Solved Ok My problem is very big, I have infected virus System Volume Information RELLY specific

user75

TS Booster
Ok My problem is very big, I'm infected virus System Volume Information RELLY specific
I Don't know what is it but I have this virus maybe 1 years and 6 month.

System Volume Information VIRUS
Code:
ьзCf■я╤▓о └O╣8m                                                                                         Ы           Ы                                                                                                                                                                                                                                                                                                                                                                                                          Ы                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
                                                                                                                                                                                                                                                         
                                                                                                                                      
                                                                                                                                                                                                                                                     
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                !                                                                                                                         "                                                                                                                          #   !                                                                                                                      $   "                                                                                                                                      %   #                                                                                                                      &   $                                                                                                                      '   %                                                                                                                      (   &                                                                                                                                      )   '                                                                                                                      *   (                                                                                                                      +   )                                                                                                                      ,   *                                                                                                                                      -   +                                                                                                                      .   ,                                                                                                                      /   -                                                                                                                      0   .                                                                                                                                      1   /                                                                                                                      2   0                                                                                                                      3   1                                                                                                                      4   2                                                                                                                                      5   3                                                                                                                      6   4                                                                                                                      7   5                                                                                                                      8   6                                                                                                                                      9   7                                                                                                                      :   8                                                                                                                      ;   9                                                                                                                      <   :                                                                                                                                      =   ;                                                                                                                      >   <                                                                                                                      ?   =                                                                                                                      @   >                                                                                                                                      A   ?                                                                                                                      B   @                                                                                                                      C   A                                                                                                                      D   B                                                                                                                                      E   C                                                                                                                      F   D                                                                                                                      G   E                                                                                                                      H   F                                                                                                                                      I   G                                                                                                                      J   H                                                                                                                      K   I                                                                                                                      L   J                                                                                                                                      M   K                                                                                                                      N   L                                                                                                                      O   M                                                                                                                      P   N                                                                                                                                      Q   O                                                                                                                      R   P                                                                                                                      S   Q                                                                                                                      T   R                                                                                                                                      U   S                                                                                                                      V   T                                                                                                                      W   U                                                                                                                      X   V                                                                                                                                      Y   W                                                                                                                      Z   X                                                                                                                      [   Y                                                                                                                      \   Z                                                                                                                                      ]   [                                                                                                                      ^   \                                                                                                                      _   ]                                                                                                                      `   ^                                                                                                                                      a   _                                                                                                                      b   `                                                                                                                      c   a                                                                                                                      d   b                                                                                                                                      e   c                                                                                                                      f   d                                                                                                                      g   e                                                                                                                      h   f                                                                                                                                      I   g                                                                                                                      j   h                                                                                                                      k   I                                                                                                                      l   j                                                                                                                                      m   k                                                                                                                      n   l                                                                                                                      o   m                                                                                                                      p   n                                                                                                                                      q   o                                                                                                                      r   p                                                                                                                      s   q                                                                                                                      t   r                                                                                                                                      u   s                                                                                                                      v   t                                                                                                                      w   u                                                                                                                      x   v                                                                                                                                      y   w                                                                                                                      z   x                                                                                                                      {   y                                                                                                                      |   z                                                                                                                                      }   {                                                                                                                      ~   |                                                                                                                         }                                                                                                                      А   ~                                                                                                                                      Б                                                                                                                         В   А                                                                                                                      Г   Б                                                                                                                      Д   В                                                                                                                                      Е   Г                                                                                                                      Ж   Д                                                                                                                      З   Е                                                                                                                      И   Ж                                                                                                                                      Й   З                                                                                                                      К   И                                                                                                                      Л   Й                                                                                                                      М   К                                                                                                                                      Н   Л                                                                                                                      О   М                                                                                                                      П   Н                                                                                                                      Р   О                                                                                                                                      С   П                                                                                                                      Т   Р                                                                                                                      У   С                                                                                                                      Ф   Т                                                                                                                                      Х   У                                                                                                                      Ц   Ф                                                                                                                      Ч   Х                                                                                                                      Ш   Ц                                                                                                                                      Щ   Ч                                                                                                                      Ъ   Ш                                                                                                                      Ы   Щ                                                                                                                          Ъ
My log file is on description...
I suppose that a virus of a Russian...

DxDiag: https://justpaste.it/5y5mb

MSInfo: https://justpaste.it/3y7k4
 

Attachments

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
  • Like
Reactions: user75

user75

TS Booster
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by guillaume (administrator) on TEST (05-11-2018 18:20:53)
Running from D:\DownloadSSD
Loaded Profiles: guillaume (Available Profiles: guillaume)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) D:\program ssd\steam\Steam.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Pushbullet inc) D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe
(Apowersoft) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
(Pushbullet Inc) C:\Users\guillaume\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Mega Limited) C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe
(Elaborate Bytes AG) D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory64.exe
(Mozilla Corporation) D:\program ssd\thunderbird\thunderbird.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\Sandboxes\Turbo.net Launcher\18.9.890.0\local\stubexe\0xFD7791A52F7F78BF\turboplay.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\TurboPlay.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\Sandboxes\Turbo.net\18.10.1788.0\local\stubexe\0xD80771DED839A953\TurboPlay.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\Antidote.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(PortableApps.com) D:\pp\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\8594C1DC-5E12-4BB0-ADC1-882C1B7733D2\DismHost.exe
(Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\3347EAE2-A186-4B5B-A40C-3CB5C24199EA\DismHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [400800 2018-04-20] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AgentAntidote32] => D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe [1653352 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe [1797736 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3135816 2015-06-29] (Crawler.com)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2916160 2015-09-21] (Corsair Components, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Crypted] => wscript.exe //B "C:\Users\GUILLA~1\AppData\Local\Temp\Crypted.vbs" <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Pushbullet] => D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Activate] => C:\Users\guillaume\AppData\Local\Temp\activate.exe <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [yyZxbkrUTU] => C:\Users\guillaume\AppData\Local\tdVNwznfWA\activate.exe [413136 2018-08-31] (Microsoft Corporation)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [ApowersoftScreenRecorder] => D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3617944 2017-02-07] (Apowersoft)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [VoiceAttack] => C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe [5744120 2018-10-30] (VoiceAttack.com)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Spotify] => C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-10-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Crypted.vbs [2016-09-29] ()
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe [2018-07-26] () <==== ATTENTION
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmngr.exe [2018-07-05] ()
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Turbo Sandbox Manager.lnk [2018-10-11]
ShortcutTarget: Turbo Sandbox Manager.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe (Code Systems Corporation)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2018-10-11]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe (Code Systems Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 16 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [57448 2012-11-22] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{36D2171C-A57F-46B4-B995-D6E62D4F80F7}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F456A0CD-13F2-4BD0-8E4A-B58889CF8AA9}: [DhcpNameServer] 10.12.12.3 192.168.4.3 192.168.4.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6zl966uz.default
FF ProfilePath: C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default [2018-11-05]
FF Extension: (VPNetworksLLC Proxy) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\@VPNetworksLLC.xpi [2018-09-17]
FF Extension: (Antidote) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\antidote9_firefox@druide.com.xpi [2017-11-30]
FF Extension: (CryptoTab) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\cryptotab-ff@cryptotab.net.xpi [2018-10-10]
FF Extension: (TubeBuddy for YouTube) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-11-02]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\es-es@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (Dictionnaire français) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (SaveFrom.net helper) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\helper@savefrom.net.xpi [2018-10-16]
FF Extension: (HTTPS Everywhere) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\https-everywhere@eff.org.xpi [2018-11-01]
FF Extension: (Honey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2018-10-13]
FF Extension: (Pushbullet) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2018-07-06]
FF Extension: (English (GB) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Español (España) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Français Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\marcoagpinto@mail.telepac.pt.xpi [2018-10-25] [Legacy]
FF Extension: (Smart Referer) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (User-Agent Switcher) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2018-08-16]
FF Extension: (minerBlock) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\xd4rker@gmail.com.xpi [2018-10-23]
FF Extension: (Adblock Plus) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-01]
FF Extension: (Greasemonkey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3805808772-3452688692-1920293510-1001: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\npMozillaTurboPlugin.dll [2018-10-03] (Code Systems Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-18]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-05]
CHR Extension: (Slides) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-18]
CHR Extension: (Docs) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-18]
CHR Extension: (Google Drive) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-29]
CHR Extension: (YouTube) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-18]
CHR Extension: (Sheets) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-18]
CHR Extension: (Antidote) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbojggafdepnclikhiapkpinbfdhbdoi [2018-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-18]
CHR Extension: (Gmail) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-08-27] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-24] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-07] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-09-27] (Futuremark)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [362912 2018-04-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 Wallpaper Engine Service; C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356840 2018-08-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 

user75

TS Booster
Do you know what is it ?

ì§CfþïѲ® ÀO¹8m day ”Ôè—VšC¼Ñá$qz › › ÿÿÿÿ › ! " # ! $ " % # & $ ' % ( & ) ' * ( + ) , * - + . , / - 0 . 1 / 2 0 3 1 4 2 5 3 6 4 7 5 8 6 9 7 : 8 ; 9 < : = ; > < ? = @ > A ? B @ C A D B E C F D G E H F I G J H K I L J M K N L O M P N Q O R P S Q T R U S V T W U X V Y W Z X [ Y \ Z ] [ ^ \ _ ] ` ^ a _ b ` c a d b e c f d g e h f I g j h k I l j m k n l o m p n q o r p s q t r u s v t w u x v y w z x { y | z } { ~ |  } € ~   ‚ € ƒ  „ ‚ … ƒ † „ ‡ … ˆ † ‰ ‡ Š ˆ ‹ ‰ Œ Š  ‹ Ž Œ    Ž ‘  ’  “ ‘ ” ’ • “ – ” — • ˜ – ™ — š ˜ › ™ š

I have found 2 people have infected by this virus

  1. https://www.bleepingcomputer.com/forums/t/335417/one-system-file-in-system-volume-information-more-than-3gb-large-cant-defrag/

  2. https://forums.whatthetech.com/index.php?showtopic=9752
 

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by guillaume (administrator) on TEST (05-11-2018 18:20:53)
Running from D:\DownloadSSD
Loaded Profiles: guillaume (Available Profiles: guillaume)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) D:\program ssd\steam\Steam.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Pushbullet inc) D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe
(Apowersoft) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
(Pushbullet Inc) C:\Users\guillaume\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Mega Limited) C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe
(Elaborate Bytes AG) D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory64.exe
(Mozilla Corporation) D:\program ssd\thunderbird\thunderbird.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\Sandboxes\Turbo.net Launcher\18.9.890.0\local\stubexe\0xFD7791A52F7F78BF\turboplay.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\TurboPlay.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\Sandboxes\Turbo.net\18.10.1788.0\local\stubexe\0xD80771DED839A953\TurboPlay.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\Antidote.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(PortableApps.com) D:\pp\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\8594C1DC-5E12-4BB0-ADC1-882C1B7733D2\DismHost.exe
(Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\3347EAE2-A186-4B5B-A40C-3CB5C24199EA\DismHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [400800 2018-04-20] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AgentAntidote32] => D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe [1653352 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe [1797736 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3135816 2015-06-29] (Crawler.com)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2916160 2015-09-21] (Corsair Components, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Crypted] => wscript.exe //B "C:\Users\GUILLA~1\AppData\Local\Temp\Crypted.vbs" <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Pushbullet] => D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Activate] => C:\Users\guillaume\AppData\Local\Temp\activate.exe <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [yyZxbkrUTU] => C:\Users\guillaume\AppData\Local\tdVNwznfWA\activate.exe [413136 2018-08-31] (Microsoft Corporation)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [ApowersoftScreenRecorder] => D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3617944 2017-02-07] (Apowersoft)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [VoiceAttack] => C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe [5744120 2018-10-30] (VoiceAttack.com)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Spotify] => C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-10-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Crypted.vbs [2016-09-29] ()
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe [2018-07-26] () <==== ATTENTION
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmngr.exe [2018-07-05] ()
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Turbo Sandbox Manager.lnk [2018-10-11]
ShortcutTarget: Turbo Sandbox Manager.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe (Code Systems Corporation)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2018-10-11]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe (Code Systems Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 16 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [57448 2012-11-22] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{36D2171C-A57F-46B4-B995-D6E62D4F80F7}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F456A0CD-13F2-4BD0-8E4A-B58889CF8AA9}: [DhcpNameServer] 10.12.12.3 192.168.4.3 192.168.4.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6zl966uz.default
FF ProfilePath: C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default [2018-11-05]
FF Extension: (VPNetworksLLC Proxy) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\@VPNetworksLLC.xpi [2018-09-17]
FF Extension: (Antidote) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\antidote9_firefox@druide.com.xpi [2017-11-30]
FF Extension: (CryptoTab) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\cryptotab-ff@cryptotab.net.xpi [2018-10-10]
FF Extension: (TubeBuddy for YouTube) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-11-02]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\es-es@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (Dictionnaire français) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (SaveFrom.net helper) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\helper@savefrom.net.xpi [2018-10-16]
FF Extension: (HTTPS Everywhere) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\https-everywhere@eff.org.xpi [2018-11-01]
FF Extension: (Honey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2018-10-13]
FF Extension: (Pushbullet) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2018-07-06]
FF Extension: (English (GB) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Español (España) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Français Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\marcoagpinto@mail.telepac.pt.xpi [2018-10-25] [Legacy]
FF Extension: (Smart Referer) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (User-Agent Switcher) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2018-08-16]
FF Extension: (minerBlock) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\xd4rker@gmail.com.xpi [2018-10-23]
FF Extension: (Adblock Plus) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-01]
FF Extension: (Greasemonkey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3805808772-3452688692-1920293510-1001: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\npMozillaTurboPlugin.dll [2018-10-03] (Code Systems Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-18]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-05]
CHR Extension: (Slides) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-18]
CHR Extension: (Docs) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-18]
CHR Extension: (Google Drive) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-29]
CHR Extension: (YouTube) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-18]
CHR Extension: (Sheets) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-18]
CHR Extension: (Antidote) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbojggafdepnclikhiapkpinbfdhbdoi [2018-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-18]
CHR Extension: (Gmail) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-08-27] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-24] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-07] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-09-27] (Futuremark)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [362912 2018-04-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 Wallpaper Engine Service; C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356840 2018-08-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 

