1 réponse
quentin2121
Posted messages
9063
Registration date
Status
Membre
Last intervention
Ambassadeur
1 311
Hello,
Infected PC, or reduced internet speed? Please run some tests, thanks!
--
“Take your chance, hold on to your happiness and move towards your risk. By watching you, they will get used to it.” René Char
Infected PC, or reduced internet speed? Please run some tests, thanks!
--
“Take your chance, hold on to your happiness and move towards your risk. By watching you, they will get used to it.” René Char
https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Please post the various reports at the end of the scan.
Executed by 33689 (administrator) on LAPTOP-GH2ORFMJ (LENOVO 81FB) (08-09-2019 13:18:56)
Executed from C:\Users\33689\Desktop\Désinfection
Loaded profiles: 33689 (Available profiles: 33689)
Platform: Windows 10 Home Version 1903 18362.329 (X64) Language: French (France)
Default browser: Edge
Boot mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an item is included in the fixlist.txt file, the process will be stopped. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334381.inf_amd64_2a148884960c6992\B334199\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334381.inf_amd64_2a148884960c6992\B334199\atiesrxx.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\33689\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\33689\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\33689\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\33689\AppData\Roaming\Dropbox\bin\80.4.126\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\33689\AppData\Roaming\Dropbox\bin\80.4.126\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\33689\AppData\Roaming\Dropbox\bin\80.4.126\QtWebEngineProcess.exe
(F-Secure Corporation -> Darty Corporation) C:\Program Files (x86)\Darty\Darty Mot de Passe\fskey.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\fs_ols_ca.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fsulprothoster.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Pack Darty\Sécurité\fshoster32.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\33689\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1001.7.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Oodrive -> Oodrive) C:\Users\33689\AppData\Local\Pack Sérénité\Darty Cloud\bin\DartyCloud.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===========================
(If an item is included in the fixlist.txt file, the Registry item will be restored to the default value or deleted. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\Run: [Darty Cloud] => C:\Users\33689\AppData\Local\Pack Sérénité\Darty Cloud\bin\DartyCloud.exe [1138816 2018-07-24] (Oodrive -> Oodrive)
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\Run: [FSKeyAutoStart] => C:\Program Files (x86)\Darty\Darty Mot de Passe\fskey.exe [6952416 2018-07-04] (F-Secure Corporation -> Darty Corporation)
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\Run: [Dropbox Update] => C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-24] (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\33689\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-09-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\33689\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an item is included in the fixlist.txt file, it will be deleted from the Registry. The file will not be moved, unless it is listed separately.)
Task: {0946E8B0-B1FD-4071-B83C-A3DA7207661C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\38d988d5-8751-4512-be73-045ee647afc8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {0B9A91FA-B54D-4C23-8D67-0EF61CBADCE0} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\Pack Darty\Sécurité\fs_hotfix.exe [268744 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
Task: {185262EC-F741-4984-8F7C-338F4777F792} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3448136684-3648235207-1330842672-1001Core => C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-24] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2519D466-F5D0-4963-9CA4-EFE99EEAB87D} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {3936B722-A825-4761-AFFB-00383A01F80B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {4BC87B67-5E31-42B2-82DE-DB6B9B75072F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8a19b167-5030-43bb-9e8d-52af808839c5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {630E54FA-8EC5-446F-A8B1-F270D078D80B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1fb48fb1-ec86-4290-8a15-9efd8b5d9c50 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C4814EA3-FF90-4ED3-992E-E1906A011E7C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3448136684-3648235207-1330842672-1001UA => C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-24] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E435D330-9B92-46B0-AC9E-E6512426FF1E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {FD2FD48F-01F3-4F7C-8394-639C76D4AE10} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
(If an item is included in the fixlist.txt file, the task file (.job) will be moved. The file executed by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3448136684-3648235207-1330842672-1001Core.job => C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3448136684-3648235207-1330842672-1001UA.job => C:\Users\33689\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist.txt file, if it is a Registry item, it will be deleted or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23a55964-4729-4c50-b8c9-9520ecceb29d}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{50542f03-7c57-456d-b4bb-9828d7f6b0ec}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72153c10-48cf-4072-a110-ad24b5d0ffea}: [DhcpNameServer] 150.208.1.2
Internet Explorer:
==================
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\browser\install\fs_ie_https\fs_ie_https64.dll [2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\browser\install\fs_ie_https\fs_ie_https.dll [2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
Edge:
======
DownloadDir: C:\Users\33689\Downloads
FireFox:
========
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-09-04]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\browser\install\fs_firefox_https\fs_firefox_https.xpi
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an item is included in the fixlist.txt file, it will be deleted from the Registry. The file will not be moved, unless it is listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0334381.inf_amd64_2a148884960c6992\B334199\atiesrxx.exe [481256 2018-10-11] (Advanced Micro Devices, Inc. -> AMD)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602632 2018-08-26] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [306040 2018-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 fshoster; C:\Program Files (x86)\Pack Darty\Sécurité\fshoster32.exe [209864 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Pack Darty\Sécurité\fshoster32.exe [209864 2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
S2 fsulhoster; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fshoster64.exe [584776 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fshoster64.exe [584776 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fsorsp64.exe [101248 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fsulprothoster.exe [584776 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [678376 2018-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an item is included in the fixlist.txt file, it will be deleted from the Registry. The file will not be moved, unless it is listed separately.)
