Addition.txt

Document joint : HAvsfz728Kc_Addition.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by sylvania (21-01-2018 12:54:57)
Running from C:\Users\sylvania\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-29 20:52:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2400762992-834235184-972392584-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2400762992-834235184-972392584-503 - Limited - Disabled)
Guest (S-1-5-21-2400762992-834235184-972392584-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2400762992-834235184-972392584-1003 - Limited - Enabled)
sylvania (S-1-5-21-2400762992-834235184-972392584-1001 - Administrator - Enabled) => C:\Users\sylvania
WDAGUtilityAccount (S-1-5-21-2400762992-834235184-972392584-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Reader XI (11.0.23) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Main Services (HKLM-x32\...\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}) (Version: 1.2.9 - System Native) Hidden <==== ATTENTION
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Spotify (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version: - Microsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/29/2016 16.40.0.0000) (HKLM\...\8A3FB89402FAD77EBB8F2812861E1F298156098C) (Version: 08/29/2016 16.40.0.0000 - AMD)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel (ICCWDT) System (03/13/2016 11.0.0.1010) (HKLM\...\262F224EEDD1DB9B9F2CC1808546760F1633498C) (Version: 03/13/2016 11.0.0.1010 - Intel)
Windows Driver Package - Intel (MEIx64) System (09/15/2016 11.6.0.1032) (HKLM\...\E206CA2BD4638C0CFF7D6D2C71F67F757D5FBCE2) (Version: 09/15/2016 11.6.0.1032 - Intel)
Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\12B3AEBAC72FCBF7760C5BE0C978D67FCCF66C3A) (Version: 10/03/2016 10.1.1.38 - INTEL)
Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\97077B7F26CCDFC1BC77C772D0AE8623934004EB) (Version: 10/03/2016 10.1.1.38 - INTEL)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (07/14/2016 6.2.84.276) (HKLM\...\4793ED4F0CFB9806CAB4A59B5B74C1F5AADEDF1A) (Version: 07/14/2016 6.2.84.276 - IVT Corporation)
Windows Driver Package - LG Electronics Inc. (Serial) Ports (03/05/2015 6.3.9600.4) (HKLM\...\23D08292B2639E56E3531B935E22B475F6700AAA) (Version: 03/05/2015 6.3.9600.4 - LG Electronics Inc.)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/11/2016 10.0.0.345) (HKLM\...\4082E5FB23D5C8B55E96800A42966C93C3ED3D94) (Version: 08/11/2016 10.0.0.345 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Realtek (rt640x64) Net (10/07/2016 10.012.1007.2016) (HKLM\...\307C1523E32D7B4E2A9F1BC356413497659E6906) (Version: 10/07/2016 10.012.1007.2016 - Realtek)
Windows Driver Package - Realtek Semiconduct Corp. (RSPCIESTOR) MTD (11/05/2015 10.0.10240.28159) (HKLM\...\6870E744E53EC74395FFE6CAA6114157F9450CEC) (Version: 11/05/2015 10.0.10240.28159 - Realtek Semiconduct Corp.)
Windows Driver Package - Render (rdacpi) HIDClass (07/12/2016 15.58.20.163) (HKLM\...\8BE61485D5A6FEB86C5ED05D99B4964F68536448) (Version: 07/12/2016 15.58.20.163 - Render)
Windows Driver Package - Teclast Firmware (04/07/2016 10.0.10240.303) (HKLM\...\BB3851F92871768FAB22254B67079ABA44D42801) (Version: 04/07/2016 10.0.10240.303 - Teclast)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-29] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015FB16F-C445-420C-95F7-95D08DA02A30} - System32\Tasks\MAndnoid => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MAndnoid\MAndnoid.dll",KagZyluac <==== ATTENTION
Task: {072FCC2B-D313-44EE-B379-74168ADCF076} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RC => C:\Users\sylvania\AppData\Roaming\240e403a56ce48ff959050de1779ae41\chipset.exe exec hide CCHRXSFIFC.cmd <==== ATTENTION
