Jump to content

Mortadha_Said

Members
  • Content Count

    4
  • Joined

  • Last visited

About Mortadha_Said

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ive used some vpns but i never seen that proxy server before
  2. I apologize for the late response i got busy with some work anyway i did as u told me and here's every log necessary Mb: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/20/19 Scan Time: 10:15 AM Log File: 31e9b32e-db87-11e9-9a13-309c23834de6.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.625 Update Package Version: 1.0.12571 License: Free -System Information- OS: Windows 10 (Build 17134.950) CPU: x64 File System: NTFS User: DESKTOP-8CMRAB0\SKYMIL -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 296559 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 17 min, 11 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571 Module: 5 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\CPUIDINTERFACE.DLL, Quarantined, [3819], [396386],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\HARDWARELIB.DLL, Quarantined, [3819], [396386],1.0.12571 Registry Key: 16 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_PerformanceMonitor, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{60F651C6-6FF9-41C0-A083-B8AEC5DD4614}, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{60F651C6-6FF9-41C0-A083-B8AEC5DD4614}, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER, Quarantined, [3819], [580520],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService12, Quarantined, [3819], [380352],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_SkipUac_SKYMIL, Quarantined, [3819], [380341],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D70588-C82A-4585-A996-E93EEB5D0391}, Quarantined, [3819], [380341],1.0.12571 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{88D70588-C82A-4585-A996-E93EEB5D0391}, Quarantined, [3819], [380341],1.0.12571 RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinmonFS, Quarantined, [791], [700103],1.0.12571 RiskWare.BitCoinMiner, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\EpicNet Inc., Quarantined, [791], [451809],1.0.12571 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}, Quarantined, [3211], [431497],1.0.12571 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}, Quarantined, [3211], [431498],1.0.12571 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, Quarantined, [3211], [431498],1.0.12571 Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ScheduledUpdate, Quarantined, [3707], [513779],1.0.12571 Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5BCECD34-08D7-46F4-B700-63B4C9011571}, Quarantined, [3707], [513779],1.0.12571 Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5BCECD34-08D7-46F4-B700-63B4C9011571}, Quarantined, [3707], [513779],1.0.12571 Registry Value: 6 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER|IMAGEPATH, Quarantined, [3819], [580520],1.0.12571 PUP.Optional.CloudNet, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C6D7A91F-5F6D-48F4-8FA3-2B49920559F5}, Quarantined, [6026], [446028],1.0.12571 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E29283EE-5850-4C82-A992-5857E8F5AB60}, Quarantined, [574], [446017],1.0.12571 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}|PATH, Quarantined, [3211], [431497],1.0.12571 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 12, Quarantined, [3819], [380353],1.0.12571 RiskWare.BitCoinMiner.BITSRST, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CLOUDNET, Quarantined, [1075], [733907],1.0.12571 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\SeederTasks, Quarantined, [928], [383595],1.0.12571 PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\ModuleH, Quarantined, [928], [383595],1.0.12571 PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data, Quarantined, [928], [383595],1.0.12571 PUP.Optional.BrowserManager, C:\USERS\SKYMIL\APPDATA\LOCAL\YANDEX\BROWSERMANAGER, Quarantined, [928], [383595],1.0.12571 RiskWare.BitCoinMiner.BITSRST, C:\USERS\SKYMIL\APPDATA\ROAMING\EPICNET INC, Quarantined, [1075], [733906],1.0.12571 File: 23 Adware.Agent, C:\Windows\System32\drivers\Winmon.sys, Quarantined, [93], [431629],0.0.0 RiskWare.BitCoinMiner, C:\Windows\System32\drivers\WinmonFS.sys, Quarantined, [791], [700145],0.0.0 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 12.lnk, Quarantined, [3819], [380338],1.0.12571 PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\ModuleH\h_lib.dll, Quarantined, [928], [383595],1.0.12571 PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\debug.log, Quarantined, [928], [383595],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC12_PerformanceMonitor, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\MONITOR_WIN10_X64.SYS, Quarantined, [3819], [580520],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC12_SkipUac_SKYMIL, Quarantined, [3819], [380341],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571 RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\DRIVERS\WINMONPROCESSMONITOR.SYS, Quarantined, [791], [700106],0.0.0 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\CPUIDINTERFACE.DLL, Quarantined, [3819], [396386],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\HARDWARELIB.DLL, Quarantined, [3819], [396386],1.0.12571 Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\ScheduledUpdate, Quarantined, [3707], [513779],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 12.lnk, Quarantined, [3819], [396386],1.0.12571 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [3819], [396386],1.0.12571 RiskWare.GameHack, C:\USERS\SKYMIL\APPDATA\ROAMING\Microsoft\Windows\Recent\VNHAX VIP V1.5.0.45.lnk, Quarantined, [7474], [712842],1.0.12571 RiskWare.GameHack, C:\USERS\SKYMIL\DESKTOP\NOUVEAU DOSSIER\VNHAX VIP V1.5.0.45.ZIP, Quarantined, [7474], [712842],1.0.12571 RiskWare.GameHack, C:\USERS\SKYMIL\APPDATA\LOCAL\TEMP\TEMP2_VNHAX VIP V1.5.0.45.ZIP\VNHAX VIP V1.5.0.45\VNHAX VIP V1.5.0.45.EXE, Quarantined, [7474], [712842],1.0.12571 RiskWare.GameHack, C:\USERS\SKYMIL\DOWNLOADS\VNHAX VIP V1.5.0.45.ZIP, Quarantined, [7474], [712842],1.0.12571 Generic.Malware/Suspicious, C:\USERS\SKYMIL\DOWNLOADS\TORCHSETUPSTUB.EXE, Quarantined, [0], [392686],1.0.12571 PUP.Optional.YTDVideoDownloader, C:\USERS\SKYMIL\DOWNLOADS\YTDSETUP.EXE, Quarantined, [13008], [591608],1.0.12571 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ADW Cleaner : # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-05-2019 # Database: 2019-09-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-20-2019 # Duration: 00:00:55 # OS: Windows 10 Pro # Cleaned: 91 # Failed: 3 ***** [ Services ] ***** Deleted Update service ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\IOBIT\Driver Booster Deleted C:\Program Files (x86)\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\Zona Deleted C:\ProgramData\IOBIT\Driver Booster Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Deleted C:\ProgramData\Tencent Deleted C:\Users\SKYMIL\AppData\LocalLow\IObit\Advanced SystemCare Deleted C:\Users\SKYMIL\AppData\Local\torch Deleted C:\Users\SKYMIL\AppData\Roaming\IOBIT\Driver Booster Deleted C:\Users\SKYMIL\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Users\SKYMIL\AppData\Roaming\Tencent Deleted C:\Users\SKYMIL\AppData\Roaming\Zona Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Deleted C:\Windows\rss ***** [ Files ] ***** Deleted C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zona.lnk Deleted C:\Users\SKYMIL\Desktop\Zona.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (SKYMIL) ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Classes\Zona Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12 Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet Deleted HKCU\Software\torch Deleted HKCU\Software\zona Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare Deleted HKLM\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.html\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.pdf\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.png\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe Deleted HKLM\SOFTWARE\Classes\Applications\TorchSetupstub.exe Deleted HKLM\SOFTWARE\Classes\Applications\Zona.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{371AA046-A444-4970-9EC6-9FD4D4344744} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{371AA046-A444-4970-9EC6-9FD4D4344744} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B58E1A93-1031-4AA3-A97E-6ABBEA31EC48} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (SKYMIL) Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D958D9D9-9097-4FC3-8A2C-45F540170EF3}C:\program files (x86)\popcorn time\nodejs\node.exe Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1A1B1A80-AE2B-48C5-AED6-DBB336DB57A7}C:\program files (x86)\popcorn