Jump to content
Mortadha_Said

XMRig CPU Miner Problem

Recommended Posts

To start off , hello

i will gladely take any help possible

so , my pc was infected with a mining trojan called "XMRig CPU Miner Trojan" that has been persistent , it keeps going even when i delete it ( i find it working at the task manager , locate its file and delete ) , yet it pops out of nowhere again , so can anyone help me ^^' ?

note : i realise there are online articles about it but i rather take the advice of a human than of a web page

Share this post


Link to post
Share on other sites
Hello Mortadha_Said and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

I apologize for the late response i got busy with some work
anyway i did as u told me and here's every log necessary 
Mb:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/20/19
Scan Time: 10:15 AM
Log File: 31e9b32e-db87-11e9-9a13-309c23834de6.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12571
License: Free

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: DESKTOP-8CMRAB0\SKYMIL

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296559
Threats Detected: 58
Threats Quarantined: 58
Time Elapsed: 17 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571

Module: 5
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\CPUIDINTERFACE.DLL, Quarantined, [3819], [396386],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\HARDWARELIB.DLL, Quarantined, [3819], [396386],1.0.12571

Registry Key: 16
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_PerformanceMonitor, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{60F651C6-6FF9-41C0-A083-B8AEC5DD4614}, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{60F651C6-6FF9-41C0-A083-B8AEC5DD4614}, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER, Quarantined, [3819], [580520],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService12, Quarantined, [3819], [380352],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_SkipUac_SKYMIL, Quarantined, [3819], [380341],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D70588-C82A-4585-A996-E93EEB5D0391}, Quarantined, [3819], [380341],1.0.12571
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{88D70588-C82A-4585-A996-E93EEB5D0391}, Quarantined, [3819], [380341],1.0.12571
RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinmonFS, Quarantined, [791], [700103],1.0.12571
RiskWare.BitCoinMiner, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\EpicNet Inc., Quarantined, [791], [451809],1.0.12571
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}, Quarantined, [3211], [431497],1.0.12571
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}, Quarantined, [3211], [431498],1.0.12571
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, Quarantined, [3211], [431498],1.0.12571
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ScheduledUpdate, Quarantined, [3707], [513779],1.0.12571
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5BCECD34-08D7-46F4-B700-63B4C9011571}, Quarantined, [3707], [513779],1.0.12571
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5BCECD34-08D7-46F4-B700-63B4C9011571}, Quarantined, [3707], [513779],1.0.12571

Registry Value: 6
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER|IMAGEPATH, Quarantined, [3819], [580520],1.0.12571
PUP.Optional.CloudNet, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C6D7A91F-5F6D-48F4-8FA3-2B49920559F5}, Quarantined, [6026], [446028],1.0.12571
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E29283EE-5850-4C82-A992-5857E8F5AB60}, Quarantined, [574], [446017],1.0.12571
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BCA1B57-98A3-4A7D-950D-938EEA03CBC0}|PATH, Quarantined, [3211], [431497],1.0.12571
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 12, Quarantined, [3819], [380353],1.0.12571
RiskWare.BitCoinMiner.BITSRST, HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CLOUDNET, Quarantined, [1075], [733907],1.0.12571

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\SeederTasks, Quarantined, [928], [383595],1.0.12571
PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\ModuleH, Quarantined, [928], [383595],1.0.12571
PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data, Quarantined, [928], [383595],1.0.12571
PUP.Optional.BrowserManager, C:\USERS\SKYMIL\APPDATA\LOCAL\YANDEX\BROWSERMANAGER, Quarantined, [928], [383595],1.0.12571
RiskWare.BitCoinMiner.BITSRST, C:\USERS\SKYMIL\APPDATA\ROAMING\EPICNET INC, Quarantined, [1075], [733906],1.0.12571