Broni

Malware Annihilator
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (AnvSoft Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.)
S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2015-09-21] (Corsair Components, Inc.)
S3 hmatap; C:\Windows\system32\DRIVERS\hmatap.sys [45560 2018-06-22] (The OpenVPN Project)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46408 2017-12-15] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [46544 2018-09-13] (SteelSeries ApS)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [212744 2018-07-09] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-10-18] (BigNox Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 18:19 - 2018-11-05 18:20 - 000000000 ____D C:\FRST
2018-11-05 17:24 - 2018-11-05 17:24 - 000000887 _____ C:\Users\guillaume\AppData\Local\recently-used.xbel
2018-11-05 14:32 - 2018-11-05 14:32 - 000000000 ____D C:\Quarantine
2018-11-05 14:31 - 2018-11-05 14:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-05 14:26 - 2018-11-05 14:26 - 000000000 ____D C:\TDSSKiller_Quarantine
2018-11-05 13:52 - 2018-11-05 13:52 - 000000032 _____ C:\Users\guillaume\Downloads\maValidation (1).txt
2018-11-05 13:51 - 2018-11-05 13:51 - 007693048 _____ (Tim Kosse) C:\Users\guillaume\Downloads\FileZilla_3.38.1_win64-setup.exe
2018-11-05 11:31 - 2018-11-05 11:31 - 000000032 _____ C:\Users\guillaume\Downloads\maValidation.txt
2018-11-05 08:41 - 2018-11-05 08:41 - 000001006 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-11-02 11:39 - 2018-11-02 11:39 - 000000000 ____D C:\Users\guillaume\AppData\Local\HP
2018-11-02 07:10 - 2018-11-02 07:10 - 000000000 ____D C:\ProgramData\HP
2018-11-01 11:46 - 2018-09-12 13:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-01 11:46 - 2018-09-11 10:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-01 11:46 - 2018-08-25 22:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-01 11:46 - 2018-08-25 22:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-01 11:46 - 2018-08-25 22:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-01 11:46 - 2018-08-25 22:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-01 11:46 - 2018-08-25 20:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-01 11:46 - 2018-08-25 20:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-01 11:46 - 2018-08-21 08:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-01 11:46 - 2018-08-21 08:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-01 11:46 - 2018-08-19 11:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-01 11:46 - 2018-08-19 10:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-01 11:46 - 2018-08-19 10:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-01 11:43 - 2018-09-18 00:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-01 11:43 - 2018-09-18 00:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-01 11:43 - 2018-09-18 00:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-01 11:43 - 2018-09-18 00:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-01 11:43 - 2018-09-17 23:49 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-01 11:43 - 2018-09-17 23:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-01 11:43 - 2018-09-17 23:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-01 11:43 - 2018-09-17 23:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-01 11:43 - 2018-09-17 23:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-01 11:43 - 2018-09-17 23:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-01 11:43 - 2018-09-17 23:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-01 11:43 - 2018-09-17 23:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-01 11:43 - 2018-09-17 23:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-01 11:43 - 2018-09-17 22:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-01 11:43 - 2018-09-17 22:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-01 11:43 - 2018-09-17 22:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-01 11:43 - 2018-09-17 22:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-01 11:43 - 2018-09-17 22:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-01 11:43 - 2018-09-17 22:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-01 11:43 - 2018-09-17 22:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-01 11:43 - 2018-09-17 19:26 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-11-01 11:43 - 2018-09-11 11:38 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-01 11:43 - 2018-09-08 15:53 - 002532552 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-11-01 11:43 - 2018-09-08 13:40 - 007372224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-01 11:43 - 2018-09-08 13:40 - 002014136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-11-01 11:43 - 2018-09-08 13:33 - 001368776 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-11-01 11:43 - 2018-09-08 13:22 - 001737696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-01 11:43 - 2018-09-08 13:22 - 001676152 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-01 11:43 - 2018-09-08 13:22 - 001536216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-11-01 11:43 - 2018-09-08 13:22 - 001500528 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-01 11:43 - 2018-09-08 13:22 - 001371448 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-11-01 11:43 - 2018-09-08 12:58 - 001902936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-11-01 11:43 - 2018-09-08 10:43 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-11-01 11:43 - 2018-09-07 21:12 - 001549040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-01 11:43 - 2018-09-07 21:12 - 000388336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-01 11:43 - 2018-09-07 12:39 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-11-01 11:43 - 2018-09-07 11:51 - 002849280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-11-01 11:43 - 2018-09-01 11:43 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-01 11:43 - 2018-08-29 08:51 - 002451800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-11-01 11:43 - 2018-08-25 23:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-11-01 11:43 - 2018-08-25 23:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-11-01 11:43 - 2018-08-25 22:13 - 015441920 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-11-01 11:43 - 2018-08-25 22:08 - 013321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-31 15:57 - 2018-10-31 15:57 - 000000214 _____ C:\Users\guillaume\Desktop\RiME.url
2018-10-31 15:57 - 2018-10-31 15:57 - 000000214 _____ C:\Users\guillaume\Desktop\Hotline Miami 2 Wrong Number.url
2018-10-31 15:38 - 2018-10-31 15:38 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\David OReilly
2018-10-31 15:33 - 2018-10-31 15:33 - 000000000 _____ C:\Users\guillaume\Documents\New Text Document.txt
2018-10-31 15:25 - 2018-10-31 15:25 - 000000214 _____ C:\Users\guillaume\Desktop\Everything.url
2018-10-31 13:00 - 2018-10-31 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HCS VoicePack Ships Parrot
2018-10-30 18:51 - 2018-10-30 18:51 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\VoiceAttack
2018-10-30 18:24 - 2018-10-30 18:24 - 000000000 ____D C:\Users\guillaume\AppData\Local\VoiceAttack.com
2018-10-30 07:23 - 2018-10-30 07:23 - 000000214 _____ C:\Users\guillaume\Desktop\VoiceAttack.url
2018-10-28 19:04 - 2018-10-28 19:04 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.madgarden
2018-10-27 20:15 - 2018-10-27 20:15 - 000000214 _____ C:\Users\guillaume\Desktop\Death Road to Canada.url
2018-10-26 18:20 - 2018-10-26 18:20 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\EpsilonGames
2018-10-25 18:38 - 2018-10-25 18:38 - 000000000 _____ C:\Users\guillaume\Desktop\New Text Document (7).txt
2018-10-25 18:14 - 2018-11-03 19:01 - 000000000 ____D C:\Windows\AAct_Tools
2018-10-25 18:14 - 2018-10-25 18:14 - 000003896 _____ C:\Windows\System32\Tasks\AAct
2018-10-25 13:34 - 2018-10-25 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-25 13:19 - 2018-10-25 13:19 - 002354846 _____ C:\Users\guillaume\Downloads\123.txt
2018-10-25 13:11 - 2018-10-25 13:11 - 001927226 _____ C:\Users\guillaume\Downloads\111.txt
2018-10-25 13:10 - 2018-10-25 13:10 - 000000000 _____ C:\Users\guillaume\Downloads\New Text Document (2).txt
2018-10-25 13:09 - 2018-10-25 13:09 - 003419186 _____ C:\Users\guillaume\Downloads\1231.nfo
2018-10-24 20:47 - 2018-10-24 20:47 - 003365854 _____ C:\Users\guillaume\Downloads\123.nfo
2018-10-24 06:53 - 2018-10-24 06:53 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-10-24 06:53 - 2018-10-24 06:53 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-10-24 06:53 - 2018-10-24 06:53 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-10-24 06:53 - 2018-10-24 06:53 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-10-19 15:22 - 2018-10-19 15:22 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\IObit
2018-10-19 14:28 - 2018-11-04 14:59 - 000000000 ____D C:\Program Files (x86)\IObit
2018-10-19 14:28 - 2018-11-03 21:47 - 000000000 ____D C:\ProgramData\ProductData
2018-10-19 14:28 - 2018-10-19 14:30 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\IObit
2018-10-19 14:28 - 2018-10-19 14:28 - 000000000 ____D C:\ProgramData\IObit
2018-10-18 17:57 - 2018-10-18 17:57 - 000000743 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2018-10-18 14:33 - 2018-10-18 14:33 - 000001022 _____ C:\Users\guillaume\Desktop\NoxPlayer2-Android4.4.2.lnk
2018-10-18 11:56 - 2018-10-18 11:56 - 000000000 ____D C:\Users\guillaume\AppData\Local\MultiPlayerManager
2018-10-18 11:54 - 2018-11-05 16:22 - 000000000 ____D C:\Users\guillaume\.BigNox
2018-10-18 11:53 - 2018-10-18 11:53 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2018-10-18 11:52 - 2018-10-18 11:52 - 000000000 ____D C:\Users\guillaume\Documents\nox
2018-10-18 11:52 - 2018-10-18 11:52 - 000000000 ____D C:\Program Files (x86)\Bignox
2018-10-18 11:00 - 2018-10-18 11:00 - 000000000 ____D C:\Program Files (x86)\nox
2018-10-17 12:54 - 2018-10-17 12:57 - 338810472 _____ (Duodian Technology Co. Ltd.) C:\Users\guillaume\Downloads\nox_setup_v6.2.3.9_full_intl.exe
2018-10-15 18:15 - 2018-10-15 18:15 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\Smartly Dressed Games
2018-10-15 18:15 - 2018-10-15 18:15 - 000000000 ____D C:\Users\guillaume\AppData\Local\BattlEye
2018-10-12 19:06 - 2018-10-12 19:50 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.purple
2018-10-12 19:06 - 2018-10-12 19:06 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2018-10-12 19:06 - 2018-10-12 19:06 - 000000000 ____D C:\Program Files (x86)\Pidgin
2018-10-11 12:20 - 2018-10-11 12:20 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
2018-10-09 17:13 - 2018-10-23 23:00 - 000000000 ____D C:\ProgramData\AMD AutoUpdate
2018-10-09 17:13 - 2018-10-09 17:13 - 000003332 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2018-10-09 17:13 - 2018-10-09 17:13 - 000002173 _____ C:\Users\Public\Desktop\AMD Ryzen Master.lnk
2018-10-09 17:13 - 2018-10-09 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
2018-10-09 17:13 - 2018-10-09 17:13 - 000000000 ____D C:\Program Files\AMD
2018-10-09 17:12 - 2018-10-09 17:12 - 000000000 ____D C:\Users\guillaume\AppData\Local\Downloaded Installations
2018-10-09 17:11 - 2018-10-09 17:11 - 000000000 ____D C:\Program Files (x86)\EVGA
2018-10-09 17:10 - 2018-10-09 17:11 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-10-09 17:10 - 2018-10-09 17:10 - 000000946 _____ C:\Users\guillaume\Desktop\EVGA Precision X1.lnk
2018-10-09 17:10 - 2018-10-09 17:10 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA
2018-10-09 17:04 - 2018-10-09 17:10 - 000000000 ____D C:\Program Files\EVGA
2018-10-09 17:04 - 2018-10-09 17:04 - 000001077 _____ C:\Users\guillaume\Desktop\EVGA OC Scanner X.lnk
2018-10-09 17:04 - 2018-10-09 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2018-10-09 16:47 - 2018-10-09 16:47 - 000000000 ____D C:\Users\guillaume\AppData\Local\UL
2018-10-09 16:47 - 2018-10-09 16:47 - 000000000 ____D C:\ProgramData\UL
2018-10-09 16:43 - 2018-10-09 16:43 - 000000214 _____ C:\Users\guillaume\Desktop\3DMark.url
2018-10-09 16:07 - 2018-10-09 16:47 - 000000000 ____D C:\Users\guillaume\.oracle_jre_usage
2018-10-09 16:07 - 2018-10-09 16:07 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\com.sdedibox.remote.RemoteApplication
2018-10-09 16:04 - 2018-10-09 16:04 - 000001804 _____ C:\Users\Public\Desktop\SdediBox.lnk
2018-10-09 16:04 - 2018-10-09 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARL SHPS
2018-10-09 16:04 - 2018-10-09 16:04 - 000000000 ____D C:\Program Files\SdediBox
2018-10-06 18:01 - 2018-10-06 18:01 - 007799552 _____ (Tim Kosse) C:\Users\guillaume\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-06 15:12 - 2018-11-03 15:08 - 000000000 ____D C:\Users\guillaume\AppData\Local\Battle.net
2018-10-06 15:12 - 2018-10-06 15:55 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Battle.net
2018-10-06 15:11 - 2018-10-06 15:11 - 000000717 _____ C:\Users\Public\Desktop\Battle.net.lnk
2018-10-06 15:11 - 2018-10-06 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-10-06 15:10 - 2018-10-06 15:10 - 000000000 ____D C:\Users\guillaume\AppData\Local\Blizzard