time\nodejs\node.exe Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0DEE0E7E-BF4C-4639-BA01-B193F3BEE256} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{472DBABF-EC9E-4D22-8520-49B29F61061B} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{48250838-644A-466E-A9BB-98CD6D98481E} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{52556675-8222-4F66-8202-22DAF589362B} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5952283B-35CF-4E80-841B-6DD827960F5C} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6ECA41E6-2392-49D5-8B71-62A711303D0F} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{719EBD17-0DEA-4DC0-A9F4-DE37D62D8323} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{78FEBBDC-3409-4706-A219-1ABCFE525AC6} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A6E5D7D2-899A-45F1-947E-53AB4C954554} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B054DF70-1C87-4773-B3F4-A3DD09FF6A6D} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CB6E2C18-84CE-475E-842D-0F6266646D51} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CBB5AB9B-1F2F-4521-BE85-83C949F35FCD} Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Classes\Zona Deleted HKLM\Software\Wow6432Node\IOBIT\ASC Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1 Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\zona Deleted HKLM\Software\Wow6432Node\torch Deleted HKLM\Software\Wow6432Node\zona Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2} Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluetooth-driver-installer.fr.softonic.com Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluetooth-driver-installer.fr.softonic.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Not Deleted banggood.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner_Debug.log - [63599 octets] - [20/09/2019 10:43:22] AdwCleaner[S00].txt - [12004 octets] - [20/09/2019 10:44:10] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## FRST.txt : Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019 01 Exécuté par SKYMIL (administrateur) sur DESKTOP-8CMRAB0 (Micro-Star International Co., Ltd. MS-7B61) (20-09-2019 10:55:35) Exécuté depuis C:\Users\SKYMIL\Downloads Profils chargés: SKYMIL (Profils disponibles: SKYMIL) Platform: Windows 10 Pro Version 1803 17134.950 (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () [Fichier non signé] C:\Program Files (x86)\arcai.com\netcut_windows.exe (Arcai.com) [Fichier non signé] C:\Program Files (x86)\arcai.com\aips.exe (Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe (Famatech Corp.) [Fichier non signé] C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel(R) Corporation -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\SKYMIL\Downloads\adwcleaner_7.4.1.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\NisSrv.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegister.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\APP Manager\AppManager.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\TBSWebRenderer.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4260000 2018-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [APP Manager] => C:\Program Files (x86)\MSI\APP Manager\AppManager.exe [3705520 2019-05-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [1590784 2019-08-16] (Famatech Corp.) [Fichier non signé] HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Run: [EpicGamesLauncher] => D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35926416 2019-08-28] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Run: [Discord] => C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [Fichier non signé] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\77.0.68.139\Installer\chrmstp.exe [2019-09-19] (Brave Software, Inc.) [Fichier non signé] GroupPolicy: Restriction ? <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {00929A8B-F6E8-41A4-9417-A9E2A42819D8} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2018-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) Task: {17CC398C-8AB4-417A-A207-F5CBCA90FF08} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1EF73A02-29A0-4DE1-B642-94EC64C81B47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {26FF6ED1-4224-43A8-A97A-401F9D7E3CC4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CC5728F-6241-4F83-B5CF-F6B0C0FD9597} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {41A5254B-7395-45CC-99E7-FDB6AF95FDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {47F7D503-9E1B-4502-B5D7-F4AF99BB1DF0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {56D1A912-2265-45CD-BBA7-5E71A3E960DC} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {57FF7EA4-0921-4E40-8437-C27B026AE94F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {589C11AC-ADED-4C9A-B32A-54353B2DC9E3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {63644295-0061-4F14-BE71-05C2D725F2C3} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1061520 2019-06-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {6D2AF0B0-266E-456A-B940-012E646E5631} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654136 