File: 23
Adware.Agent, C:\Windows\System32\drivers\Winmon.sys, Quarantined, [93], [431629],0.0.0
RiskWare.BitCoinMiner, C:\Windows\System32\drivers\WinmonFS.sys, Quarantined, [791], [700145],0.0.0
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 12.lnk, Quarantined, [3819], [380338],1.0.12571
PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\data\ModuleH\h_lib.dll, Quarantined, [928], [383595],1.0.12571
PUP.Optional.BrowserManager, C:\Users\SKYMIL\AppData\Local\Yandex\BrowserManager\debug.log, Quarantined, [928], [383595],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC12_PerformanceMonitor, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [3819], [398206],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\MONITOR_WIN10_X64.SYS, Quarantined, [3819], [580520],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [3819], [380352],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC12_SkipUac_SKYMIL, Quarantined, [3819], [380341],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [3819], [380353],1.0.12571
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\DRIVERS\WINMONPROCESSMONITOR.SYS, Quarantined, [791], [700106],0.0.0
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\CPUIDINTERFACE.DLL, Quarantined, [3819], [396386],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\HARDWARELIB.DLL, Quarantined, [3819], [396386],1.0.12571
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\ScheduledUpdate, Quarantined, [3707], [513779],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 12.lnk, Quarantined, [3819], [396386],1.0.12571
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [3819], [396386],1.0.12571
RiskWare.GameHack, C:\USERS\SKYMIL\APPDATA\ROAMING\Microsoft\Windows\Recent\VNHAX VIP V1.5.0.45.lnk, Quarantined, [7474], [712842],1.0.12571
RiskWare.GameHack, C:\USERS\SKYMIL\DESKTOP\NOUVEAU DOSSIER\VNHAX VIP V1.5.0.45.ZIP, Quarantined, [7474], [712842],1.0.12571
RiskWare.GameHack, C:\USERS\SKYMIL\APPDATA\LOCAL\TEMP\TEMP2_VNHAX VIP V1.5.0.45.ZIP\VNHAX VIP V1.5.0.45\VNHAX VIP V1.5.0.45.EXE, Quarantined, [7474], [712842],1.0.12571
RiskWare.GameHack, C:\USERS\SKYMIL\DOWNLOADS\VNHAX VIP V1.5.0.45.ZIP, Quarantined, [7474], [712842],1.0.12571
Generic.Malware/Suspicious, C:\USERS\SKYMIL\DOWNLOADS\TORCHSETUPSTUB.EXE, Quarantined, [0], [392686],1.0.12571
PUP.Optional.YTDVideoDownloader, C:\USERS\SKYMIL\DOWNLOADS\YTDSETUP.EXE, Quarantined, [13008], [591608],1.0.12571

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)
(end)

 

 

 

ADW Cleaner

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-20-2019
# Duration: 00:00:55
# OS:       Windows 10 Pro
# Cleaned:  91
# Failed:   3


***** [ Services ] *****

Deleted       Update service

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\IOBIT\Driver Booster
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Zona
Deleted       C:\ProgramData\IOBIT\Driver Booster
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted       C:\ProgramData\Tencent
Deleted       C:\Users\SKYMIL\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\SKYMIL\AppData\Local\torch
Deleted       C:\Users\SKYMIL\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\SKYMIL\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\SKYMIL\AppData\Roaming\Tencent
Deleted       C:\Users\SKYMIL\AppData\Roaming\Zona
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted       C:\Windows\rss

***** [ Files ] *****

Deleted       C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zona.lnk
Deleted       C:\Users\SKYMIL\Desktop\Zona.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER
Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (SKYMIL)

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Zona
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Deleted       HKCU\Software\torch
Deleted       HKCU\Software\zona
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.html\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.pdf\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.png\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetupstub.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\Zona.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{371AA046-A444-4970-9EC6-9FD4D4344744} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{371AA046-A444-4970-9EC6-9FD4D4344744} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B58E1A93-1031-4AA3-A97E-6ABBEA31EC48} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (SKYMIL)
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D958D9D9-9097-4FC3-8A2C-45F540170EF3}C:\program files (x86)\popcorn time\nodejs\node.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1A1B1A80-AE2B-48C5-AED6-DBB336DB57A7}C:\program files (x86)\popcorn time\nodejs\node.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0DEE0E7E-BF4C-4639-BA01-B193F3BEE256}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{472DBABF-EC9E-4D22-8520-49B29F61061B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{48250838-644A-466E-A9BB-98CD6D98481E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{52556675-8222-4F66-8202-22DAF589362B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5952283B-35CF-4E80-841B-6DD827960F5C}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6ECA41E6-2392-49D5-8B71-62A711303D0F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{719EBD17-0DEA-4DC0-A9F4-DE37D62D8323}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{78FEBBDC-3409-4706-A219-1ABCFE525AC6}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A6E5D7D2-899A-45F1-947E-53AB4C954554}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B054DF70-1C87-4773-B3F4-A3DD09FF6A6D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CB6E2C18-84CE-475E-842D-0F6266646D51}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CBB5AB9B-1F2F-4521-BE85-83C949F35FCD}
Deleted       HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\Zona
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\zona
Deleted       HKLM\Software\Wow6432Node\torch
Deleted       HKLM\Software\Wow6432Node\zona
Deleted       HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluetooth-driver-installer.fr.softonic.com
Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluetooth-driver-installer.fr.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted   banggood.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [63599 octets] - [20/09/2019 10:43:22]
AdwCleaner[S00].txt - [12004 octets] - [20/09/2019 10:44:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########