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 18:17 - 2018-06-29 21:14 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3805808772-3452688692-1920293510-1001
2018-11-05 18:17 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
2018-11-05 18:12 - 2018-07-09 09:06 - 000000000 ____D C:\Windows\Minidump
2018-11-05 18:12 - 2018-06-30 09:56 - 000000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-05 17:56 - 2018-06-30 09:11 - 000000000 ____D C:\Users\guillaume\AppData\Local\CrashDumps
2018-11-05 17:26 - 2018-08-21 14:48 - 000000000 ____D C:\Users\guillaume\.gimp-2.8
2018-11-05 16:50 - 2018-06-30 09:23 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\Mozilla
2018-11-05 16:41 - 2018-06-30 09:48 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Spotify
2018-11-05 16:26 - 2018-07-04 10:14 - 000000000 ____D C:\Users\guillaume\AppData\Local\Nox
2018-11-05 16:22 - 2018-07-04 10:17 - 000000000 ____D C:\Users\guillaume\.android
2018-11-05 16:22 - 2018-07-04 10:16 - 000000000 ____D C:\Users\guillaume\vmlogs
2018-11-05 16:12 - 2018-06-30 09:56 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-05 14:09 - 2018-07-14 09:39 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\FileZilla
2018-11-05 13:57 - 2018-08-27 13:59 - 000000600 _____ C:\Users\guillaume\AppData\Local\PUTTY.RND
2018-11-05 13:52 - 2018-07-14 09:39 - 000000000 ____D C:\Users\guillaume\AppData\Local\FileZilla
2018-11-05 13:51 - 2018-07-14 09:39 - 000001073 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-11-05 13:51 - 2018-07-14 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-11-05 13:41 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-11-05 13:23 - 2018-06-29 21:10 - 000000000 __RDO C:\Users\guillaume\OneDrive
2018-11-05 13:22 - 2018-06-30 09:41 - 000000000 ____D C:\Users\guillaume\AppData\Local\Pushbullet
2018-11-05 13:21 - 2018-07-04 06:48 - 000000000 __SHD C:\Users\guillaume\IntelGraphicsProfiles
2018-11-05 08:41 - 2018-09-18 18:38 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-11-05 08:41 - 2018-09-18 18:38 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-11-04 16:24 - 2014-04-07 21:15 - 000094198 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-04 16:24 - 2013-08-28 20:28 - 000092306 _____ C:\Windows\system32\perfh00C.dat
2018-11-04 16:24 - 2013-08-28 20:28 - 000021506 _____ C:\Windows\system32\perfc00C.dat
2018-11-04 16:24 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-11-04 15:40 - 2018-09-03 12:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-04 15:40 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-04 15:02 - 2018-07-09 16:45 - 000000000 ____D C:\Users\guillaume\AppData\Local\Warframe
2018-11-03 18:56 - 2018-06-30 11:21 - 000000000 ____D C:\Users\guillaume\AppData\Local\transmission
2018-11-03 13:25 - 2018-06-30 10:29 - 000000000 ____D C:\Users\guillaume\Documents\my games
2018-11-02 11:30 - 2018-06-30 09:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-02 10:17 - 2018-07-13 15:53 - 000331776 ___SH C:\Users\guillaume\Downloads\Thumbs.db
2018-11-02 07:49 - 2018-06-30 09:23 - 000000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-02 07:49 - 2018-06-30 09:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-01 11:57 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
2018-11-01 11:57 - 2013-08-22 09:44 - 005217000 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-01 11:56 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-11-01 11:55 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2018-10-31 19:31 - 2018-06-30 10:24 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\discord
2018-10-31 18:00 - 2018-09-10 20:13 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.minecraft
2018-10-31 18:00 - 2018-09-10 20:13 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-10-31 14:14 - 2018-06-30 14:21 - 000000000 ____D C:\Users\guillaume\Documents\WordQ
2018-10-30 19:27 - 2018-07-29 18:13 - 000000000 ____D C:\Users\guillaume\AppData\Local\Greenshot
2018-10-30 17:48 - 2018-07-18 10:18 - 000000000 ____D C:\Users\guillaume\AppData\Local\Soundnode
2018-10-28 21:44 - 2018-07-09 08:06 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-10-28 11:24 - 2018-07-09 08:03 - 000000000 ____D C:\Users\guillaume\AppData\Local\Bluestacks
2018-10-25 13:34 - 2018-06-30 09:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-25 12:30 - 2018-06-30 09:49 - 000000000 ____D C:\Users\guillaume\AppData\Local\Spotify
2018-10-24 20:24 - 2018-07-04 19:13 - 000000000 ____D C:\Windows\system32\MRT
2018-10-24 20:17 - 2018-07-04 19:13 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-24 18:08 - 2018-07-03 15:44 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-24 18:08 - 2018-07-03 15:44 - 000002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-24 18:01 - 2018-07-03 12:28 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\steelseries-engine-3-client
2018-10-18 17:48 - 2018-07-06 10:17 - 000000000 ____D C:\Users\guillaume\AppData\Local\ElevatedDiagnostics
2018-10-18 11:54 - 2018-06-29 21:08 - 000000000 ____D C:\Users\guillaume
2018-10-18 11:52 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Registration
2018-10-18 11:08 - 2018-07-04 10:17 - 000000000 ____D C:\Users\guillaume\Nox_share
2018-10-17 14:53 - 2018-08-27 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 14:53 - 2018-08-27 13:38 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 14:52 - 2018-08-27 13:38 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-14 11:35 - 2018-07-18 07:19 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Anvsoft
2018-10-11 12:25 - 2014-04-07 22:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-11 12:20 - 2018-07-19 13:04 - 000000000 ____D C:\Users\guillaume\AppData\Local\Turbo
2018-10-10 20:48 - 2018-07-20 17:24 - 000000000 ____D C:\Users\guillaume\Documents\3DMark
2018-10-09 17:11 - 2014-06-17 07:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-09 17:04 - 2018-06-29 21:09 - 000000000 ____D C:\Users\guillaume\AppData\Local\VirtualStore
2018-10-09 16:47 - 2018-07-20 17:24 - 000000000 ____D C:\Users\guillaume\AppData\Local\Futuremark
2018-10-09 16:47 - 2018-07-20 17:12 - 000000000 ____D C:\Program Files (x86)\Futuremark
2018-10-06 15:10 - 2018-06-30 10:31 - 000000000 ____D C:\ProgramData\Battle.net

==================== Files in the root of some directories =======

2018-08-27 13:59 - 2018-11-05 13:57 - 000000600 _____ () C:\Users\guillaume\AppData\Local\PUTTY.RND
2018-11-05 17:24 - 2018-11-05 17:24 - 000000887 _____ () C:\Users\guillaume\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-06-30 13:10 - 2015-07-31 09:06 - 000242864 ____R (Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\ose00000.exe
2018-10-30 09:32 - 2018-10-30 09:32 - 000884736 ____N () C:\Users\guillaume\AppData\Local\Temp\sqlite-3.18.0-77f1224f-c26e-48b5-a050-b4af14ed4fbc-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-16 10:27