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7265FE86-E2D5-4E91-A6C6-E7A280C7C87B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1619457341-2355299441-1745434774-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-05-30] (Mega Limited -> Mega Limited) Task: {778A71D5-ABDA-4CBB-B330-2B2FF2C502E2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {91E903F7-51E7-442C-BCDD-5A32C42A0719} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) Task: {97D6B17D-20FE-48D8-A3D7-CF66D3B9289C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-17] (Google Inc -> Google Inc.) Task: {98B8D54E-E088-454A-AC35-61683970C54E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-17] (Google Inc -> Google Inc.) Task: {9BD2B35A-953B-4318-8ED5-E03B0EB97708} - System32\Tasks\Opera scheduled Autoupdate 1540926444 => C:\Users\SKYMIL\AppData\Local\Programs\Opera\launcher.exe [1520152 2019-09-18] (Opera Software AS -> Opera Software) Task: {A4DBABFF-736F-4FFF-AEB3-54756A693412} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B0313DDB-4B14-408A-90B9-E55127295024} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {BA7DE2A4-F670-40BC-A103-2B63A90EE171} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) Task: {C9F21534-6FA5-4B9E-8E45-0E38E6D522D4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CD882866-1BB2-4659-8B3F-B2395A2252C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E4D2F6EF-7A67-4931-B4A2-76F95A4C0564} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302384 2019-08-14] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F04F94D6-34FC-4ABB-9185-D6E89F9AD870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FA09153A-9B0E-44DF-AA55-D2D4C2005310} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FDD876E4-B2FB-4EE1-BF86-30C279FC693B} - System32\Tasks\BlueStacksHelper => D:\Program Files\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) ProxyServer: [S-1-5-21-1619457341-2355299441-1745434774-1001] => 192.168.1.1:808 Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 193.95.59.20 8.8.8.8 Tcpip\..\Interfaces\{01826497-b052-4701-aac6-20bd150901aa}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{07afc4ce-079c-4e8f-b371-9bde03f7eaa7}: [DhcpNameServer] 193.95.59.20 8.8.8.8 Tcpip\..\Interfaces\{208536e8-c30d-40dd-a53f-78b395bdca0a}: [DhcpNameServer] 10.47.9.33 197.26.8.36 Tcpip\..\Interfaces\{255a8edd-96eb-4c4b-b5f9-e2dafa430d17}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{2da38057-921b-44e9-8448-7a66d4be2284}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{4e78749b-d040-4902-9a53-b566bcd8b8e4}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{67a378b6-0860-4782-90cd-eeda38a7e164}: [DhcpNameServer] 193.95.59.20 8.8.8.8 Tcpip\..\Interfaces\{897f0b23-3d04-4dfb-b425-c997d9d174a0}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=370&clid=2257472-1 SearchScopes: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2257473-1&text={searchTerms} SearchScopes: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2257473-1&text={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> hxxps://www.yandex.ru/?win=370&clid=2257472-1 FireFox: ======== FF ProfilePath: C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-09-20] FF user.js: detected! => C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2019-09-16] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.yandex.ru/?win=370&clid=2257472-1 FF SearchPlugin: C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20190303.xml [2019-02-03] FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms} CHR DefaultSearchKeyword: Default -> yandex.ru CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms} CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default [2019-09-20] CHR Extension: (Slides) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-18] CHR Extension: (Docs) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-18] CHR Extension: (Google Drive) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (Dark Night Mode) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbekkddpbpbibiknkcjamlkhoghieie [2018-10-03] CHR Extension: (YouTube) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-18] CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2019-07-12] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-27] CHR Extension: (Adobe Acrobat) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-20] CHR Extension: (Sheets) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-18] CHR Extension: (Word Online) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2019-06-08] CHR Extension: (Google Docs Offline) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24] CHR Extension: (Hoxx VPN