FRST.txt : 

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019 01
Exécuté par SKYMIL (administrateur) sur DESKTOP-8CMRAB0 (Micro-Star International Co., Ltd. MS-7B61) (20-09-2019 10:55:35)
Exécuté depuis C:\Users\SKYMIL\Downloads
Profils chargés: SKYMIL (Profils disponibles: SKYMIL)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Langue: Français (France)
Navigateur par défaut: Chrome
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

() [Fichier non signé] C:\Program Files (x86)\arcai.com\netcut_windows.exe
(Arcai.com) [Fichier non signé] C:\Program Files (x86)\arcai.com\aips.exe
(Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe
(Famatech Corp.) [Fichier non signé] C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Corporation -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\SKYMIL\Downloads\adwcleaner_7.4.1.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegister.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\APP Manager\AppManager.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) D:\Program Files\TxGameAssistant\AppMarket\TBSWebRenderer.exe

==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4260000 2018-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [APP Manager] => C:\Program Files (x86)\MSI\APP Manager\AppManager.exe [3705520 2019-05-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [1590784 2019-08-16] (Famatech Corp.) [Fichier non signé]
HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Run: [EpicGamesLauncher] => D:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35926416 2019-08-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Run: [Discord] => C:\Users\SKYMIL\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [Fichier non signé]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\77.0.68.139\Installer\chrmstp.exe [2019-09-19] (Brave Software, Inc.) [Fichier non signé]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {00929A8B-F6E8-41A4-9417-A9E2A42819D8} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2018-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {17CC398C-8AB4-417A-A207-F5CBCA90FF08} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1EF73A02-29A0-4DE1-B642-94EC64C81B47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26FF6ED1-4224-43A8-A97A-401F9D7E3CC4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2CC5728F-6241-4F83-B5CF-F6B0C0FD9597} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {41A5254B-7395-45CC-99E7-FDB6AF95FDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47F7D503-9E1B-4502-B5D7-F4AF99BB1DF0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {56D1A912-2265-45CD-BBA7-5E71A3E960DC} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {57FF7EA4-0921-4E40-8437-C27B026AE94F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {589C11AC-ADED-4C9A-B32A-54353B2DC9E3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {63644295-0061-4F14-BE71-05C2D725F2C3} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1061520 2019-06-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {6D2AF0B0-266E-456A-B940-012E646E5631} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654136 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7265FE86-E2D5-4E91-A6C6-E7A280C7C87B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1619457341-2355299441-1745434774-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-05-30] (Mega Limited -> Mega Limited)
Task: {778A71D5-ABDA-4CBB-B330-2B2FF2C502E2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {91E903F7-51E7-442C-BCDD-5A32C42A0719} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {97D6B17D-20FE-48D8-A3D7-CF66D3B9289C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-17] (Google Inc -> Google Inc.)
Task: {98B8D54E-E088-454A-AC35-61683970C54E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-07-17] (Google Inc -> Google Inc.)
Task: {9BD2B35A-953B-4318-8ED5-E03B0EB97708} - System32\Tasks\Opera scheduled Autoupdate 1540926444 => C:\Users\SKYMIL\AppData\Local\Programs\Opera\launcher.exe [1520152 2019-09-18] (Opera Software AS -> Opera Software)
Task: {A4DBABFF-736F-4FFF-AEB3-54756A693412} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133552 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0313DDB-4B14-408A-90B9-E55127295024} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BA7DE2A4-F670-40BC-A103-2B63A90EE171} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {C9F21534-6FA5-4B9E-8E45-0E38E6D522D4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CD882866-1BB2-4659-8B3F-B2395A2252C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E4D2F6EF-7A67-4931-B4A2-76F95A4C0564} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302384 2019-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F04F94D6-34FC-4ABB-9185-D6E89F9AD870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA09153A-9B0E-44DF-AA55-D2D4C2005310} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913904 2019-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FDD876E4-B2FB-4EE1-BF86-30C279FC693B} - System32\Tasks\BlueStacksHelper => D:\Program Files\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