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by guillaume (05-11-2018 18:22:08)
Running from D:\DownloadSSD
Windows 8.1 (Update) (X64) (2018-06-30 02:08:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3805808772-3452688692-1920293510-500 - Administrator - Disabled)
Guest (S-1-5-21-3805808772-3452688692-1920293510-501 - Limited - Disabled)
guillaume (S-1-5-21-3805808772-3452688692-1920293510-1001 - Administrator - Enabled) => C:\Users\guillaume
HomeGroupUser$ (S-1-5-21-3805808772-3452688692-1920293510-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
4K Stogram 2.6 (HKLM\...\{CBD24523-4E64-4DFB-8311-05019EFD0D6B}) (Version: 2.6.14.1590 - Open Media LLC)
4K Video Downloader 4.4 (HKLM-x32\...\{AA5C80E7-8876-4026-A0D0-582D8EFBA2E1}) (Version: 4.4.7.2307 - Open Media LLC)
4K YouTube to MP3 3.3 (HKLM-x32\...\{7DD40CC0-533F-4EF3-9DDC-1B6B91C8567D}) (Version: 3.3.6.1809 - Open Media LLC)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Acapela Synthèse de la Parole pour le WordQ 4 (français) (HKLM-x32\...\{F0ADA798-6CB1-49FB-A2D3-060FFA25D60E}) (Version: 9.1.1 - Quillsoft Ltd.)
Acapela Text to Speech for WordQ 4 (Core) (HKLM-x32\...\{EE2AA629-F3EC-412E-8A14-5DD9BAD490D2}) (Version: 9.1.1 - Quillsoft)
Acapela Text to Speech for WordQ 4(North America) (HKLM-x32\...\{1D08C682-F619-4E89-8291-1C13A346DAD9}) (Version: 9.1.1 - Quillsoft Ltd.)
Acapela Text-to-Speech for WordQ 4(Canadian French) (HKLM-x32\...\{98B997C5-8A5C-4EB2-B8DE-7CBAAAFAF2A0}) (Version: 9.1.1 - Quillsoft Ltd.)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}) (Version: 1.4.0.0728 - Advanced Micro Devices, Inc.)
Antidote 9 (HKLM-x32\...\{D98F9F54-E310-4F57-93F5-0F42EFAA3847}) (Version: 9.5.3407 - Druide informatique inc.)
Any Video Converter Ultimate 6.2.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apowersoft Screen Recorder Pro V2.1.9 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.1.9 - APOWERSOFT LIMITED)
Article Spinner 3.0.2.0 (HKLM-x32\...\{60103DBD-B2E6-4C64-A409-36C856029364}_is1) (Version: 3.0.2.0 - Fastlink2)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Captcha Sniper (HKLM-x32\...\Captcha Sniper_is1) (Version: - )
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.16 - Crawler Group)
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version: - TinyBuild LLC)
CoinCollector (HKLM-x32\...\{DE24DA5E-6884-4465-A07E-81E040AD0DE1}) (Version: 5.1.0 - AutoClickBots) Hidden
CoinCollector V5 (HKLM-x32\...\CoinCollector 5.1.0) (Version: 5.1.0 - AutoClickBots)
Corsair Gaming Headset Software (HKLM-x32\...\{88ADDCAA-6591-4D41-A7F1-2F38B7B049BB}) (Version: 2.0.37 - Corsair)
Discord (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 60.4.107 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Dxtory version 2.0.142 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.142 - ExKode Co. Ltd.)
Easy Auto Spinner version 1.0 (HKLM-x32\...\{3D9BC2FA-3876-4916-B865-86BA4D5844EC}_is1) (Version: 1.0 - Spinner Pro Software)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA Precision X1 (HKLM\...\EVGA Precision X1) (Version: 0.2.9.0 - EVGA Corporation)
FileZilla Client 3.38.1 (HKLM-x32\...\FileZilla Client) (Version: 3.38.1 - Tim Kosse)
Futuremark SystemInfo (HKLM-x32\...\{403D9E9C-2564-44C2-96F3-97DC7F1BED31}) (Version: 5.13.690.0 - Futuremark)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GoNNER (HKLM-x32\...\{516FEAE8-F1E6-4F68-A964-E5D55F92CF8F}) (Version: - Raw Fury)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HCS VoicePacks Ships Parrot version Singularity and Event Horizon (HKLM-x32\...\{234C8401-2EA7-47A4-8169-50194F3859BD}_is1) (Version: Singularity and Event Horizon - HCS VoicePacks Ltd)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
I, Hope (HKLM-x32\...\{556A4404-A3F6-4AC4-8E0A-C1B4E9787255}) (Version: - Double Plus Good Games)
ICQ (version 10.0.12341) (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\icq.desktop) (Version: 10.0.12341 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Jaxx 1.3.18 (only current user) (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\c8bd836d-41d7-5f55-90da-0bae2db13a07) (Version: 1.3.18 - decentral.ca)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LED Sync (HKLM-x32\...\{3EF99290-BC31-4E90-89E2-B0E44D85C11C}) (Version: 1.0.9 - EVGA)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{87BD5AFD-F79F-470C-9E13-E62724CEC175}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MediaInfo 18.03 (HKLM\...\MediaInfo) (Version: 18.03 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
METAL SLUG 3 (HKLM-x32\...\{661F739F-90E4-49EB-A79D-8B50D8FEF1E0}) (Version: - SNK)
Microsoft Office Professionnel Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{756E195A-CB58-4B99-917F-0DDA0D881204}) (Version: 1.0.4.0 - Mojang)
Mozilla Firefox 63.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Maker (HKLM\...\{A03DDADD-6280-46A7-B101-93EF16E78DE4}) (Version: 27.0.0.16 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{A03DDADD-6280-46A7-B101-93EF16E78DE4}) (Version: 27.0.1.23 - MAGIX Software GmbH)
Music Maker Update (HKLM\...\{AD877700-0364-4133-B795-55EEFA14000D}) (Version: 27.0.1.23 - MAGIX Software GmbH) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.3.1 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OtohitsApp (HKLM-x32\...\{9B85C70F-D649-4290-8C1D-5356A5262066}_is1) (Version: 3.1.1.0 - Otohits Network)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF Annotator 6.1.0.605 (HKLM-x32\...\PDFAnnotator_is1) (Version: 6.1.0.605 - GRAHL software design)
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1025.0 - Passmark Software)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.13.0 - )
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.14804 - Kakao Corp.)
Proxifier version 3.21 (HKLM-x32\...\Proxifier_is1) (Version: 3.21 - Initex)
Pumped BMX (HKLM-x32\...\{F8FF5767-BBB1-4AB8-9B34-D617EC534339}) (Version: - Curve Digital)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
RA Email Extractor version 1.1 (HKLM-x32\...\{22BAED95-7CD4-49F0-B688-E496480B3052}_is1) (Version: 1.1 - Wayvind Software Solutions)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Remote Desktop assistant (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\4ffdbc81071cec8e) (Version: 1.0.0.103 - Remote Desktop assistant)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Roblox Player for guillaume (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
SdediBox (HKLM\...\{B1E78DBF-DAFF-4DA8-B4C3-4428EE018FA8}) (Version: 1.0 - SARL SHPS)
SpeakQ 4 (HKLM-x32\...\{FBD8FBC5-EC77-4CA9-9B77-6AE6C36FE997}) (Version: 4.1.16 - Quillsoft Ltd.)
Spinner Pro Writer version 1.0 (HKLM-x32\...\{F3C2B3CB-27A0-4175-AEEC-57C0A4E317F7}_is1) (Version: 1.0 - Spinner Pro Software)
Spotify (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
Spun By Google 0.1 (HKLM-x32\...\{6222037e-683d-444d-8f77-w129p3446w67e}}_is1) (Version: 0.1 - SupaGrowth.com)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
SteelSeries Engine 3.13.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.13.0 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Tales from the Borderlands (HKLM-x32\...\{B24F49F9-D7FE-40B6-8F4D-65B0C6BF6A6B}) (Version: - Telltale Games)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community)
TheBestSpinner3 (HKLM-x32\...\TheBestSpinner3) (Version: - )
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Transmission 2.94 (d8e60ee44f) (x64) (HKLM\...\{F822870C-AD55-47D1-A705-21661A02386B}) (Version: 2.94.0 - Transmission Project)
Turbo.net Sandbox Manager 18.10 (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\{8248212A-01F7-4BF1-A4FD-BA0A965198B4}) (Version: 18.10.1788.0 - Code Systems Corporation)
TurboLauncher (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\TurboLauncher) (Version: 18.10.1788.0 - Code Systems Corporation)
Twitch (HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch Leecher 1.5.3 (HKLM\...\{AF26C896-686F-438A-92AD-D396A5357864}) (Version: 1.5.3.0 - Franiac) Hidden
Twitch Leecher 1.5.3 (HKLM-x32\...\{c484fed0-cbd3-4229-9cd3-10127598015b}) (Version: 1.5.3.0 - Franiac)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-040C-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
Visuel intégré (HKLM-x32\...\{91257374-4FAA-4FF3-B3BC-C17521EBA169}) (Version: 1.0 - Druide informatique inc.)
Vita Concert Grand LE (HKLM\...\{1A6D2E33-E888-4E94-AD25-4049E51ACA57}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
WordQ 4 (HKLM-x32\...\{40042175-CB48-4D51-8BAF-D66BAE867676}) (Version: 4.1.16 - Quillsoft Ltd.)
WordQ Pro CF Templates (HKLM-x32\...\{9E88CEC9-9160-417C-8647-C98D261E803B}) (Version: 4.1.1 - Quillsoft Ltd.)
WordQ4 Pro CF Dictionary (HKLM-x32\...\{AFEF30D7-DA5D-4D57-A72C-B64E5F9CD26E}) (Version: 4.1.1 - Quillsoft Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{3D58DDEA-561E-45BA-AA6A-0AB04BCD9FAD}\InprocServer32 -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Plugin-x64.dll (Code Systems Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> D:\DownloadSSD\antidote\Application\Bin64\Antidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> D:\DownloadSSD\antidote\Application\Bin64\Antidote.exe (Druide informatique inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-22] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\program ssd\iso\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\program ssd\iso\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-04-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EAA64B-9B88-44ED-8CD9-F512BC143CA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-03] (Google Inc.)
Task: {3AB298C6-2D50-4430-A5E7-9EF994C9C10F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {3CBF3979-5061-4D78-9A3C-9CF49D935132} - System32\Tasks\AAct => C:\Windows\AAct_Tools\AAct_x64.exe [2018-02-23] ()
Task: {438B5CCD-7268-428F-BB8A-1C71DC6EF263} - System32\Tasks\Dxstory\dxstory => C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe [2017-04-08] (ExKode Co. Ltd.)
Task: {444638D2-C82C-4211-89E8-CC50CD7E49C4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-06-30] (Dropbox, Inc.)
Task: {475C22CC-DE04-482C-906C-1BC7E252524E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4E212843-C53B-46B0-86D1-C1BECAE19225} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {5FBBC72E-3098-4834-B559-E8C8EDA01946} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-03] (Google Inc.)
Task: {7CBD3D0B-9C7A-4A63-B899-DD0AD03C486F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {8CEBE579-9C0A-4B6F-9B3F-F28F02487B0E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {BACA1DF0-2EE4-43E5-95C7-02412DB94D13} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-06-30] (Dropbox, Inc.)
Task: {C3A59663-EC90-4267-A605-635819B3208C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {DE992973-C9E1-4989-9A10-A2182F95D1CE} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3805808772-3452688692-1920293510-1001 => C:\Users\guillaume\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {DF06CF26-D24A-42BA-BFA3-C3F1FC0459CF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {F6C1D236-B5AD-4604-BCC9-E3A144864675} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {FFE463B0-8EF2-4BC5-9A50-0B1E387876F6} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [2018-08-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\guillaume\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-07-09 11:18 - 2012-11-22 17:57 - 000057448 _____ () C:\Windows\system32\PrxerNsp.dll
2018-08-12 11:25 - 2018-08-11 10:52 - 000356840 _____ () C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2018-08-11 10:56 - 2018-10-31 13:13 - 001686520 _____ () C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX64.dll
2018-10-27 12:48 - 2018-10-27 12:48 - 000054440 _____ () D:\program ssd\filezilla\FileZilla FTP Client\fzshellext_64.dll
2018-07-22 19:14 - 2018-07-22 19:14 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-01-01 08:23 - 2018-04-20 03:56 - 000400800 _____ () C:\Windows\system32\igfxTray.exe
2012-07-18 20:38 - 2012-07-18 20:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000087368 _____ () D:\DownloadSSD\antidote\Application\Bin64\libQtDispatchDruide9.dll
2017-04-25 15:45 - 2017-04-25 15:45 - 000108136 _____ () D:\DownloadSSD\antidote\Application\Bin64\libwebsocketsDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000467784 _____ () D:\DownloadSSD\antidote\Application\Bin64\boost_locale-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000088392 _____ () D:\DownloadSSD\antidote\Application\Bin64\libxdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000063816 _____ () D:\DownloadSSD\antidote\Application\Bin64\libdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000025928 _____ () D:\DownloadSSD\antidote\Application\Bin64\boost_system-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000036168 _____ () D:\DownloadSSD\antidote\Application\Bin64\boost_chrono-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000108360 _____ () D:\DownloadSSD\antidote\Application\Bin64\boost_thread-vc120-mt-1_58-Druide9.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 000022120 _____ () D:\DownloadSSD\antidote\Application\Bin64\LibrairiesQt\libEGL.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 002022504 _____ () D:\DownloadSSD\antidote\Application\Bin64\LibrairiesQt\libGLESv2.dll
2017-09-12 15:33 - 2017-09-12 15:33 - 000118376 _____ () D:\DownloadSSD\antidote\LingEN\Bin64\libYamChaDruide9.dll
2017-09-12 15:30 - 2017-09-12 15:30 - 000402536 _____ () D:\DownloadSSD\antidote\Application\Bin64\Extensions\Antidote.LibreOffice.MA.P100.dll
2014-06-17 07:09 - 2013-12-10 09:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-06-30 09:49 - 2018-10-22 13:23 - 086734056 _____ () C:\Users\guillaume\AppData\Roaming\Spotify\libcef.dll
2018-10-11 17:46 - 2018-10-09 23:17 - 000878880 _____ () D:\program ssd\steam\SDL2.dll
2018-07-24 15:42 - 2016-08-31 20:02 - 004969248 _____ () D:\program ssd\steam\v8.dll
2018-10-13 13:50 - 2018-10-12 20:59 - 002647840 _____ () D:\program ssd\steam\video.dll
2018-07-24 15:42 - 2016-08-31 20:02 - 001563936 _____ () D:\program ssd\steam\icui18n.dll
2018-07-24 15:42 - 2016-08-31 20:02 - 001195296 _____ () D:\program ssd\steam\icuuc.dll
2018-07-24 15:42 - 2017-12-19 20:43 - 005137696 _____ () D:\program ssd\steam\libavcodec-57.dll
2018-07-24 15:42 - 2017-12-19 20:43 - 000695584 _____ () D:\program ssd\steam\libavformat-57.dll
2018-07-24 15:42 - 2017-12-19 20:43 - 000351520 _____ () D:\program ssd\steam\libavresample-3.dll
2018-07-24 15:42 - 2017-12-19 20:43 - 000847136 _____ () D:\program ssd\steam\libavutil-55.dll
2018-07-24 15:42 - 2017-12-19 20:43 - 000783648 _____ () D:\program ssd\steam\libswscale-4.dll
2018-10-13 13:50 - 2018-10-12 20:59 - 001023776 _____ () D:\program ssd\steam\bin\chromehtml.DLL
2018-07-24 15:42 - 2016-07-04 17:17 - 000266560 _____ () D:\program ssd\steam\openvr_api.dll
2018-06-30 09:49 - 2018-10-22 13:23 - 004318952 _____ () C:\Users\guillaume\AppData\Roaming\Spotify\libglesv2.dll
2018-06-30 09:49 - 2018-10-22 13:23 - 000098024 _____ () C:\Users\guillaume\AppData\Roaming\Spotify\libegl.dll
2018-10-11 17:46 - 2018-10-09 23:17 - 000878880 _____ () D:\program ssd\steam\bin\cef\cef.win7\SDL2.dll
2018-10-11 17:46 - 2018-09-22 19:00 - 088009504 _____ () D:\program ssd\steam\bin\cef\cef.win7\libcef.dll
2018-10-11 17:46 - 2018-09-22 19:00 - 004083488 _____ () D:\program ssd\steam\bin\cef\cef.win7\libglesv2.dll
2018-10-11 17:46 - 2018-09-22 19:00 - 000097056 _____ () D:\program ssd\steam\bin\cef\cef.win7\libegl.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000076616 _____ () D:\DownloadSSD\antidote\Application\Bin32\libQtDispatchDruide9.dll
2017-04-25 15:45 - 2017-04-25 15:45 - 000093288 _____ () D:\DownloadSSD\antidote\Application\Bin32\libwebsocketsDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000373576 _____ () D:\DownloadSSD\antidote\Application\Bin32\boost_locale-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000077128 _____ () D:\DownloadSSD\antidote\Application\Bin32\libxdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000054600 _____ () D:\DownloadSSD\antidote\Application\Bin32\libdispatchDruide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000022856 _____ () D:\DownloadSSD\antidote\Application\Bin32\boost_system-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000033096 _____ () D:\DownloadSSD\antidote\Application\Bin32\boost_chrono-vc120-mt-1_58-Druide9.dll
2015-10-21 20:49 - 2015-10-21 20:49 - 000089928 _____ () D:\DownloadSSD\antidote\Application\Bin32\boost_thread-vc120-mt-1_58-Druide9.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 000021096 _____ () D:\DownloadSSD\antidote\Application\Bin32\LibrairiesQt\libEGL.dll
2017-04-30 06:02 - 2017-04-30 06:02 - 001654888 _____ () D:\DownloadSSD\antidote\Application\Bin32\LibrairiesQt\libGLESv2.dll
2018-11-05 13:22 - 2018-11-05 13:22 - 000081408 ____T () C:\Users\guillaume\AppData\Local\Microsoft\bass_vst.dll
2018-11-05 13:22 - 2018-11-05 13:22 - 001758720 ____T () C:\Users\guillaume\AppData\Local\Microsoft\engine_vx.dll
2017-09-10 15:51 - 2017-09-10 15:51 - 000798208 _____ () C:\Users\guillaume\AppData\Local\MEGAsync\libsodium.dll
2017-10-18 16:58 - 2017-10-18 16:58 - 000570368 _____ () C:\Users\guillaume\AppData\Local\MEGAsync\ShellExtX32.dll
2018-10-25 13:34 - 2018-10-24 06:53 - 001140552 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-10-25 13:34 - 2018-10-24 06:53 - 002247496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-06-30 10:01 - 2018-10-24 06:57 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:53 - 000117720 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-06-30 10:01 - 2018-10-24 06:52 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:53 - 000418264 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-06-30 10:01 - 2018-10-24 06:52 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000118760 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:57 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000061280 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:52 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000064992 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:57 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:57 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-01 14:02 - 2018-10-24 06:58 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:52 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:53 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-06-30 10:01 - 2018-10-24 06:57 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:56 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-06-30 10:01 - 2018-10-24 06:57 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
 