Proxy) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2019-09-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-18] CHR Extension: (Gmail) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09] CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-20] CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-20] CHR HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fhkbfkkohcdgpckffakhbllifkakihmh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxps://www.yandex.ru/?win=370&clid=2257472-1" ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3772120 2017-02-26] (Intel(R) Corporation -> Intel Corporation) R2 AIPS; C:\Program Files (x86)\arcai.com\aips.exe [2677760 2018-05-11] (Arcai.com) [Fichier non signé] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8352184 2019-01-17] (BattlEye Innovations e.K. -> ) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-19] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [Fichier non signé] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_AppManager_Service; C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe [2055352 2019-01-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [71840 2018-07-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation) S2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25600 2019-08-16] (sonarr.tv) [Fichier non signé] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [147192 2019-08-15] (Tencent Technology(Shenzhen) Company Limited -> Tencent) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1015296 2019-08-16] (Famatech Corp.) [Fichier non signé] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-05-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MsMpEng.exe [103168 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 aow_drv; D:\Program Files\TxGameAssistant\UI\2.0.12591.123\aow_drv_x64_ev.sys [865656 2019-08-21] (Tencent Technology (Shenzhen) Company Limited -> Tencent) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-05-23] (Bluestack Systems, Inc. -> Bluestack System Inc. ) S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-09-20] (CPUID -> CPUID) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [16320 2018-03-20] (Ptolemy Tech Co., Ltd -> ) S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2018-09-25] (Huawei Technologies Co., Ltd.) [Fichier non signé] S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-07-28] (Martin Malik - REALiX -> REALiX(tm)) R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-20] (Malwarebytes Corporation -> Malwarebytes) S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2018-04-12] (Microsoft Windows -> MediaTek Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5601d21ccd639df9\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [86936 2016-03-10] (Christiaan GHIJSELINCK -> Micro-Star Int'l Co., Ltd.) R2 RAMDriv; C:\Windows\SysWOW64\DRIVERS\ramdriv.sys [86936 2016-03-10] (Christiaan GHIJSELINCK -> Micro-Star Int'l Co., Ltd.) R3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [69048 2019-05-31] (Famatech Corp. -> Famatech Corp.) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-09-10] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-09-19] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 VBoxDrv; C:\Windows\system32\DRIVERS\VBoxDrv.sys [68288 2019-09-10] (innotek GmbH -> ) S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-08-14] (Oracle Corporation -> Oracle Corporation) S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-08-14] (Oracle Corporation -> Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [346336 2019-09-17] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-17] (Microsoft Windows -> Microsoft Corporation) R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [37944 2018-05-13] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-05-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 zttap300; C:\Windows\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois (créés) ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2019-09-20 10:55 - 2019-09-20 10:56 - 000036620 _____ C:\Users\SKYMIL\Downloads\FRST.txt 2019-09-20 10:53 - 2019-09-20 10:55 - 000000000 ____D C:\FRST 2019-09-20 10:50 - 2019-09-20 10:51 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\Tencent 2019-09-20 10:48 - 2019-09-20 10:48 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-09-20 10:47 - 2019-09-20 10:47 - 000000000 ____D C:\ProgramData\Tencent 2019-09-20 10:43 - 2019-09-20 10:44 - 000000000 ____D C:\AdwCleaner 2019-09-20 10:24 - 2019-09-20 10:24 - 001615360 _____ (Farbar) C:\Users\SKYMIL\Downloads\FRST64.exe 2019-09-20 10:21 - 2019-09-20 10:22 - 007636680 _____ (Malwarebytes) C:\Users\SKYMIL\Downloads\adwcleaner_7.4.1.exe 