ProxyServer: [S-1-5-21-1619457341-2355299441-1745434774-1001] => 192.168.1.1:808
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.95.59.20 8.8.8.8
Tcpip\..\Interfaces\{01826497-b052-4701-aac6-20bd150901aa}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{07afc4ce-079c-4e8f-b371-9bde03f7eaa7}: [DhcpNameServer] 193.95.59.20 8.8.8.8
Tcpip\..\Interfaces\{208536e8-c30d-40dd-a53f-78b395bdca0a}: [DhcpNameServer] 10.47.9.33 197.26.8.36
Tcpip\..\Interfaces\{255a8edd-96eb-4c4b-b5f9-e2dafa430d17}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2da38057-921b-44e9-8448-7a66d4be2284}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{4e78749b-d040-4902-9a53-b566bcd8b8e4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{67a378b6-0860-4782-90cd-eeda38a7e164}: [DhcpNameServer] 193.95.59.20 8.8.8.8
Tcpip\..\Interfaces\{897f0b23-3d04-4dfb-b425-c997d9d174a0}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=370&clid=2257472-1
SearchScopes: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2257473-1&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=370&clid=2257473-1&text={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1619457341-2355299441-1745434774-1001 -> hxxps://www.yandex.ru/?win=370&clid=2257472-1

FireFox:
========
FF ProfilePath: C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-09-20]
FF user.js: detected! => C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2019-09-16]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.yandex.ru/?win=370&clid=2257472-1
FF SearchPlugin: C:\Users\SKYMIL\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20190303.xml [2019-02-03]
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-06-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
CHR DefaultSearchKeyword: Default -> yandex.ru
CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default [2019-09-20]
CHR Extension: (Slides) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-18]
CHR Extension: (Docs) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-18]
CHR Extension: (Google Drive) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Dark Night Mode) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbekkddpbpbibiknkcjamlkhoghieie [2018-10-03]
CHR Extension: (YouTube) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-18]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2019-07-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-27]
CHR Extension: (Adobe Acrobat) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-20]
CHR Extension: (Sheets) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-18]
CHR Extension: (Word Online) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2019-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2019-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-18]
CHR Extension: (Gmail) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09]
CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-20]
CHR Profile: C:\Users\SKYMIL\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-20]
CHR HKU\S-1-5-21-1619457341-2355299441-1745434774-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fhkbfkkohcdgpckffakhbllifkakihmh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxps://www.yandex.ru/?win=370&clid=2257472-1"