Task: {0A022759-4106-46EC-97B4-5D69522805C9} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2400762992-834235184-972392584-1001 => C:\Users\sylvania\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-19] (Mega Limited)
Task: {0DC37176-4D2F-4067-8D32-A23A1030A768} - System32\Tasks\k41492113 => C:\Program Files (x86)\prancer\prancer.exe
Task: {1A5217E1-C498-461F-A06C-67CC443AC9A8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\sylvania\AppData\Roaming\46fdfd7893ed431e9266132606b9faed\chipset.exe exec hide OUOHPHRXPB.cmd <==== ATTENTION
Task: {3509B144-F3FC-47A6-B99D-3A7A8372646D} - System32\Tasks\Unreal Tournament System => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Unreal Tournament System\Unreal Tournament System.dll",DuMAuBY <==== ATTENTION
Task: {35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225\chipset.exe exec hide NSMPNQGYAN.cmd <==== ATTENTION
Task: {3EC0033B-3370-4733-84EB-10C3D464B24D} - System32\Tasks\88418848 => C:\Users\sylvania\AppData\Local\hawaiian.exe <==== ATTENTION
Task: {5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} - System32\Tasks\MicrosoftUpd => C:\ProgramData\MicrosoftUpd.exe <==== ATTENTION
Task: {62986C60-682D-47A7-A3F2-6336A0A7AB7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {68CF6E51-74BE-43CE-9238-85E11C41F4BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {68D47E07-5B30-4370-AD36-9F066B16B564} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION
Task: {7088B7C3-248B-4C76-914E-AB9189D0DE98} - System32\Tasks\23421212342121 => C:\Program Files (x86)\volpi\correlations.exe <==== ATTENTION
Task: {7F9D066E-48E2-4862-8FBF-574045C8EFD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {8BB084E7-85D8-4507-8DF4-F3F20D469DC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {8E5EC416-0C21-4461-8421-B0F4358DE3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {8F437DF9-F650-4F8C-81B1-01B33EEEBC37} - System32\Tasks\8841884888418848 => C:\Users\sylvania\AppData\Local\correlations.exe <==== ATTENTION
Task: {93280F81-3705-4A55-A07B-D336A1D8F511} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {96AB4E49-0CE9-44A5-9C24-1AAA847DC502} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION
Task: {A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} - System32\Tasks\2342121 => C:\Program Files (x86)\Prune\hawaiian.exe <==== ATTENTION
Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B94D0EA6-32CC-4439-A59A-83BC922EA69F} - System32\Tasks\4149211341492113 => C:\Program Files (x86)\Peh\correlations.exe <==== ATTENTION
Task: {BA1ED955-A2B0-41B6-8E93-75F6398430F1} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATTENTION
Task: {BAAECB41-A9EC-4047-9C22-CD622CF36588} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C49FE0E1-70A6-47B0-A5A9-D8DEE2C5DA95} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-29] (Realtek Semiconductor)
Task: {C70A1192-21DA-4F4A-8558-E0B01ECE7D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {D4F6157E-D830-44F8-B496-5A21B41C7435} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {DB5BCFD7-3048-404A-874A-7D2691407738} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AN => C:\Users\sylvania\AppData\Roaming\37c695d4924440dcbd07c800b3d8eab3\chipset.exe exec hide QKASIHBDFV.cmd <==== ATTENTION
Task: {E1C71B97-2836-4369-BB76-8DD9B72F755F} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe <==== ATTENTION
Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F5EF4418-8A45-4FA9-9ABF-3E402704BD02} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HT => C:\Users\sylvania\AppData\Roaming\3a8c3ef3fd414bff8a3e5a34158aceae\chipset.exe exec hide AHCWRJOCHC.cmd <==== ATTENTION
Task: {F753E39E-3850-40B4-8EBA-D39731575138} - System32\Tasks\41492113 => C:\Program Files (x86)\Peh\hawaiian.exe <==== ATTENTION
Task: {FC9165A1-9AFD-4386-ACD2-80B6F4924291} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\sylvania\Desktop\HPC07DC0 (HP ENVY 7640 series) - Shortcut.lnk -> hxxp://192.168.223.