Broni

Malware Annihilator
2018-10-25 13:34 - 2018-10-24 06:57 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-10-25 13:34 - 2018-10-24 06:57 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-06-30 10:01 - 2018-10-24 06:58 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-09-13 20:09 - 2018-10-24 06:58 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-06-30 10:01 - 2018-10-24 06:58 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2018-10-25 13:34 - 2018-10-24 06:57 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
2018-06-30 10:24 - 2018-04-30 22:01 - 001891672 _____ () C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-06-30 10:24 - 2018-04-30 22:01 - 001937752 _____ () C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-06-30 10:24 - 2018-04-30 22:01 - 000095576 _____ () C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-06-30 10:24 - 2018-11-05 16:05 - 011283288 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-06-30 10:24 - 2018-09-13 07:18 - 001615704 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-06-30 10:24 - 2018-06-30 10:24 - 001910104 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-06-30 10:24 - 2018-06-30 10:24 - 000422744 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-06-30 10:24 - 2018-06-30 10:24 - 000145240 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-06-30 10:24 - 2018-06-30 10:24 - 000512856 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-06-30 10:24 - 2018-10-31 19:31 - 001629528 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-10-01 14:07 - 2018-10-10 07:53 - 009621848 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
2018-06-30 10:24 - 2018-06-30 10:24 - 002722648 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-11 10:49 - 2018-10-30 19:27 - 001248088 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-11 10:48 - 2018-11-05 16:05 - 024896856 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-06-30 10:27 - 2018-06-30 10:27 - 002760536 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-06-30 10:26 - 2018-06-30 10:26 - 001249112 _____ () \\?\C:\Users\guillaume\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guillaume\Pictures\sans_copyright_.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B3C5FC64-B289-44BD-BC2D-5EE04D5EDD2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2C2BC456-DD14-42B6-A5FC-373C41132F3F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4C31393A-7CBD-4C71-9A2B-4165849B4643}C:\users\guillaume\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guillaume\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD85F14D-401E-4FD7-A32B-4A95E86DD6AF}C:\users\guillaume\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guillaume\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2CAFF4D8-F6F3-4912-8131-B0ECC6277EC7}] => (Allow) D:\program ssd\steam\Steam.exe
FirewallRules: [{0F14B499-C558-438E-B454-557A7CE09CDE}] => (Allow) D:\program ssd\steam\Steam.exe
FirewallRules: [{451B5EB8-AF2E-4C5F-97B4-7FCE032433EB}] => (Allow) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5D380EF5-842C-4329-AC6D-53AD5585AC5A}] => (Allow) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8510B7D8-D29B-4A73-A660-8B19384D052F}] => (Allow) E:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{5B579DDD-C647-4155-B905-290D762E3A4E}] => (Allow) E:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{25EC507E-17B8-4D18-B07F-A83A8F8D6BE9}] => (Allow) D:\program ssd\steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{2E3CC163-A98E-4E62-8A2C-5AF0F7C88F5A}] => (Allow) D:\program ssd\steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{84FE1488-43E9-4899-9AC1-5CE136D88942}] => (Allow) E:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{1D107486-1B9E-483B-84D1-02DB7CCB46EE}] => (Allow) E:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{9AD11363-0839-47DC-BFE3-BE7B5AB31473}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{8B209C58-3140-4F10-AA16-148C6EA258A3}] => (Allow) E:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [TCP Query User{7057898F-15F7-4F00-947F-693BD9645A96}D:\program ssd\transmi\transmission-qt.exe] => (Allow) D:\program ssd\transmi\transmission-qt.exe
FirewallRules: [UDP Query User{4F8E08E4-BF42-46DA-B5E4-F85A5DD0008F}D:\program ssd\transmi\transmission-qt.exe] => (Allow) D:\program ssd\transmi\transmission-qt.exe
FirewallRules: [{5BAEA11A-D3F9-49F5-9696-87EC29F2B80E}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{FF03C7ED-EEE4-47EA-9171-B1966F2DEFBC}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D1637D76-C223-4230-90B9-EA6EF5934BDB}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E16D8828-E46E-4D54-A82E-AF63DF88E859}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E7AE011A-F195-4C58-899A-AF449B45E52B}] => (Allow) D:\program ssd\steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{D9F1411D-1AA2-48C0-B960-0AB25F462F2E}] => (Allow) D:\program ssd\steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [TCP Query User{17176DF7-26F1-47CA-A167-949EB955DA75}D:\program ssd\potplayer\potplayermini64.exe] => (Allow) D:\program ssd\potplayer\potplayermini64.exe
FirewallRules: [UDP Query User{3DDCEF51-3FFB-45DC-A484-F9514D830043}D:\program ssd\potplayer\potplayermini64.exe] => (Allow) D:\program ssd\potplayer\potplayermini64.exe
FirewallRules: [{55FE1D21-C67E-4043-9E56-D4E7B33556C4}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{04DF4755-E196-4B58-98F5-85BF465B8BA7}] => (Allow) E:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{095B0A5A-6E22-4AF9-8DFC-02996B5F4485}E:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{4B3E7B90-E3E7-48FE-BA58-2C2285FFAEBE}E:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{411CA12A-590C-4D5B-B9D0-13360AE1EC1B}E:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) E:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{94C49CA8-5EF6-4200-A999-6B185DEFA2D8}E:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) E:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{ADF52A53-A997-4C8A-8014-B7D98B1C3D43}] => (Allow) E:\SteamLibrary\steamapps\common\Hurtworld\Hurtworld.exe
FirewallRules: [{F41E8C14-3DB7-4DAD-99DE-09E593FEE217}] => (Allow) E:\SteamLibrary\steamapps\common\Hurtworld\Hurtworld.exe
FirewallRules: [{1C9BAD96-D23A-473B-AAC2-C9EDCD0C75FD}] => (Allow) E:\SteamLibrary\steamapps\common\Hurtworld\HurtworldClient.exe
FirewallRules: [{902081CA-1437-4405-AB92-28CA5FB1F2B0}] => (Allow) E:\SteamLibrary\steamapps\common\Hurtworld\HurtworldClient.exe
FirewallRules: [{89CCF411-D5F9-4B9C-AF24-24DB116A52B3}] => (Allow) E:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{F63515FE-B75D-44C8-88EB-78BDA138333E}] => (Allow) E:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{67A61F0F-B30E-40B6-96F9-504C0BC7D81E}E:\program file\battle net\overwatch\overwatch.exe] => (Allow) E:\program file\battle net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{1998DE3E-D26D-4993-A760-4A004780B96C}E:\program file\battle net\overwatch\overwatch.exe] => (Allow) E:\program file\battle net\overwatch\overwatch.exe
FirewallRules: [TCP Query User{13D05E8B-1896-4459-9A40-ADFB7622CB79}E:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{EF214F3D-8125-466D-B6D5-F42AF317C8B8}E:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{2AC2CB19-7BDB-4DBB-AB33-4C075ECB42C3}E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{61913B00-AAC8-4897-8247-2EE1E6A978C3}E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{6697988C-1A1E-49A0-BAA0-B49CC6DFD328}] => (Allow) H:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1AA1FA47-FCA1-4FB6-A2B8-0194DB0587AC}] => (Allow) H:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{1CC6623F-DA32-4D09-BE19-E4970D75AC1B}H:\program file\battle net\overwatch\overwatch.exe] => (Allow) H:\program file\battle net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{44CBB49E-07A4-4E0E-BC05-DB5688080DB8}H:\program file\battle net\overwatch\overwatch.exe] => (Allow) H:\program file\battle net\overwatch\overwatch.exe
FirewallRules: [{70C63C38-1459-458A-A872-9753082D0881}] => (Allow) H:\SteamLibrary\steamapps\common\Hurtworld\Hurtworld.exe
FirewallRules: [{B84E35BF-5178-47D7-AD9E-C190511DE9E3}] => (Allow) H:\SteamLibrary\steamapps\common\Hurtworld\Hurtworld.exe
FirewallRules: [{B2D17A34-AD77-4651-9FD0-3D9E9D017CD0}] => (Allow) H:\SteamLibrary\steamapps\common\Hurtworld\HurtworldClient.exe
FirewallRules: [{39AFA38C-BBA0-4BFA-983A-240C223A8DE1}] => (Allow) H:\SteamLibrary\steamapps\common\Hurtworld\HurtworldClient.exe
FirewallRules: [TCP Query User{087488C4-B92F-4B9A-B09A-DC0BF67701EA}H:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) H:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{BC783002-4ACD-455F-A6B9-6938DC6F45C9}H:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) H:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{20FF488C-F8E3-4F33-95DD-BB6BCB8F9219}H:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) H:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{57A11900-1A40-43AA-A9FB-4C4BC880001E}H:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) H:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{56EC2671-F926-4799-91EC-C08889860616}H:\steamlibrary\steamapps\common\robocraft\robocraftclient.exe] => (Allow) H:\steamlibrary\steamapps\common\robocraft\robocraftclient.exe
FirewallRules: [UDP Query User{661FA77C-A76D-422B-9BAD-734ABE0F8520}H:\steamlibrary\steamapps\common\robocraft\robocraftclient.exe] => (Allow) H:\steamlibrary\steamapps\common\robocraft\robocraftclient.exe
FirewallRules: [{1AC8374A-0BC7-4446-B000-2B091109BC42}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{198ABD83-C0DD-440A-B241-1CED2012FFBF}] => (Allow) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{A38FB4E2-743D-4636-8C5F-BBDED7ED0279}] => (Allow) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{451EE46E-00F0-43F3-B21B-E08BF3D8D661}] => (Allow) H:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{F42FE14A-A343-472E-909E-6D1D14308F1F}] => (Allow) H:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{043C0172-3012-4799-9392-60521CD4DCE2}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe
FirewallRules: [UDP Query User{075789B2-DEF7-4878-884C-1FFD7C82938B}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe
FirewallRules: [{F3371852-1E69-4D40-AE16-8311BD9D5E7D}] => (Allow) D:\program ssd\steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{FA4F35F2-24C7-42B9-A228-879B701772E4}] => (Allow) D:\program ssd\steam\steamapps\common\Rivals of Aether\RivalsofAether.exe
FirewallRules: [{569186BF-788D-4EB7-AFD8-A11CA4034179}] => (Allow) H:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{CA94A25F-38CD-4AC0-AF02-2249D37EE442}] => (Allow) H:\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{A287DDE1-68AC-40B4-86E1-82071AAC198E}] => (Allow) H:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{18177D2A-DBFD-46F2-BF56-B4B0DBD6C321}] => (Allow) H:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{8679A816-1CA6-4717-B02C-D8574940D098}C:\users\guillaume\appdata\roaming\icq\bin\icq.exe] => (Allow) C:\users\guillaume\appdata\roaming\icq\bin\icq.exe
FirewallRules: [UDP Query User{9B90EE77-680C-4142-9100-F0E839C2078F}C:\users\guillaume\appdata\roaming\icq\bin\icq.exe] => (Allow) C:\users\guillaume\appdata\roaming\icq\bin\icq.exe
FirewallRules: [{FB7343D9-4892-4C0D-AE73-41DA74A3270B}] => (Allow) C:\Users\guillaume\Pictures\LiquidSky.exe
FirewallRules: [{97569978-A0E8-47CA-82BF-F7EFB9ECED90}] => (Allow) C:\Users\guillaume\Pictures\LiquidSky.exe
FirewallRules: [{39028344-C2D7-4E96-AF4E-99777BB3BD61}] => (Allow) C:\Users\guillaume\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{C5F7DE47-9D3D-4221-BF37-3709ED3053AE}] => (Allow) C:\Users\guillaume\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{13513134-8296-4F10-B420-CC5B6260C5FC}] => (Allow) C:\Users\guillaume\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{D946626A-9FA3-47E1-9AB6-02C45053CBDC}] => (Allow) C:\Users\guillaume\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{2CB2E0BB-376F-4FFB-AE19-515FEB355C13}] => (Allow) H:\SteamLibrary\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{C9C207E4-20BD-43FF-AB9F-A46B029142D5}] => (Allow) H:\SteamLibrary\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{781D41F4-58C1-4AD6-8063-E79B4A727E7B}] => (Allow) H:\SteamLibrary\steamapps\common\SEGA Bass Fishing\AppLauncher.exe
FirewallRules: [{A2915D17-E915-458F-9400-74410270EB04}] => (Allow) H:\SteamLibrary\steamapps\common\SEGA Bass Fishing\AppLauncher.exe
FirewallRules: [TCP Query User{A1AA0C11-86AB-4299-A7DC-A663C4BEE134}H:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) H:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E2650BFA-0192-4FDF-B6C7-C2FA2D619374}H:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) H:\program file\lol\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [TCP Query User{37C0A995-7984-414A-8A74-D643061F6C75}H:\program file\lol\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) H:\program file\lol\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C4EE46FE-3CAD-4D8C-90D0-921E31A2355C}H:\program file\lol\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) H:\program file\lol\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{0D181CA0-E909-46F8-A00F-CB853D29FD72}H:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) H:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{3A2ADB60-AF40-4E3D-89FA-ECF394EE9793}H:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) H:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{1B9B63D5-8401-4DA6-A173-C28E771D9629}] => (Allow) H:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{99F8F4AD-CAA1-4E31-8A7E-50C565C46B3F}] => (Allow) H:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{37880FEC-DF61-41E5-B626-EDA8908FDF82}] => (Allow) H:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{44F3663D-2604-4FEA-A342-DC33A701B305}] => (Allow) H:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{04F68570-DD80-4DEE-8905-B51942F0B89B}] => (Allow) C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{35DAADC9-843F-4A15-AB5D-EBE89EC264B1}] => (Allow) C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{7F03A7EA-6B16-411F-A3DD-0DF3108B712B}] => (Allow) H:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{56A77E94-C1E7-4008-8923-F480F2352C3F}] => (Allow) H:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{22F4C789-9AF1-457C-9494-3A5487EF22DD}] => (Allow) D:6\SteamLibrary\steamapps\common\Screencheat\screencheat.exe