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3772120 2017-02-26] (Intel(R) Corporation -> Intel Corporation)
R2 AIPS; C:\Program Files (x86)\arcai.com\aips.exe [2677760 2018-05-11] (Arcai.com) [Fichier non signé]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8352184 2019-01-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-03] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-19] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-20] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_AppManager_Service; C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe [2055352 2019-01-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [71840 2018-07-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25600 2019-08-16] (sonarr.tv) [Fichier non signé]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R2 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [147192 2019-08-15] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1015296 2019-08-16] (Famatech Corp.) [Fichier non signé]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-05-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MsMpEng.exe [103168 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 aow_drv; D:\Program Files\TxGameAssistant\UI\2.0.12591.123\aow_drv_x64_ev.sys [865656 2019-08-21] (Tencent Technology (Shenzhen) Company Limited -> Tencent)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-05-23] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-09-20] (CPUID -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [16320 2018-03-20] (Ptolemy Tech Co., Ltd -> )
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2018-09-25] (Huawei Technologies Co., Ltd.) [Fichier non signé]
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-07-28] (Martin Malik - REALiX -> REALiX(tm))
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-20] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2018-04-12] (Microsoft Windows -> MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5601d21ccd639df9\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [86936 2016-03-10] (Christiaan GHIJSELINCK -> Micro-Star Int'l Co., Ltd.)
R2 RAMDriv; C:\Windows\SysWOW64\DRIVERS\ramdriv.sys [86936 2016-03-10] (Christiaan GHIJSELINCK -> Micro-Star Int'l Co., Ltd.)
R3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [69048 2019-05-31] (Famatech Corp. -> Famatech Corp.)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-09-10] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-09-19] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 VBoxDrv; C:\Windows\system32\DRIVERS\VBoxDrv.sys [68288 2019-09-10] (innotek GmbH -> )
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-08-14] (Oracle Corporation -> Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-08-14] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [346336 2019-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [37944 2018-05-13] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-05-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 zttap300; C:\Windows\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois (créés) ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2019-09-20 10:55 - 2019-09-20 10:56 - 000036620 _____ C:\Users\SKYMIL\Downloads\FRST.txt
2019-09-20 10:53 - 2019-09-20 10:55 - 000000000 ____D C:\FRST
2019-09-20 10:50 - 2019-09-20 10:51 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\Tencent
2019-09-20 10:48 - 2019-09-20 10:48 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-20 10:47 - 2019-09-20 10:47 - 000000000 ____D C:\ProgramData\Tencent
2019-09-20 10:43 - 2019-09-20 10:44 - 000000000 ____D C:\AdwCleaner
2019-09-20 10:24 - 2019-09-20 10:24 - 001615360 _____ (Farbar) C:\Users\SKYMIL\Downloads\FRST64.exe