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-19 22:12 - 2015-06-01 14:11 - 002447872 _____ () C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll
2017-12-23 16:55 - 2016-03-09 16:18 - 000025088 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniSys.dll
2017-12-23 16:55 - 2016-03-09 16:18 - 002513920 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_proxy.dll
2017-12-23 16:55 - 2016-03-09 16:18 - 002436096 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_stub.dll
2016-11-01 23:05 - 2017-12-29 16:23 - 000385064 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll
2017-12-30 16:01 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-30 16:00 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-23 16:55 - 2016-03-09 16:18 - 000049664 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniIO.dll
2018-01-08 21:15 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 21:15 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-08 10:22 - 2017-12-08 10:22 - 000102088 _____ () C:\Users\sylvania\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2016-12-24 12:52 - 2018-01-17 15:15 - 068214160 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libcef.dll
2016-12-24 12:52 - 2018-01-17 15:15 - 003112848 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libglesv2.dll
2016-12-24 12:52 - 2018-01-17 15:15 - 000089488 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libegl.dll
2017-09-10 15:51 - 2017-09-10 15:51 - 000798208 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\libsodium.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-21 20:42 - 2018-01-16 10:30 - 000038371 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com

There are 1055 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2400762992-834235184-972392584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sylvania\Pictures\fotos cell syl\CAM01711 - Copy.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => ".ggmappltlpggm.vbs"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "ggmUEU1TWs"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "maverickssamia"
HKLM\...\StartupApproved\Run: => "mavericksmavericks"
HKLM\...\StartupApproved\Run: => "mavericks"
HKLM\...\StartupApproved\Run: => "KICTHEN"
HKLM\...\StartupApproved\Run32: => "hanfordhagan"
HKLM\...\StartupApproved\Run32: => "hanfordhanford"
HKLM\...\StartupApproved\Run32: => "hanford"
HKLM\...\StartupApproved\Run32: => "SpywareTerminatorUpdater"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wantingwanting.lnk"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wanting.lnk"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "1ezVUuyAC.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "2qAwaduHQc.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "A2SOzXsXASHIih.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "BDVSGFEEIN.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "c3NJhEdNA.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "CCHRXSFIFC.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "FrostyCherry"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "dolsaw"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "countenanced"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "LxmtWX1cwxxn.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "QKASIHBDFV.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "qygYsJujJArPui.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "sfoNwY4W.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "tyBPdA2maz.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "vibrators"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B2B90136-512B-4E56-85FD-FF2EBD02AB76}] => (Allow) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
FirewallRules: [TCP Query User{934C87D7-ADAA-4815-9EE4-FDE5A1E6348A}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{52F64507-B5D9-465F-B4C2-E1FB5E09DE96}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{181F6794-D2A1-4217-9519-D624A15F8E2A}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe
FirewallRules: [UDP Query User{19372658-74E9-4ED9-B43C-82399E792318}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe
FirewallRules: [TCP Query User{AE7AFA1E-6405-4BB7-93A4-45F1E0445A08}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A0A153EE-54A3-4249-A81C-D082B39C8AEA}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C6D029D4-AA20-4075-A4A7-7D9B1759BAB3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3D5B859C-7B85-4C14-9BAB-64A9BA4A0CA5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{3B367B0E-446B-4465-AEB5-CA874FB401B3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B1C92FA6-D2C1-4DF9-A6F1-DC8C26F28E0E}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Teclast System Firmware 303
Description: Teclast System Firmware 303
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Teclast
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2018 12:52:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 63.0.3239.132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 37c

Start Time: 01d392dee311d922

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 4b9e16a8-8d68-4025-b95f-eb9a816c69ce

Faulting package full name:

Faulting package-relative application ID:

Error: (01/21/2018 12:26:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.5.1.44332 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3030

Start Time: 01d392dcd60e2dfb

Termination Time: 4294967295

Application Path: C:\Users\sylvania\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: c9dd7a3c-ac69-4c5c-bd79-34c7c6f62144

Faulting package full name:

Faulting package-relative application ID:

Error: (01/21/2018 12:25:13 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/21/2018 12:13:39 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/20/2018 10:22:51 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (01/20/2018 05:55:45 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (01/20/2018 12:49:49 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/20/2018 12:01:48 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/20/2018 01:22:14 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/19/2018 10:11:26 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

System errors:
=============
Error: (01/21/2018 12:40:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 12:40:12 PM) (Source: DCOM) (EventID: 10016) (User: KICTHEN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user kicthen\sylvania SID (S-1-5-21-2400762992-834235184-972392584-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 12:35:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 12:27:04 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/21/2018 12:26:46 PM) (Source: DCOM) (EventID: 10016) (User: KICTHEN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user kicthen\sylvania SID (S-1-5-21-2400762992-834235184-972392584-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2018-01-15 17:29:23.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 16:19:58.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 16:19:58.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 14:23:21.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 14:23:20.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:29:05.085
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:24:16.277
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:18:03.919
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:18:03.546
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 12:28:05.553
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 8109.69 MB
Available physical RAM: 3694.88 MB
Total Virtual: 16301.69 MB
Available Virtual: 10598.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:860 GB) (Free:529.29 GB) NTFS
Drive k: (Backup) (Fixed) (Total:59.37 GB) (Free:13.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0819675)

Partition: GPT.

==================== End of Addition.txt ============================

Signaler le contenu de ce document