2019-09-20 10:11 - 2019-09-20 10:11 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\mbamtray 2019-09-20 10:11 - 2019-09-20 10:11 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\mbam 2019-09-20 10:10 - 2019-09-20 10:10 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-09-20 10:10 - 2019-09-20 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-09-20 10:10 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2019-09-20 10:09 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-09-20 10:08 - 2019-09-20 10:08 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-09-20 10:08 - 2019-09-20 10:08 - 000000000 ____D C:\Program Files\Malwarebytes 2019-09-20 10:00 - 2019-09-20 10:02 - 066427128 _____ (Malwarebytes ) C:\Users\SKYMIL\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.625-1.0.12399.exe 2019-09-19 23:24 - 2019-09-19 23:24 - 000009292 _____ C:\Users\SKYMIL\Downloads\friends-of-mine-20190920-002443.save 2019-09-19 20:13 - 2019-09-19 20:13 - 016178176 _____ C:\Windows\SysWOW64\Constructor.dll 2019-09-19 10:30 - 2019-09-19 10:30 - 000001451 _____ C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk 2019-09-18 22:01 - 2019-09-18 22:01 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3625B762.sys 2019-09-18 22:00 - 2019-09-20 10:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-09-18 22:00 - 2019-09-18 22:45 - 000000000 ____D C:\Users\SKYMIL\Desktop\mbar 2019-09-18 21:59 - 2019-09-18 21:59 - 014178840 _____ (Malwarebytes Corp.) C:\Users\SKYMIL\Downloads\mbar-1.10.3.1001.exe 2019-09-16 12:41 - 2019-09-16 12:41 - 086548480 _____ C:\Windows\system32\config\SOFTWARE.iobit 2019-09-16 12:41 - 2019-09-16 12:41 - 002146304 _____ C:\Windows\system32\config\DEFAULT.iobit 2019-09-16 12:41 - 2019-09-16 12:41 - 000057344 _____ C:\Windows\system32\config\SAM.iobit 2019-09-16 12:41 - 2019-09-16 12:41 - 000040960 _____ C:\Windows\system32\config\SECURITY.iobit 2019-09-15 16:28 - 2019-09-15 16:28 - 000002453 _____ C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-09-12 18:37 - 2019-09-14 19:02 - 000000067 _____ C:\Users\SKYMIL\Desktop\hack.txt 2019-09-12 18:36 - 2019-09-20 10:36 - 000000000 ____D C:\Users\SKYMIL\Desktop\Nouveau dossier 2019-09-12 18:36 - 2019-09-12 18:36 - 000000000 ____D C:\Users\SKYMIL\Desktop\VNHAX VIP V1.5.0.45 2019-09-11 23:02 - 2019-09-11 23:02 - 000000799 _____ C:\Users\Public\Desktop\MEGAsync.lnk 2019-09-11 23:02 - 2019-09-11 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync 2019-09-11 23:02 - 2019-09-11 23:02 - 000000000 ____D C:\ProgramData\MEGAsync 2019-09-11 12:20 - 2019-09-11 12:20 - 000000026 _____ C:\Users\SKYMIL\Desktop\Accs.txt 2019-09-11 12:08 - 2019-09-11 12:08 - 000001457 _____ C:\Users\SKYMIL\Desktop\Webnovel.lnk 2019-09-10 23:59 - 2019-09-10 23:59 - 000068288 _____ C:\Windows\system32\Drivers\VBoxDrv.sys 2019-09-10 23:58 - 2019-09-10 23:59 - 009084432 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-09-10 23:58 - 2019-09-10 23:59 - 001459328 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi 2019-09-10 20:52 - 2019-09-10 20:52 - 000442128 _____ (TENCENT) C:\Windows\system32\Drivers\tesrsdt.sys 2019-09-10 20:10 - 2019-09-10 20:10 - 000001497 _____ C:\Users\SKYMIL\Desktop\Hotspot Shield.lnk 2019-09-10 14:25 - 2019-09-10 14:25 - 000000000 ____D C:\Program Files\TAP-Windows 2019-09-10 14:23 - 2019-09-10 14:24 - 010303080 _____ (Betternet Technologies Inc.) C:\Users\SKYMIL\Downloads\BetternetForWindows.exe 2019-09-10 14:18 - 2019-09-10 14:21 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\NordVPN 2019-09-10 14:18 - 2019-09-10 14:19 - 000000000 ____D C:\ProgramData\NordVpn 2019-09-10 14:18 - 2019-09-10 14:18 - 000000000 ____D C:\ProgramData\Caphyon 2019-09-10 14:18 - 2019-09-10 14:18 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP 2019-09-10 14:17 - 2019-09-10 14:17 - 012960040 _____ (NordVPN) C:\Users\SKYMIL\Downloads\NordVPNSetup.exe 2019-09-10 12:51 - 2019-09-10 12:51 - 000001429 _____ C:\Users\SKYMIL\Desktop\Opera.lnk 2019-09-04 00:06 - 2019-09-04 00:06 - 000052864 _____ C:\Users\SKYMIL\Downloads\avengersendgame2019720pblurayx264ytsag-english-152239.zip 2019-09-03 13:13 - 2019-09-03 13:13 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Remedy 2019-09-03 13:08 - 2019-09-03 13:08 - 000000736 _____ C:\Users\Public\Desktop\CONTROL_DX12.lnk 2019-09-03 13:08 - 2019-09-03 13:08 - 000000736 _____ C:\Users\Public\Desktop\CONTROL_DX11.lnk 2019-09-03 13:08 - 2019-09-03 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONTROL 2019-09-03 12:04 - 2019-09-03 12:04 - 000000000 ____D C:\Users\SKYMIL\Desktop\Orig 2019-09-02 18:52 - 2019-09-09 18:21 