2019-09-20 10:21 - 2019-09-20 10:22 - 007636680 _____ (Malwarebytes) C:\Users\SKYMIL\Downloads\adwcleaner_7.4.1.exe
2019-09-20 10:11 - 2019-09-20 10:11 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\mbamtray
2019-09-20 10:11 - 2019-09-20 10:11 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\mbam
2019-09-20 10:10 - 2019-09-20 10:10 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-20 10:10 - 2019-09-20 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-20 10:10 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-09-20 10:09 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-20 10:08 - 2019-09-20 10:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-20 10:08 - 2019-09-20 10:08 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-20 10:00 - 2019-09-20 10:02 - 066427128 _____ (Malwarebytes ) C:\Users\SKYMIL\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.625-1.0.12399.exe
2019-09-19 23:24 - 2019-09-19 23:24 - 000009292 _____ C:\Users\SKYMIL\Downloads\friends-of-mine-20190920-002443.save
2019-09-19 20:13 - 2019-09-19 20:13 - 016178176 _____ C:\Windows\SysWOW64\Constructor.dll
2019-09-19 10:30 - 2019-09-19 10:30 - 000001451 _____ C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk
2019-09-18 22:01 - 2019-09-18 22:01 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3625B762.sys
2019-09-18 22:00 - 2019-09-20 10:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-09-18 22:00 - 2019-09-18 22:45 - 000000000 ____D C:\Users\SKYMIL\Desktop\mbar
2019-09-18 21:59 - 2019-09-18 21:59 - 014178840 _____ (Malwarebytes Corp.) C:\Users\SKYMIL\Downloads\mbar-1.10.3.1001.exe
2019-09-16 12:41 - 2019-09-16 12:41 - 086548480 _____ C:\Windows\system32\config\SOFTWARE.iobit
2019-09-16 12:41 - 2019-09-16 12:41 - 002146304 _____ C:\Windows\system32\config\DEFAULT.iobit
2019-09-16 12:41 - 2019-09-16 12:41 - 000057344 _____ C:\Windows\system32\config\SAM.iobit
2019-09-16 12:41 - 2019-09-16 12:41 - 000040960 _____ C:\Windows\system32\config\SECURITY.iobit
2019-09-15 16:28 - 2019-09-15 16:28 - 000002453 _____ C:\Users\SKYMIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-12 18:37 - 2019-09-14 19:02 - 000000067 _____ C:\Users\SKYMIL\Desktop\hack.txt
2019-09-12 18:36 - 2019-09-20 10:36 - 000000000 ____D C:\Users\SKYMIL\Desktop\Nouveau dossier
2019-09-12 18:36 - 2019-09-12 18:36 - 000000000 ____D C:\Users\SKYMIL\Desktop\VNHAX VIP V1.5.0.45
2019-09-11 23:02 - 2019-09-11 23:02 - 000000799 _____ C:\Users\Public\Desktop\MEGAsync.lnk
2019-09-11 23:02 - 2019-09-11 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2019-09-11 23:02 - 2019-09-11 23:02 - 000000000 ____D C:\ProgramData\MEGAsync
2019-09-11 12:20 - 2019-09-11 12:20 - 000000026 _____ C:\Users\SKYMIL\Desktop\Accs.txt
2019-09-11 12:08 - 2019-09-11 12:08 - 000001457 _____ C:\Users\SKYMIL\Desktop\Webnovel.lnk
2019-09-10 23:59 - 2019-09-10 23:59 - 000068288 _____ C:\Windows\system32\Drivers\VBoxDrv.sys
2019-09-10 23:58 - 2019-09-10 23:59 - 009084432 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-10 23:58 - 2019-09-10 23:59 - 001459328 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi
2019-09-10 20:52 - 2019-09-10 20:52 - 000442128 _____ (TENCENT) C:\Windows\system32\Drivers\tesrsdt.sys
2019-09-10 20:10 - 2019-09-10 20:10 - 000001497 _____ C:\Users\SKYMIL\Desktop\Hotspot Shield.lnk
2019-09-10 14:25 - 2019-09-10 14:25 - 000000000 ____D C:\Program Files\TAP-Windows
2019-09-10 14:23 - 2019-09-10 14:24 - 010303080 _____ (Betternet Technologies Inc.) C:\Users\SKYMIL\Downloads\BetternetForWindows.exe
2019-09-10 14:18 - 2019-09-10 14:21 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\NordVPN
2019-09-10 14:18 - 2019-09-10 14:19 - 000000000 ____D C:\ProgramData\NordVpn
2019-09-10 14:18 - 2019-09-10 14:18 - 000000000 ____D C:\ProgramData\Caphyon
