20:37 – 2020-07-22 12:54 – 000000000 ___HD C:Intel
2021-06-16 20:37 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-06-16 20:36 – 2021-03-25 12:55 – 000003374 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-801466221-149834458-993484874-1001
2021-06-16 20:36 – 2021-03-25 12:52 – 000002366 _____ C:UsersdaddyAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-06-16 20:35 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-06-15 07:22 – 2019-12-07 05:51 – 000000000 ____D C:WINDOWSsystem32FxsTmp
2021-06-15 06:57 – 2020-09-30 11:55 – 000002254 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2021-06-15 06:57 – 2020-09-30 11:55 – 000002213 _____ C:ProgramDataDesktopGoogle Chrome.lnk
2021-06-15 06:49 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-06-12 17:08 – 2020-07-22 12:45 – 000000000 ____D C:Program FilesMicrosoft Office
2021-06-12 15:05 – 2020-08-12 17:35 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2021-06-12 15:05 – 2020-08-12 17:35 – 000002283 _____ C:ProgramDataDesktopMicrosoft Edge.lnk
2021-06-12 00:29 – 2020-08-06 20:14 – 000000000 ____D C:UsersdaddyAppDataLocalComms
2021-06-11 08:52 – 2020-08-07 08:28 – 000000000 ____D C:Usersdaddy.config
2021-06-11 03:14 – 2020-07-22 12:56 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information
2021-06-10 13:27 – 2021-03-25 12:51 – 000444624 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-06-10 10:07 – 2020-07-22 12:56 – 000000000 ____D C:ProgramDataPackage Cache
2021-06-10 09:09 – 2021-03-25 10:52 – 000002393 _____ C:UsersdaddyDesktopTom (Person 1) – Chrome.lnk
2021-06-09 11:00 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-06-09 10:57 – 2021-03-25 16:48 – 000000000 ____D C:WINDOWSServiceProfiles
2021-06-09 10:27 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-06-09 10:07 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSPrintDialog
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64lv-LV
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64et-EE
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32lv-LV
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32et-EE
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-06-09 10:07 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-06-08 17:11 – 2021-03-20 23:53 – 000000000 ___HD C:$WinREAgent
2021-06-08 17:09 – 2020-08-06 23:16 – 000000000 ____D C:WINDOWSsystem32MRT
2021-06-08 17:06 – 2020-08-06 23:16 – 132447432 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-06-03 13:33 – 2020-07-22 13:36 – 000000000 ____D C:ProgramDataLenovo
2021-06-03 13:32 – 2020-09-17 04:51 – 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-06-03 13:32 – 2020-09-17 04:51 – 000002028 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-06-03 12:02 – 2020-09-29 08:17 – 000005086 _____ C:WINDOWSsystem32InstallUtil.InstallLog
2021-06-02 06:08 – 2020-12-22 10:04 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-06-02 06:06 – 2020-08-21 05:42 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-06-01 09:42 – 2020-08-06 19:57 – 000000000 ____D C:UsersdaddyAppDataLocalConnectedDevicesPlatform
2021-05-25 07:48 – 2020-08-21 05:42 – 000725304 _____ (Microsoft Corporation) C:WINDOWSsystem32sedplugins.dll
2021-05-25 07:48 – 2020-08-21 05:42 – 000470328 _____ (Microsoft Corporation) C:WINDOWSsystem32QualityUpdateAssistant.dll
2021-05-20 12:53 – 2019-10-17 00:10 – 000000000 __RHD C:UsersPublicAccountPictures
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021
Ran by daddy (17-06-2021 17:12:04)
Running from C:UsersdaddyDownloads
Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-03-25 16:55:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-801466221-149834458-993484874-500 – Administrator – Disabled)
daddy (S-1-5-21-801466221-149834458-993484874-1001 – Administrator – Enabled) => C:Usersdaddy
DefaultAccount (S-1-5-21-801466221-149834458-993484874-503 – Limited – Disabled)
Guest (S-1-5-21-801466221-149834458-993484874-501 – Limited – Disabled)
toman (S-1-5-21-801466221-149834458-993484874-1003 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-801466221-149834458-993484874-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46
AV: Malwarebytes (Enabled – Up to date) 23007AD3-69FE-687C-2629-D584AFFAF72B
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Active Directory Authentication Library for SQL Server (HKLM…6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF) (Version: 15.0.1300.359 – Microsoft Corporation) Hidden
Azure Data Studio (HKLM…6591F69E-6588-4980-81ED-C8FCBD7EC4B8_is1) (Version: 1.28.0 – Microsoft Corporation)
Browser for SQL Server 2019 (HKLM-x32…5E366957-8D78-4BB5-A790-96F97A9766BD) (Version: 15.0.2000.5 – Microsoft Corporation)
Citrix Workspace 2106 (HKLM-x32…CitrixOnlinePluginPackWeb) (Version: 21.6.0.47 – Citrix Systems, Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…