FirewallRules: [{BF17DB48-DBDE-4CFB-8188-62B44998AE6A}] => (Allow) D:6\SteamLibrary\steamapps\common\Screencheat\screencheat.exe
FirewallRules: [{4FE6DAB4-AE5C-456D-A200-165D5056120E}] => (Allow) D:6\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{5463040C-C9FE-4C99-B1EE-E1949B19A5AF}] => (Allow) D:6\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{12AEFBA1-61B4-4CCA-9FA2-3C995102DCD0}] => (Allow) C:\SteamLibrary\steamapps\common\Kingdom New Lands\Kingdom.exe
FirewallRules: [{ED515400-A969-4F71-B18E-297A2F533148}] => (Allow) C:\SteamLibrary\steamapps\common\Kingdom New Lands\Kingdom.exe
FirewallRules: [{A6346536-6D8F-42AA-BA7E-C37D26805BD9}] => (Allow) C:\SteamLibrary\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{0091CAE2-21B7-44C2-918D-3AF12C3B3C32}] => (Allow) C:\SteamLibrary\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{513CE9C3-7F28-4F47-A735-F8CA524301DE}] => (Allow) H:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6249FB0F-B669-45B7-92D5-D48C489D3981}] => (Allow) H:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6C02D617-B580-49C3-B43A-3EBB8DE4BFB9}] => (Allow) H:\SteamLibrary\steamapps\common\MXGP\MXGP.exe
FirewallRules: [{795F443B-B0FF-4DF0-807E-A3806C77E1BF}] => (Allow) H:\SteamLibrary\steamapps\common\MXGP\MXGP.exe
FirewallRules: [{B64D8658-E305-40ED-B1EC-CEF0D721D73F}] => (Allow) H:\SteamLibrary\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{03FE31EE-0F61-4F9E-BACA-7AC681907052}] => (Allow) H:\SteamLibrary\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{85F81177-EB98-4FA5-B1BE-245AAC472C19}] => (Allow) H:\SteamLibrary\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{06FA88BF-C270-45AE-88E7-96B752358106}] => (Allow) H:\SteamLibrary\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{D070E99E-BCB8-49A8-AF2F-24C6F8223BEE}] => (Allow) H:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{184D1914-86DB-422D-84B0-4C3FC0BBED72}] => (Allow) H:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{E6AA2B88-2A6D-4AE0-A2E8-9275A7527556}] => (Allow) H:\SteamLibrary\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{07480F4D-9F46-43E7-BBE5-66D987733FE7}] => (Allow) H:\SteamLibrary\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{ADB39DA7-AFFD-4514-A259-67AF8B6B36DE}] => (Allow) H:\SteamLibrary\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{B89B03B8-140D-49E3-B575-2073DE2692A4}] => (Allow) H:\SteamLibrary\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [TCP Query User{075EC1B8-06E8-422D-AEB7-B2EC152B2A4D}H:\program game\battlenet\overwatch\overwatch.exe] => (Allow) H:\program game\battlenet\overwatch\overwatch.exe
FirewallRules: [UDP Query User{9F01D575-0F62-4459-BFF4-54C6696BFAB2}H:\program game\battlenet\overwatch\overwatch.exe] => (Allow) H:\program game\battlenet\overwatch\overwatch.exe
FirewallRules: [{46933911-DD77-449D-BE05-9AAC2C58A753}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7E3D446A-8ED0-44FB-81A4-9B21444B2063}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D4BAB693-BF42-45FA-8E76-C18C5482FF53}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3FF0E5D1-7BC1-4926-A1DE-7EA58217E0ED}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1B8A2BE8-6A0E-4C8A-8B22-6934A023ED79}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{84A2588A-4FCB-4C26-986C-9878980C7069}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{C1D3C873-CF3B-4ACF-BCE6-8014D13642AA}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7D7EC331-05D6-497A-B75F-ED8D74F92A0A}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1F44E43D-A130-4CD3-84F1-04BADA7D9C9F}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3E3D5804-0D92-4AC9-8801-6999E965BA2C}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{57664DE1-2470-45BE-96C8-CC18D9CAEB88}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A5449A2F-46F1-4FD6-B43D-11378C6641F8}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{109F37F6-F658-4C96-835D-C4B1E78936EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1301C80C-4EAF-4025-AEA4-0594DBB6C5BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9C3DC2D2-D42C-42F1-9309-B3415DC22314}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87228D89-0488-4480-9E5C-7D5EA4B89C74}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4A92C0BC-83CE-465B-9EFB-B1D5208F4D2E}D:\program ssd\magic\25\musicmaker.exe] => (Allow) D:\program ssd\magic\25\musicmaker.exe
FirewallRules: [UDP Query User{EE46579B-6AAE-4A98-BE9C-80B3424F19A1}D:\program ssd\magic\25\musicmaker.exe] => (Allow) D:\program ssd\magic\25\musicmaker.exe
FirewallRules: [TCP Query User{9373B077-DF51-4B95-9110-A72D7AC1D007}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{08C80490-4B84-48D9-B54C-CAE1D37FCF6C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{D93FCA67-B4BC-4FEB-A78C-181B99E8D695}H:\downl\king of the hat - august backer build\king of the hat - august backer build\pc\pc.exe] => (Allow) H:\downl\king of the hat - august backer build\king of the hat - august backer build\pc\pc.exe
FirewallRules: [UDP Query User{9C456ECE-2C58-471A-872C-689BB5CF1D5D}H:\downl\king of the hat - august backer build\king of the hat - august backer build\pc\pc.exe] => (Allow) H:\downl\king of the hat - august backer build\king of the hat - august backer build\pc\pc.exe
FirewallRules: [TCP Query User{80748F45-CF1C-48E7-B996-4385A359561D}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe
FirewallRules: [UDP Query User{33201461-5BAF-46DD-B663-3E3E993FCF9E}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe
FirewallRules: [TCP Query User{93F9AD28-8AB1-43DD-86DF-99F1685FA8E8}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe
FirewallRules: [UDP Query User{36B07945-2D27-47B7-97E7-112D37EB26DC}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe
FirewallRules: [TCP Query User{955AF23F-35CD-45C6-AC36-3BB38A3BC6A1}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe
FirewallRules: [UDP Query User{FEE524CD-DC4C-40B9-A104-7DAD92F2B792}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe
FirewallRules: [TCP Query User{E38D88AF-D227-485B-94F3-20BCE27C7AC3}D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monero-wallet-gui.exe] => (Allow) D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monero-wallet-gui.exe
FirewallRules: [UDP Query User{E886E5C3-7950-4C50-8605-F6D2EC0C5BD7}D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monero-wallet-gui.exe] => (Allow) D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monero-wallet-gui.exe
FirewallRules: [TCP Query User{73594363-0E00-4411-9046-1163DD2F954B}D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monerod.exe] => (Allow) D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monerod.exe
FirewallRules: [UDP Query User{8E6FDAB8-C655-46AF-BFF7-4B859D448512}D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monerod.exe] => (Allow) D:\downloadssd\monero-gui-win-x64-v0.12.3.0\monero-gui-v0.12.3.0\monerod.exe
FirewallRules: [{0295E4C1-2DAF-44CD-A768-3D16F4A9BCFA}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\27\MusicMaker.exe
FirewallRules: [{56A9A2AE-29A4-4131-8AA3-6A0A684BC2A0}] => (Allow) H:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{513557A1-2383-4246-9427-3736556420C6}] => (Allow) H:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CA3EB277-B869-447A-AD52-7DF154C8A25C}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{292C4D05-412C-41C5-A239-1A1CAFE0EDA3}C:\program files\sdedibox\sdedibox.exe] => (Allow) C:\program files\sdedibox\sdedibox.exe
FirewallRules: [UDP Query User{292F5EC9-9409-400C-9487-E53EDB8C6892}C:\program files\sdedibox\sdedibox.exe] => (Allow) C:\program files\sdedibox\sdedibox.exe
FirewallRules: [{11D786C8-E358-4CF1-B968-6DF9C9C9A413}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{94429A31-AF3A-4428-8C85-EA42A6F8FAE0}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{DC8EF15A-E3D0-4B57-B8BC-58D16D0A06F2}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{99D190DD-E08B-4308-A531-ACF4DA1DF0F2}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{A83D05F8-9E23-4A67-B381-6CE9B79CCF09}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{75EFF640-53BE-44F1-9F14-AE9AD97FEC3D}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{ADC77D6A-D001-476E-B842-879775BC0BA7}] => (Allow) C:\Users\guillaume\Documents\nox\Nox\bin\Nox.exe
FirewallRules: [{2309D857-30F7-4767-BEC3-6748116EC113}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{62D2CA81-32A9-4CAB-99B2-0E1BF3253B04}] => (Allow) H:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{3AB99BD0-736C-414A-ADB5-05DF0B1501E9}] => (Allow) H:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{AFFBC1E8-B6FE-4F4F-BA41-15001E03D2E7}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [UDP Query User{E0F7B3C5-E8FA-4595-A347-E49224AD336C}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [{96853E6C-BA52-4F71-AE8C-31823C16E55A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FE82308E-F976-4E32-B142-39DF0680B416}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{F6D5EA2B-99CF-4418-BC33-5D6273CA12D5}] => (Allow) H:\downl\KMS Tools Portable 01.03.2018 by Ratiborus\Programs\AAct Network v1.0.3 Portable\AAct_Network_x64.exe
FirewallRules: [{F9B59FCD-9183-446F-9E1E-B59CDB0B4B47}] => (Allow) H:\downl\KMS Tools Portable 01.03.2018 by Ratiborus\Programs\AAct Network v1.0.3 Portable\AAct_Network_x64.exe
FirewallRules: [TCP Query User{30852B6F-63C1-401A-BA11-0F82677AA22A}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [UDP Query User{5B6DA61A-B7F0-4D91-8573-3FA3CCD888D8}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [{E6A41932-3170-491A-BB03-9D1771B28FD9}] => (Allow) D:\program ssd\steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{BF76BA50-FBEB-4D9A-83B9-F1570E3D5E4F}] => (Allow) D:\program ssd\steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{610105D0-D2FE-4189-8227-D546B55AE0F0}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B4B6100B-3FAE-4B93-8222-E69A02C0870D}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B9ACD608-8CF5-4D01-BBF0-D5112C4AC89D}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{264C0DDB-73A7-40E5-BBCC-0A9F1A5C3321}] => (Allow) D:\program ssd\steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{0646984C-B1A3-448E-9327-47335CF0276E}] => (Allow) D:\program ssd\steam\steamapps\common\VoiceAttack\VoiceAttack.exe
FirewallRules: [{F7EA334F-57BC-4380-A4E7-238C8F4CF1FB}] => (Allow) D:\program ssd\steam\steamapps\common\VoiceAttack\VoiceAttack.exe
FirewallRules: [{D2725FA7-0852-4BD0-A863-0C5DFFF53A89}] => (Allow) C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe
FirewallRules: [{C81BB244-7AD5-4DC7-B0DB-0E067CF29E70}] => (Allow) C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe
FirewallRules: [TCP Query User{5AC3FB79-5CF1-442E-BBCC-BA86A87A3D73}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [UDP Query User{0333C6D2-765B-4714-BCE3-865B7F8A8903}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe] => (Allow) C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe
FirewallRules: [{FA6AC580-0CB6-41B3-BD70-C70B5CF2B624}] => (Allow) C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe
FirewallRules: [{BFBEBE2F-886D-499E-A2F8-77722DC6E5AA}] => (Allow) C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe
FirewallRules: [{819DA689-3FE2-4CD0-AFA6-DCA25CF65519}] => (Allow) H:\SteamLibrary\steamapps\common\Everything\Everything.exe
FirewallRules: [{764E4D97-5C4A-4A46-B18A-AD96DB63A46D}] => (Allow) H:\SteamLibrary\steamapps\common\Everything\Everything.exe
FirewallRules: [{40C0507E-2F21-4C3F-907F-20C299E4A54C}] => (Allow) C:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{1BFAE37B-226A-4D89-8DDD-735CDDCA0573}] => (Allow) C:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{DE50F62A-943E-41C5-A669-7F482DD1330C}] => (Allow) H:\SteamLibrary\steamapps\common\RiME\SirenGame\Binaries\Win64\RiME.exe
FirewallRules: [{451AE1EE-1E1F-4E10-80BB-ADCB98730B4E}] => (Allow) H:\SteamLibrary\steamapps\common\RiME\SirenGame\Binaries\Win64\RiME.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2018 05:56:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: stinger32.exe, version: 12.1.0.2943, time stamp: 0x5be0050c
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000005
Fault offset: 0x00041fef
Faulting process ID: 0x2628
Faulting application start time: 0x01d4753e50fb8ebd
Faulting application path: D:\pp\PortableApps\McAfeeStingerPortable\App\Stinger\stinger32.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: fc2f5e30-e14d-11e8-82bc-645a045cd845
Faulting package full name:
Faulting package-relative application ID:

Error: (11/05/2018 01:22:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program thunderbird.exe version 52.9.1.6764 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1760

Start Time: 01d47534616a0930

Termination Time: 4294967295

Application Path: D:\program ssd\thunderbird\thunderbird.exe

Report Id: cd7cf8d9-e127-11e8-82bc-645a045cd845

Faulting package full name:

Faulting package-relative application ID:

Error: (11/04/2018 07:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Discord.exe version 0.0.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1490

Start Time: 01d4747edca9ea33

Termination Time: 4294967295

Application Path: C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe

Report Id: 184600a0-e096-11e8-82bc-645a045cd845

Faulting package full name:

Faulting package-relative application ID:

Error: (11/04/2018 04:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/04/2018 03:47:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/03/2018 07:02:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 4.75.72.34 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1318

Start Time: 01d473a2274d43ea

Termination Time: 4294967295

Application Path: D:\program ssd\steam\Steam.exe

Report Id: eebab6d6-dfc4-11e8-82bb-645a045cd845

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2018 06:58:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = H:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\directx_installer\DXSETUP.exe Global Offensive\directx_installer\DXSETUP.exe" /silent; Description = Installed DirectX; Error = 0x80070422).

Error: (11/03/2018 05:53:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program thunderbird.exe version 52.9.1.6764 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b3c

Start Time: 01d473c7f436f03e

Termination Time: 4294967295

Application Path: D:\program ssd\thunderbird\thunderbird.exe

Report Id: 49777633-dfbb-11e8-82bb-645a045cd845

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (11/05/2018 01:22:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/05/2018 01:22:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/05/2018 12:18:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2018 08:04:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/05/2018 08:04:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/05/2018 12:20:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 10:43:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a33\??\C:\Users\guillaume\ntuser.dat

Error: (11/04/2018 03:41:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 70%
Total physical RAM: 8102.89 MB
Available physical RAM: 2379.13 MB
Total Virtual: 10151.59 MB
Available Virtual: 3375.24 MB

==================== Drives ================================

Drive c: (TI31284600C) (Fixed) (Total:99.66 GB) (Free:3.5 GB) NTFS
Drive d: (a7SSD) (Fixed) (Total:111.66 GB) (Free:3.15 GB) NTFS
Drive h: (a7) (Fixed) (Total:698.51 GB) (Free:410.47 GB) NTFS

\\?\Volume{44817c29-a279-46ba-b34d-40445c5037f7}\ (System) (Fixed) (Total:1 GB) (Free:0.09 GB) NTFS
\\?\Volume{c0e2b534-2a26-4430-bfb3-445047472744}\ (Recovery) (Fixed) (Total:10.9 GB) (Free:1.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 999E2AE8)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0E1E0C3B)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

user75

TS Booster
RogueKiller Anti-Malware V13.0.7.0 (x64) [Nov 5 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Website : https://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : guillaume [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/06 09:20:41 (Duration : 00:22:02)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] wscript.exe -- %SystemRoot%\System32\wscript.exe -> Killed [Tree]
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{3D58DDEA-561E-45BA-AA6A-0AB04BCD9FAD} -- [%localappdata%\Turbo\18.10.1788.0\Turbo-Plugin-x64.dll] -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\simplitec -- -> Deleted
[VT.Detected (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|CStart8 -- [%programfiles(x86)%\CStart8\CStart8Tray64.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activate -- [%localappdata%\Temp\activate.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Run|Crypted -- [%localappdata%\Temp\Crypted.vbs] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Run|Crypted -- [%localappdata%\Temp\Crypted.vbs] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activate -- [%localappdata%\Temp\activate.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{043C0172-3012-4799-9392-60521CD4DCE2}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe -- [%localappdata%\Turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\uTorrent.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{075789B2-DEF7-4878-884C-1FFD7C82938B}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\utorrent.exe -- [%localappdata%\Turbo\containers\sandboxes\fdbccf5118ad4cbeb2f933187aadb2b5\local\stubexe\0xbed555eb4d5d0df7\uTorrent.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8679A816-1CA6-4717-B02C-D8574940D098}C:\users\guillaume\appdata\roaming\icq\bin\icq.exe -- [%_guillaume_appdata%\ICQ\bin\icq.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{80748F45-CF1C-48E7-B996-4385A359561D}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe -- [%localappdata%\Turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{93F9AD28-8AB1-43DD-86DF-99F1685FA8E8}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{36B07945-2D27-47B7-97E7-112D37EB26DC}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\3e12375d57654546995e57e165f1685a\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{33201461-5BAF-46DD-B663-3E3E993FCF9E}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe -- [%localappdata%\Turbo\containers\sandboxes\32e7d026ca604c0fbe79e72287d4c0e5\local\stubexe\0x097a8f3853b4e903\qbittorrent.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FEE524CD-DC4C-40B9-A104-7DAD92F2B792}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{955AF23F-35CD-45C6-AC36-3BB38A3BC6A1}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\87cb79383e6041f48d5d7fc9bdf85e3d\local\stubexe\0x7cf1c9dfffe5a508\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E0F7B3C5-E8FA-4595-A347-E49224AD336C}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AFFBC1E8-B6FE-4F4F-BA41-15001E03D2E7}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\448b593f59454d92aceea745010cb73d\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{30852B6F-63C1-401A-BA11-0F82677AA22A}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5B6DA61A-B7F0-4D91-8573-3FA3CCD888D8}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\9f7e91b4714c4a3794c8e16e565b6db3\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5AC3FB79-5CF1-442E-BBCC-BA86A87A3D73}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{0333C6D2-765B-4714-BCE3-865B7F8A8903}C:\users\guillaume\appdata\local\turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe -- [%localappdata%\Turbo\containers\sandboxes\ddf318f2c0fc4e6298eb2391d626d91a\local\stubexe\0x275df286440a4d92\chrome.exe] -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
[VT.Detected (Malicious)] Crypted.vbs -- %_guillaume_appdata%\Microsoft\Windows\Start Menu\Programs\Startup\Crypted.vbs -> Deleted
[VT.Detected (Malicious)] taskmngr.exe -- %_guillaume_appdata%\Microsoft\Windows\Start Menu\Programs\Startup\taskmngr.exe -> Deleted
[VT.Detected (Malicious)] smss.exe -- %_guillaume_appdata%\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe -> Deleted
[PUP.CryptoTab (Potentially Malicious)] CRYPTOCOMPANY -- %localappdata%\CRYPTOCOMPANY -> Deleted
[PUP.Gen1 (Potentially Malicious)] simplitec -- %programdata%\simplitec -> Deleted
[PUP.CryptoTab (Potentially Malicious)] CRYPTOCOMPANY -- %localappdata%\CRYPTOCOMPANY -> Removed at reboot [2]
 

user75

TS Booster
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 06/11/2018
Scan Time: 09:29
Log File: 6b31f670-e1d0-11e8-bd7e-645a045cd845.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.0
Update Package Version: 1.0.7719
Licence: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: TEST\guillaume

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 264994
Threats Detected: 13
Threats Quarantined: 0
Time Elapsed: 2 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AAct, No Action By User, [7823], [496582],1.0.7719
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3CBF3979-5061-4D78-9A3C-9CF49D935132}, No Action By User, [7823], [496582],1.0.7719
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3CBF3979-5061-4D78-9A3C-9CF49D935132}, No Action By User, [7823], [496582],1.0.7719

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
RiskWare.Agent.D, C:\Users\guillaume\AppData\Local\minergate-cli\log, No Action By User, [1165], [388104],1.0.7719
RiskWare.Agent.D, C:\USERS\GUILLAUME\APPDATA\LOCAL\MINERGATE-CLI, No Action By User, [1165], [388104],1.0.7719

File: 8
Trojan.Agent.VBS, C:\USERS\GUILLAUME\APPDATA\LOCAL\TEMP\CRYPTED.VBS, No Action By User, [2778], [229881],1.0.7719
RiskWare.Agent.E, C:\USERS\GUILLAUME\APPDATA\LOCAL\TEMP\MICROSOFT\MINERD.EXE, No Action By User, [3726], [451152],1.0.7719
RiskWare.Agent.D, C:\Users\guillaume\AppData\Local\minergate-cli\log\minergate.log, No Action By User, [1165], [388104],1.0.7719
RiskWare.WinActivator, C:\WINDOWS\SYSTEM32\TASKS\AAct, No Action By User, [7823], [496582],1.0.7719
RiskWare.WinActivator, C:\WINDOWS\AACT_TOOLS\AACT_X64.EXE, No Action By User, [7823], [496582],1.0.7719
Trojan.BitCoinMiner, C:\USERS\GUILLAUME\APPDATA\ROAMING\MICROSOFT\WINDOWS\TEMPLATES\MINER.EXE, No Action By User, [560], [501341],1.0.7719
Adware.FileTour, C:\USERS\GUILLAUME\DOWNLOADS\AWESOME_MINER_4_7_3.ZIP, No Action By User, [418], [546029],1.0.7719
Generic.Malware/Suspicious, C:\USERS\GUILLAUME\MUSIC\PUBG_AIMBOT_HACK.EXE, No Action By User, [0], [392686],1.0.7719

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

user75

TS Booster
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-06-2018
# Duration: 00:00:14
# OS: Windows 8.1
# Scanned: 32052
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy Honey

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Broni

Malware Annihilator
Your MBAM log says "No Action By User".
Re-run MBAM, fix all issues and post fresh log.
 

user75

TS Booster
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 07/11/2018
Scan Time: 17:44
Log File: 9faabc34-e2de-11e8-ac31-645a045cd845.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7741
Licence: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: TEST\guillaume

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1255242
Threats Detected: 73
Threats Quarantined: 73
Time Elapsed: 5 hr, 56 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AAct, Delete on Reboot, [7825], [496582],1.0.7741
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3CBF3979-5061-4D78-9A3C-9CF49D935132}, Delete on Reboot, [7825], [496582],1.0.7741
RiskWare.WinActivator, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3CBF3979-5061-4D78-9A3C-9CF49D935132}, Delete on Reboot, [7825], [496582],1.0.7741