2019-09-10 14:18 - 2019-09-10 14:18 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2019-09-10 14:17 - 2019-09-10 14:17 - 012960040 _____ (NordVPN) C:\Users\SKYMIL\Downloads\NordVPNSetup.exe
2019-09-10 12:51 - 2019-09-10 12:51 - 000001429 _____ C:\Users\SKYMIL\Desktop\Opera.lnk
2019-09-04 00:06 - 2019-09-04 00:06 - 000052864 _____ C:\Users\SKYMIL\Downloads\avengersendgame2019720pblurayx264ytsag-english-152239.zip
2019-09-03 13:13 - 2019-09-03 13:13 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Remedy
2019-09-03 13:08 - 2019-09-03 13:08 - 000000736 _____ C:\Users\Public\Desktop\CONTROL_DX12.lnk
2019-09-03 13:08 - 2019-09-03 13:08 - 000000736 _____ C:\Users\Public\Desktop\CONTROL_DX11.lnk
2019-09-03 13:08 - 2019-09-03 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONTROL
2019-09-03 12:04 - 2019-09-03 12:04 - 000000000 ____D C:\Users\SKYMIL\Desktop\Orig
2019-09-02 18:52 - 2019-09-09 18:21 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\vlc
2019-09-02 18:47 - 2019-09-02 18:47 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-09-02 18:47 - 2019-09-02 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-09-02 18:46 - 2019-09-02 18:46 - 000000000 ____D C:\Program Files\VideoLAN
2019-09-02 18:32 - 2019-09-02 18:34 - 042030736 _____ C:\Users\SKYMIL\Downloads\vlc-3.0.8-win64.exe
2019-09-01 13:28 - 2019-09-01 13:28 - 000138480 _____ C:\Users\SKYMIL\Downloads\unarc.zip
2019-08-30 17:53 - 2019-08-30 17:53 - 000000000 ____D C:\ProgramData\For Honor Data
2019-08-28 19:45 - 2019-08-28 19:45 - 003105672 _____ C:\Users\SKYMIL\Downloads\Xposed_LDPlayer.apk
2019-08-28 19:44 - 2019-08-28 19:44 - 006826541 _____ C:\Users\SKYMIL\Downloads\bypassME 5.1.apk
2019-08-28 17:07 - 2019-08-28 17:07 - 000001070 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2019-08-28 17:07 - 2019-08-28 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2019-08-28 17:07 - 2019-08-28 17:07 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2019-08-28 17:06 - 2019-08-28 17:06 - 020207224 _____ (Famatech Corp. ) C:\Users\SKYMIL\Downloads\Advanced_IP_Scanner_2.5.3784.exe
2019-08-28 17:00 - 2019-08-28 18:29 - 000000556 _____ C:\Users\SKYMIL\advanced_ip_scanner_MAC.bin
2019-08-28 17:00 - 2019-08-28 18:29 - 000000015 _____ C:\Users\SKYMIL\advanced_ip_scanner_Comments.bin
2019-08-28 17:00 - 2019-08-28 18:29 - 000000015 _____ C:\Users\SKYMIL\advanced_ip_scanner_Aliases.bin
2019-08-28 13:39 - 2019-08-28 13:39 - 000004240 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1540926444
2019-08-28 12:58 - 2019-08-28 12:58 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003858 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-28 12:58 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-28 12:58 - 2019-08-13 14:58 - 002842480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-08-28 12:58 - 2019-08-13 14:58 - 002206248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-08-28 12:25 - 2019-09-19 23:30 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Riot Games
2019-08-25 22:26 - 2019-09-19 20:09 - 000555064 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2019-08-25 22:21 - 2019-08-25 22:21 - 000000879 _____ C:\Users\SKYMIL\Desktop\Gameloop.lnk
2019-08-24 01:12 - 2019-08-24 01:12 - 000000000 ____D C:\Program Files (x86)\WinPcap
2019-08-24 01:11 - 2019-08-24 01:11 - 000000123 _____ C:\Users\Public\Desktop\netcut.url
2019-08-24 01:11 - 2019-08-24 01:11 - 000000123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url
2019-08-24 01:11 - 2019-08-24 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut
2019-08-22 12:20 - 2019-08-22 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radmin VPN
2019-08-22 12:20 - 2019-08-22 12:20 - 000000000 ____D C:\Program Files (x86)\Radmin VPN