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\vlc 2019-09-02 18:47 - 2019-09-02 18:47 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-09-02 18:47 - 2019-09-02 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2019-09-02 18:46 - 2019-09-02 18:46 - 000000000 ____D C:\Program Files\VideoLAN 2019-09-02 18:32 - 2019-09-02 18:34 - 042030736 _____ C:\Users\SKYMIL\Downloads\vlc-3.0.8-win64.exe 2019-09-01 13:28 - 2019-09-01 13:28 - 000138480 _____ C:\Users\SKYMIL\Downloads\unarc.zip 2019-08-30 17:53 - 2019-08-30 17:53 - 000000000 ____D C:\ProgramData\For Honor Data 2019-08-28 19:45 - 2019-08-28 19:45 - 003105672 _____ C:\Users\SKYMIL\Downloads\Xposed_LDPlayer.apk 2019-08-28 19:44 - 2019-08-28 19:44 - 006826541 _____ C:\Users\SKYMIL\Downloads\bypassME 5.1.apk 2019-08-28 17:07 - 2019-08-28 17:07 - 000001070 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk 2019-08-28 17:07 - 2019-08-28 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2 2019-08-28 17:07 - 2019-08-28 17:07 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner 2019-08-28 17:06 - 2019-08-28 17:06 - 020207224 _____ (Famatech Corp. ) C:\Users\SKYMIL\Downloads\Advanced_IP_Scanner_2.5.3784.exe 2019-08-28 17:00 - 2019-08-28 18:29 - 000000556 _____ C:\Users\SKYMIL\advanced_ip_scanner_MAC.bin 2019-08-28 17:00 - 2019-08-28 18:29 - 000000015 _____ C:\Users\SKYMIL\advanced_ip_scanner_Comments.bin 2019-08-28 17:00 - 2019-08-28 18:29 - 000000015 _____ C:\Users\SKYMIL\advanced_ip_scanner_Aliases.bin 2019-08-28 13:39 - 2019-08-28 13:39 - 000004240 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1540926444 2019-08-28 12:58 - 2019-08-28 12:58 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-28 12:58 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-08-28 12:58 - 2019-08-13 14:58 - 002842480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2019-08-28 12:58 - 2019-08-13 14:58 - 002206248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2019-08-28 12:25 - 2019-09-19 23:30 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Riot Games 2019-08-25 22:26 - 2019-09-19 20:09 - 000555064 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2019-08-25 22:21 - 2019-08-25 22:21 - 000000879 _____ C:\Users\SKYMIL\Desktop\Gameloop.lnk 2019-08-24 01:12 - 2019-08-24 01:12 - 000000000 ____D C:\Program Files (x86)\WinPcap 2019-08-24 01:11 - 2019-08-24 01:11 - 000000123 _____ C:\Users\Public\Desktop\netcut.url 2019-08-24 01:11 - 2019-08-24 01:11 - 000000123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url 2019-08-24 01:11 - 2019-08-24 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut 2019-08-22 12:20 - 2019-08-22 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radmin VPN 2019-08-22 12:20 - 2019-08-22 12:20 - 000000000 ____D C:\Program Files (x86)\Radmin VPN ==================== Un mois (modifiés) ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2019-09-20 10:55 - 2018-07-17 17:03 - 000000000 ____D C:\ProgramData\NVIDIA 2019-09-20 10:48 - 2019-08-10 19:21 - 000000000 ____D C:\ProgramData\NzbDrone 2019-09-20 10:48 - 2018-07-17 17:01 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-09-20 10:48 - 2018-07-17 17:01 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-09-20 10:47 - 2019-02-14 18:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-09-20 10:47 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-09-20 10:46 - 2018-04-11 22:04 - 000524288 _____ C:\Windows\system32\config\BBI 2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\Users\SKYMIL\AppData\LocalLow\IObit 2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\ProgramData\IObit 2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\Program Files (x86)\IObit 2019-09-20 10:37 - 2019-02-14 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-09-20 10:35 - 2019-02-03 14:02 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Yandex 2019-09-20 10:12 - 2018-07-28 12:36 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\discord 2019-09-20 10:10 - 2018-04-12 00:38 - 000000000 ___HD C:\Windows\ELAMBKUP 2019-09-19 23:28 - 2018-07-21 12:46 - 000001681 _____ C:\Users\SKYMIL\Desktop\LeagueClient.lnk 2019-09-19 21:04 - 2019-07-03 18:55 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2019-09-19 21:04 - 2019-07-03 18:55 - 000002385 _____ C:\Users\Public\Desktop\Brave.lnk 2019-09-17 08:20 - 2018-07-18 18:20 - 000000000 ____D C:\Windows\system32\Drivers\wd 2019-09-16 12:41 - 2018-10-19 23:47 - 000000000 ____D C:\Program Files (x86)\Steam 2019-09-16 12:41 - 2018-07-27 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2019-09-16 12:41 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF 2019-09-15 16:28 - 2018-07-17 