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
RiskWare.Agent.D, C:\Users\guillaume\AppData\Local\minergate-cli\log, Delete on Reboot, [1168], [388104],1.0.7741
RiskWare.Agent.D, C:\Users\guillaume\AppData\Local\minergate-cli, Delete on Reboot, [1168], [388104],1.0.7741

File: 68
RiskWare.WinActivator, C:\WINDOWS\SYSTEM32\TASKS\AAct, Delete on Reboot, [7825], [496582],1.0.7741
RiskWare.WinActivator, C:\WINDOWS\AACT_TOOLS\AACT_X64.EXE, Delete on Reboot, [7825], [496582],1.0.7741
RiskWare.Agent.D, C:\Users\guillaume\AppData\Local\minergate-cli\log\minergate.log, Delete on Reboot, [1168], [388104],1.0.7741
RiskWare.BitCoinMiner, C:\USERS\GUILLAUME\APPDATA\LOCAL\TEMP\MICROSOFT\MINERD.EXE, Delete on Reboot, [678], [359206],1.0.7741
Trojan.Agent.VBS, C:\USERS\GUILLAUME\APPDATA\LOCAL\TEMP\CRYPTED.VBS, Delete on Reboot, [2781], [229881],1.0.7741
Trojan.BitCoinMiner, C:\USERS\GUILLAUME\APPDATA\ROAMING\MICROSOFT\WINDOWS\TEMPLATES\MINER.EXE, Delete on Reboot, [563], [501341],1.0.7741
Adware.FileTour, C:\USERS\GUILLAUME\DOWNLOADS\AWESOME_MINER_4_7_3.ZIP, Delete on Reboot, [421], [546029],1.0.7741
Generic.Malware/Suspicious, C:\USERS\GUILLAUME\MUSIC\PUBG_AIMBOT_HACK.EXE, Delete on Reboot, [0], [392686],1.0.7741
RiskWare.WinActivator, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\AACT V3.8.5 PORTABLE\AACT_X64.EXE, Delete on Reboot, [7825], [496582],1.0.7741
MachineLearning/Anomalous.100%, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\AACT NETWORK V1.0.3 PORTABLE\AACT_NETWORK.EXE, Delete on Reboot, [0], [392687],1.0.7741
RiskWare.HackTool.KMS, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\KMSCLEANER V1.8 PORTABLE\KMSCLEANER.EXE, Delete on Reboot, [13645], [488489],1.0.7741
HackTool.KMS, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\KMSAUTO NET 2016 V1.5.3 PORTABLE\KMSAUTO NET.EXE, Delete on Reboot, [8342], [538530],1.0.7741
MachineLearning/Anomalous.100%, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\AACT V3.8.5 PORTABLE\AACT.EXE, Delete on Reboot, [0], [392687],1.0.7741
MachineLearning/Anomalous.100%, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\MSACTBACKUP PORTABLE V1.2.3\MSACTBACKUP.EXE, Delete on Reboot, [0], [392687],1.0.7741
MachineLearning/Anomalous.100%, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\MSACT++ 2.04\MSACT++.EXE, Delete on Reboot, [0], [392687],1.0.7741
MachineLearning/Anomalous.100%, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\PIDKEY LITE V1.62.1 RU EN AND MORE\PIDKEY LITE.EXE, Delete on Reboot, [0], [392687],1.0.7741
HackTool.LOIC, H:\DOWNL\LOIC_2.9.9.99.ZIP, Delete on Reboot, [12405], [85895],1.0.7741
MachineLearning/Anomalous.100%, D:\DOWNLOADSSD\KMS\KMS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\PROGRAMS\MSACTBACKUP PORTABLE V1.2.3\MSACTBACKUP.EXE, Delete on Reboot, [0], [392687],1.0.7741
HackTool.KMS, D:\DOWNLOADSSD\KMS\KMS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\PROGRAMS\KMSAUTO NET 2016 V1.5.3 PORTABLE\KMSAUTO NET.EXE, Delete on Reboot, [8342], [538530],1.0.7741
MachineLearning/Anomalous.100%, D:\DOWNLOADSSD\KMS\KMS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\KMS TOOLS PORTABLE 16.11.2017 BY RATIBORUS\PROGRAMS\PIDKEY LITE V1.59 RU EN AND MORE\PIDKEY LITE.EXE, Delete on Reboot, [0], [392687],1.0.7741
RiskWare.BCMiner, D:\DOWNLOADSSD\MINERGATE-CLI-4.04-WIN64\MINERGATE-CLI-4.04-WIN64\MINERGATE-CLI.EXE, Delete on Reboot, [13963], [277571],1.0.7741
RiskWare.BitCoinMiner, D:\DOWNLOADSSD\MINERGATE-CLI-8.1-WIN64\MINERGATE-CLI-WIN64\MINERGATE-CLI.EXE, Delete on Reboot, [678], [508801],1.0.7741
Generic.Malware/Suspicious, D:\DOWNLOADSSD\2018\TARGETED EMAIL SCRAPER\TARGETED EMAIL SCRAPER\EMAIL SCRAPER.EXE, Delete on Reboot, [0], [392686],1.0.7741
RiskWare.BitCoinMiner, D:\DOWNLOADSSD\STARTERKIT2.RAR, Delete on Reboot, [678], [442221],1.0.7741
RiskWare.BitCoinMiner, D:\DOWNLOADSSD\MINERGATE-CLI-8.2-WIN64.ZIP, Delete on Reboot, [678], [516513],1.0.7741
PUP.Optional.FusionCore, D:\DOWNLOADSSD\FILEZILLA_3.34.0_WIN64-SETUP_BUNDLED.EXE, Delete on Reboot, [7830], [535044],1.0.7741
Generic.Malware/Suspicious, D:\DOWNLOADSSD\SETUPIMGBURN_2.5.8.0.EXE, Delete on Reboot, [0], [392686],1.0.7741
MachineLearning/Anomalous.94%, D:\DOWNLOADSSD\XMR BUILDER.RAR, Delete on Reboot, [0], [392687],1.0.7741
RiskWare.BitCoinMiner, D:\DOWNLOADSSD\WINDOWS_X64_NHEQMINER-5C.ZIP, Delete on Reboot, [678], [409945],1.0.7741
Trojan.Crypt.XMP, D:\GAMEDOWNLOAD\ACCOUNT GENERATOR\ACCOUNT GENERATOR.EXE, Delete on Reboot, [11720], [565706],1.0.7741
Trojan.Crypt.XMP, D:\GAMEDOWNLOAD\ACCOUNT GENERATOR.RAR, Delete on Reboot, [11720], [565706],1.0.7741
Trojan.PasswordStealer, D:\PROGRAM SSD\DROPBOX\DROPBOX\BITCOIN CRACKER (1).ZIP, Delete on Reboot, [3566], [569353],1.0.7741
Trojan.BitCoinMiner, D:\PROGRAM SSD\MEGA\MEGASYNC UPLOADS\US TEST 2.EXE, Delete on Reboot, [563], [499334],1.0.7741
RiskWare.BitCoinMiner, D:\PROGRAM SSD\MEGA\MINERGATE-CLI-8.2-WIN64\MINERGATE-CLI-WIN64\MINERGATE-CLI.EXE, Delete on Reboot, [678], [516513],1.0.7741
Generic.Malware/Suspicious, D:\PROGRAM SSD\MEGA\MEGASYNC UPLOADS\UDTOOLS OFFSET LOCATOR 2.0.ZIP, Delete on Reboot, [0], [392686],1.0.7741
Trojan.MalPack, D:\PROGRAM SSD\MEGA\MEGASYNC UPLOADS\RAMCOS_1.7. RAT.ZIP, Delete on Reboot, [4155], [549668],1.0.7741
Trojan.BitCoinMiner, D:\PROGRAM SSD\MEGA\LITE.EXE, Delete on Reboot, [563], [499334],1.0.7741
PUP.Optional.Ubot, D:\PROGRAM SSD\MEGA\ALL IN ONE TRAFFIC.EXE, Delete on Reboot, [9292], [319544],1.0.7741
MachineLearning/Anomalous.96%, D:\PROGRAM SSD\MEGA\BOTSTAGRAM.0MMO.NET.RAR, Delete on Reboot, [0], [392687],1.0.7741
CrackTool.Agent, D:\PROGRAM SSD\MEGA\AMTEMU.V0.9.2.WIN-PAINTER 2.ZIP, Delete on Reboot, [6164], [445980],1.0.7741
HackTool.SQLInjector, D:\PROGRAM SSD\MEGA\HAVIJ\HAVIJ PORTABLE.ZIP, Delete on Reboot, [12101], [505710],1.0.7741
Trojan.BitCoinMiner, D:\PROGRAM SSD\MEGA\AA.EXE, Delete on Reboot, [563], [499334],1.0.7741
RiskWare.BitCoinMiner, D:\PROGRAM SSD\MEGA\MINERGATE-CLI-8.2-WIN64.ZIP, Delete on Reboot, [678], [516513],1.0.7741
RiskWare.BCMiner, D:\PROGRAM SSD\MEGA\MINERGATE-CLI-4.04-WIN64.ZIP, Delete on Reboot, [13963], [277571],1.0.7741
Generic.Malware/Suspicious, D:\PROGRAM SSD\MEGA\UDTOOLS OFFSET LOCATOR 2.0.ZIP, Delete on Reboot, [0], [392686],1.0.7741
RiskWare.BitCoinMiner, D:\PROGRAM SSD\MEGA\MINERGATE-7.2-WIN64.EXE, Delete on Reboot, [678], [469762],1.0.7741
RiskWare.BitCoinMiner, D:\PROGRAM SSD\MEGA\STARTERKIT2.RAR, Delete on Reboot, [678], [442221],1.0.7741
Trojan.MalPack, D:\PROGRAM SSD\MEGA\RAMCOS_1.7. RAT.ZIP, Delete on Reboot, [4155], [549668],1.0.7741
RiskWare.BitCoinMiner, D:\PROGRAM SSD\MEGA\WINDOWS_X64_NHEQMINER-5C.ZIP, Delete on Reboot, [678], [409945],1.0.7741
MachineLearning/Anomalous.94%, D:\PROGRAM SSD\MEGA\XMR BUILDER.RAR, Delete on Reboot, [0], [392687],1.0.7741
HackTool.NJRat, D:\PROGRAM SSD\MEGA\NJRAT LIME EDITION 0.7.9 FULL VERSION.ZIP, Delete on Reboot, [12564], [473129],1.0.7741
Generic.Malware/Suspicious, D:\PROGRAM SSD\MEGA\NUMIX.RAR, Delete on Reboot, [0], [392686],1.0.7741
Trojan.Agent.MSIL, D:\PROGRAM SSD\MEGA\NANOCORE.ZIP, Delete on Reboot, [3650], [59060],1.0.7741
Trojan.BitCoinMiner, D:\PROGRAM SSD\MEGA\QWERTY123.EXE, Delete on Reboot, [563], [441417],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\TEST.EXE, Delete on Reboot, [563], [499334],1.0.7741
Backdoor.Quasar, D:\TEST0\MONERO_V7_SILENT_MINER\MONERO V7 SILENT MINER\MONERO V7 SILENT MINER.EXE, Delete on Reboot, [4065], [591309],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\AA.EXE, Delete on Reboot, [563], [499334],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\EURO TEST 2.EXE, Delete on Reboot, [563], [499334],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\EURO TEST.EXE, Delete on Reboot, [563], [501341],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\US TEST 2.EXE, Delete on Reboot, [563], [499334],1.0.7741
Trojan.BitCoinMiner, D:\TEST0\ASIA TEST 2.EXE, Delete on Reboot, [563], [501341],1.0.7741
Generic.Malware/Suspicious, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\OFFICE 2013-2016 C2R INSTALL V6.0.2\OINSTALL.EXE, Delete on Reboot, [0], [392686],1.0.7741
Generic.Malware/Suspicious, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\AACT NETWORK V1.0.3 PORTABLE\AACT_NETWORK_X64.EXE, Delete on Reboot, [0], [392686],1.0.7741
Generic.Malware/Suspicious, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\MSACT++ 2.04\MSACT++ X64.EXE, Delete on Reboot, [0], [392686],1.0.7741
Generic.Malware/Suspicious, H:\DOWNL\KMS TOOLS PORTABLE 01.03.2018 BY RATIBORUS\PROGRAMS\PIDKEY LITE V1.62.1 RU EN AND MORE\PIDKEY LITE X64.EXE, Delete on Reboot, [0], [392686],1.0.7741
Generic.Malware/Suspicious, H:\DOWNL\IBOMBER!DOWNLOAD.ZIP, Delete on Reboot, [0], [392686],1.0.7741
MachineLearning/Anomalous.94%, H:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RY2BJSM\XMR BUILDER - RELEASED BY FYR0Z.EXE, Delete on Reboot, [0], [392687],1.0.7741
Generic.Malware/Suspicious, H:\$RECYCLE.BIN\S-1-5-21-3805808772-3452688692-1920293510-1001\$RY2BJSM\STUB.EXE, Delete on Reboot, [0], [392686],1.0.7741

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.