==================== Un mois (modifiés) ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2019-09-20 10:55 - 2018-07-17 17:03 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-20 10:48 - 2019-08-10 19:21 - 000000000 ____D C:\ProgramData\NzbDrone
2019-09-20 10:48 - 2018-07-17 17:01 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-20 10:48 - 2018-07-17 17:01 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-20 10:47 - 2019-02-14 18:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-20 10:47 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-20 10:46 - 2018-04-11 22:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\Users\SKYMIL\AppData\LocalLow\IObit
2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\ProgramData\IObit
2019-09-20 10:45 - 2018-07-28 21:46 - 000000000 ____D C:\Program Files (x86)\IObit
2019-09-20 10:37 - 2019-02-14 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-09-20 10:35 - 2019-02-03 14:02 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Yandex
2019-09-20 10:12 - 2018-07-28 12:36 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\discord
2019-09-20 10:10 - 2018-04-12 00:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-09-19 23:28 - 2018-07-21 12:46 - 000001681 _____ C:\Users\SKYMIL\Desktop\LeagueClient.lnk
2019-09-19 21:04 - 2019-07-03 18:55 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-09-19 21:04 - 2019-07-03 18:55 - 000002385 _____ C:\Users\Public\Desktop\Brave.lnk
2019-09-17 08:20 - 2018-07-18 18:20 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-09-16 12:41 - 2018-10-19 23:47 - 000000000 ____D C:\Program Files (x86)\Steam
2019-09-16 12:41 - 2018-07-27 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2019-09-16 12:41 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2019-09-15 16:28 - 2018-07-17 16:57 - 000000000 ___RD C:\Users\SKYMIL\OneDrive
2019-09-14 02:54 - 2019-02-14 18:35 - 000000000 ____D C:\Users\SKYMIL
2019-09-13 12:32 - 2018-07-28 21:46 - 000000000 ____D C:\ProgramData\ProductData
2019-09-11 23:02 - 2019-06-09 16:07 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2019-09-11 13:31 - 2019-02-14 19:02 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\D3DSCache
2019-09-11 11:11 - 2018-07-18 14:42 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\CrashDumps
2019-09-11 10:01 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2019-09-10 19:30 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-09 11:29 - 2019-06-27 02:32 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\LogMeIn Hamachi
2019-09-06 03:13 - 2018-07-27 19:38 - 000000000 ____D C:\Program Files (x86)\arcai.com
2019-09-05 11:11 - 2019-02-14 18:30 - 000251952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-04 00:07 - 2019-08-01 22:57 - 000148784 _____ C:\Users\SKYMIL\Desktop\Avengers.Endgame.2019.1080p.WEBRip.x264-[YTS.LT].srt
2019-09-03 19:33 - 2018-11-14 11:33 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\eclipse
2019-09-03 19:32 - 2018-11-14 11:33 - 000000000 ____D C:\Windows\hsperfdata_SKYMIL
2019-09-03 19:32 - 2018-08-01 19:21 - 000000000 ____D C:\Users\SKYMIL\Downloads\PopcornTime
2019-09-03 13:09 - 2019-03-05 18:53 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-09-03 12:22 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-09-03 00:35 - 2018-09-09 01:01 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\qBittorrent
2019-09-02 11:54 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\NDF
2019-09-01 14:06 - 2016-08-10 10:38 - 000306688 _____ C:\Windows\SysWOW64\unarc.dll
2019-09-01 14:06 - 2016-08-10 10:38 - 000306688 _____ C:\Windows\system32\unarc.dll
2019-08-30 17:53 - 2018-10-20 19:49 - 000000000 ____D C:\Users\SKYMIL\AppData\Roaming\EasyAntiCheat
2019-08-30 17:53 - 2018-07-20 13:07 - 000000000 ____D C:\Users\SKYMIL\Documents\My Games
2019-08-30 17:49 - 2019-08-19 09:41 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\Ubisoft Game Launcher
2019-08-30 10:16 - 2018-07-18 18:20 - 000000000 ____D C:\Program Files\rempl
2019-08-29 17:43 - 2019-02-05 12:52 - 000000000 ___DC C:\Windows\Panther
2019-08-29 17:19 - 2019-02-14 18:49 - 000024768 _____ C:\Windows\diagwrn.xml
2019-08-29 17:19 - 2019-02-14 18:49 - 000024768 _____ C:\Windows\diagerr.xml
2019-08-29 16:07 - 2018-04-11 22:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-08-29 16:01 - 2019-03-19 14:11 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-29 16:01 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\Registration
2019-08-28 17:04 - 2019-02-03 14:28 - 000000000 ____D C:\Windows\system32\appmgmt
2019-08-28 12:58 - 2018-07-18 07:01 - 000000000 ____D C:\Users\SKYMIL\AppData\Local\NVIDIA Corporation
2019-08-28 12:58 - 2018-07-17 17:04 - 000001463 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-08-28 12:58 - 2018-07-17 17:03 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-08-28 12:58 - 2018-07-17 17:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-08-28 12:58 - 2018-07-17 16:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-28 12:29 - 2018-07-19 12:18 - 000000000 ____D C:\ProgramData\Riot Games
2019-08-28 12:25 - 2019-01-16 08:11 - 000000000 ____D C:\Riot Games
2019-08-26 16:08 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp
2019-08-25 22:21 - 2019-03-25 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software

==================== Fichiers à la racine de certains dossiers ================

2019-06-27 02:23 - 2019-06-27 02:23 - 000001103 _____ () C:\Users\SKYMIL\AppData\Roaming\AdobeWLCMR2Cache.dat
2018-07-20 12:35 - 2019-07-22 15:07 - 000007602 _____ () C:\Users\SKYMIL\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restauré(es) avec succès
==================== Fin de FRST.txt ============================

and the addition should be attached

and that should be all ( iam sry for the long reply , i dont know if theres a way to shorten it )
and as always great thanks for your help i really appreciate it .

 

 

 

Addition.txt

Share this post


Link to post
Share on other sites

Is this proxy server known to you and trusted...?

ProxyServer: [S-1-5-21-1619457341-2355299441-1745434774-1001] => 192.168.1.1:808

Share this post


Link to post
Share on other sites

Thanks for the logs Mortadha_Said, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.