16:57 - 000000000 ___RD C:\Users\SKYMIL\OneDrive 2019-09-14 02:54 - 2019-02-14 18:35 - 000000000 ____D C:\Users\SKYMIL 2019-09-13 12:32 - 2018-07-28 21:46 - 000000000 ____D C:\ProgramData\ProductData 2019-09-11 23:02 - 2019-06-09 16:07 - 000000000 ____D C:\Windows\System32\Tasks\MEGA 2019-09-11 13:31 - 2019-02-14 19:02 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\D3DSCache 2019-09-11 11:11 - 2018-07-18 14:42 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\CrashDumps 2019-09-11 10:01 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness 2019-09-10 19:30 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-09-09 11:29 - 2019-06-27 02:32 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\LogMeIn Hamachi 2019-09-06 03:13 - 2018-07-27 19:38 - 000000000 ____D C:\Program Files (x86)\arcai.com 2019-09-05 11:11 - 2019-02-14 18:30 - 000251952 _____ C:\Windows\system32\FNTCACHE.DAT 2019-09-04 00:07 - 2019-08-01 22:57 - 000148784 _____ C:\Users\SKYMIL\Desktop\Avengers.Endgame.2019.1080p.WEBRip.x264-[YTS.LT].srt 2019-09-03 19:33 - 2018-11-14 11:33 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\eclipse 2019-09-03 19:32 - 2018-11-14 11:33 - 000000000 ____D C:\Windows\hsperfdata_SKYMIL 2019-09-03 19:32 - 2018-08-01 19:21 - 000000000 ____D C:\Users\SKYMIL\Downloads\PopcornTime 2019-09-03 13:09 - 2019-03-05 18:53 - 000000000 ____D C:\Windows\SysWOW64\directx 2019-09-03 12:22 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports 2019-09-03 00:35 - 2018-09-09 01:01 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\qBittorrent 2019-09-02 11:54 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\NDF 2019-09-01 14:06 - 2016-08-10 10:38 - 000306688 _____ C:\Windows\SysWOW64\unarc.dll 2019-09-01 14:06 - 2016-08-10 10:38 - 000306688 _____ C:\Windows\system32\unarc.dll 2019-08-30 17:53 - 2018-10-20 19:49 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\EasyAntiCheat 2019-08-30 17:53 - 2018-07-20 13:07 - 000000000 ____D C:\Users\SKYMIL\Documents\My Games 2019-08-30 17:49 - 2019-08-19 09:41 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Ubisoft Game Launcher 2019-08-30 10:16 - 2018-07-18 18:20 - 000000000 ____D C:\Program Files\rempl 2019-08-29 17:43 - 2019-02-05 12:52 - 000000000 ___DC C:\Windows\Panther 2019-08-29 17:19 - 2019-02-14 18:49 - 000024768 _____ C:\Windows\diagwrn.xml 2019-08-29 17:19 - 2019-02-14 18:49 - 000024768 _____ C:\Windows\diagerr.xml 2019-08-29 16:07 - 2018-04-11 22:04 - 000032768 _____ C:\Windows\system32\config\ELAM 2019-08-29 16:01 - 2019-03-19 14:11 - 000000000 ___HD C:\$WINDOWS.~BT 2019-08-29 16:01 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\Registration 2019-08-28 17:04 - 2019-02-03 14:28 - 000000000 ____D C:\Windows\system32\appmgmt 2019-08-28 12:58 - 2018-07-18 07:01 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\NVIDIA Corporation 2019-08-28 12:58 - 2018-07-17 17:04 - 000001463 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2019-08-28 12:58 - 2018-07-17 17:03 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-08-28 12:58 - 2018-07-17 17:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-08-28 12:58 - 2018-07-17 16:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-08-28 12:29 - 2018-07-19 12:18 - 000000000 ____D C:\ProgramData\Riot Games 2019-08-28 12:25 - 2019-01-16 08:11 - 000000000 ____D C:\Riot Games 2019-08-26 16:08 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp 2019-08-25 22:21 - 2019-03-25 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software ==================== Fichiers à la racine de certains dossiers ================ 2019-06-27 02:23 - 2019-06-27 02:23 - 000001103 _____ () C:\Users\SKYMIL\AppData\Roaming\AdobeWLCMR2Cache.dat 2018-07-20 12:35 - 2019-07-22 15:07 - 000007602 _____ () C:\Users\SKYMIL\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restauré(es) avec succès ==================== Fin de FRST.txt ============================ and the addition should be attached and that should be all ( iam sry for the long reply , i dont know if theres a way to shorten it ) and as always great thanks for your help i really appreciate it . Addition.txt
  3. To start off , hello i will gladely take any help possible so , my pc was infected with a mining trojan called "XMRig CPU Miner Trojan" that has been persistent , it keeps going even when i delete it ( i find it working at the task manager , locate its file and delete ) , yet it pops out of nowhere again , so can anyone help me ^^' ? note : i realise there are online articles about it but i rather take the advice of a human than of a web page
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.