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [945240 2018-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [355584 2018-08-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDHDAudBusService; C:\WINDOWS\System32\drivers\amdhdaudbus.sys [75752 2018-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54232 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0334381.inf_amd64_2a148884960c6992\B334199\atikmdag.sys [40693736 2018-10-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0334381.inf_amd64_2a148884960c6992\B334199\atikmpag.sys [545256 2018-10-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111080 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173848 2018-07-13] (BayHub Technology Inc. -> BayHubTech/O2Micro )
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fsulgk.sys [289952 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\ulcore\1567597108\fshs.sys [102560 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [65872 2019-01-21] (F-Secure Corporation -> )
S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [15296 2019-05-09] (Microsoft Windows Early Launch Anti-malware Publisher -> F-Secure Corporation)
S3 fsni; C:\Program Files (x86)\Pack Darty\Sécurité\apps\Ultralight\nif\1567426121\fsni64.sys [111472 2019-09-04] (F-Secure Corporation -> F-Secure Corporation)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [766896 2018-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8432128 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be deleted from the Registry. The file will not be moved, unless it is listed separately.)
==================== One month (created) ========
(If an item is included in the fixlist.txt file, the file/folder will be moved.)
2019-09-08 13:18 - 2019-09-08 13:18 - 000000000 ____D C:\FRST
2019-09-08 13:17 - 2019-09-08 13:18 - 000000000 ____D C:\Users\33689\Desktop\Désinfection
2019-09-08 12:34 - 2019-09-08 12:34 - 000000000 ___HD C:\OneDriveTemp
2019-09-08 10:48 - 2019-09-08 10:48 - 000000000 ____D C:\Users\33689\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-09-04 15:02 - 2019-09-04 14:14 - 000000000 ____D C:\Windows.old
2019-09-04 15:00 - 2019-09-04 15:02 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-09-04 14:58 - 2019-09-04 15:00 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-09-04 14:58 - 2019-09-04 14:58 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-09-04 14:53 - 2019-09-04 14:53 - 025444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 019811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 018019328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 006236160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 004481024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-09-04 14:53 - 2019-09-04 14:53 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-09-04
Executed by 33689 (09-08-2019 13:20:37)
Executed from C:\Users\33689\Desktop\Disinfection
Windows 10 Home Version 1903 18362.329 (X64) (2019-09-04 12:14:57)
Boot mode: Normal
==========================================================
==================== Accounts: =============================
33689 (S-1-5-21-3448136684-3648235207-1330842672-1001 - Administrator - Enabled) => C:\Users\33689
Administrator (S-1-5-21-3448136684-3648235207-1330842672-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3448136684-3648235207-1330842672-503 - Limited - Disabled)
Guest (S-1-5-21-3448136684-3648235207-1330842672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3448136684-3648235207-1330842672-504 - Limited - Disabled)
==================== Security Center ========================
(If an item is included in the fixlist.txt file, it will be removed.)
AV: Darty Security by F-Secure (Disabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Darty Security by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}
==================== Installed Programs ======================
(Only advertising ('adware') software marked 'hidden' is likely to be added to the fixlist.txt file to be unmasked. Advertising programs must be uninstalled manually.)
Darty Cloud v3.1.1.0 (HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\{736FD45F-F62C-4389-B763-D7581F80980A}_is1) (Version: 3.1.1.0 - Darty)
Darty Password (HKLM-x32\...\{5728AAEE-D1B6-4C5A-9C2E-5DEC8FDA2562}) (Version: 4.9.59 - Darty Corporation)
Darty Password: User Data (HKLM-x32\...\{F6A4621C-F31F-42E2-BD11-632615967A56}) (Version: 1.1.0.0 - F-Secure Corporation)
Darty Security (HKLM-x32\...\{4DA7D88D-BAE1-4FC3-B268-B2E64E8334F1}) (Version: 17.6 - F-Secure Corporation)
Dofus (HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\2744A393-554C-4E35-A24F-DEF0392B4484-2) (Version: - Ankama)
Dropbox (HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\Dropbox) (Version: 80.4.126 - Dropbox, Inc.)
F-Secure Ultralight 1.1.24.0 (release) (HKLM-x32\...\{9FAE989F-A043-4017-B60F-9134E992BB55}) (Version: 1.1.24.0 - F-Secure Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1590.2.0_x86__kgqvnymyfvs32 [2019-09-04] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-04] (Microsoft Corporation) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-11] (Dolby Laboratories)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.249.0_x64__rz1tebttyb220 [2018-11-21] (Dolby Laboratories)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-01-22] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-21] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-22] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-23] (Apple Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-25] (LENOVO INC.)
Lenovo Utility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-04] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-01-27] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft News: must-see news -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-01] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-09-01] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-07-22] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-01-21] (Thumbmunkeys Ltd) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.136.0_x64__dt26b99r8h8gj [2019-01-21] (Realtek Semiconductor Corp)
==================== Custom CLSID (With whitelist): ==========================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless it is listed separately.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\33689\Dropbox [2019-01-24 20:45]
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3448136684-3648235207-1330842672-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 0ShareboxUpToDateOverlayIcon] -> {8167AF6A-AB2F-4ACA-940B-9FCB7700767E} => C:/Users/33689/AppData/Local/Pack Serenity/Darty Cloud/bin/Sharebox.ShellIntegration.DLL [2018-07-24] (Oodrive -> Oodrive)
ShellIconOverlayIdentifiers: [ 1ShareboxSyncOverlayIcon] -> {76344480-04C1-4D15-A0A5-578881CEF415} => C:/Users/33689/AppData/Local/Pack Serenity/Darty Cloud/bin/Sharebox.ShellIntegration.DLL [2018-07-24] (Oodrive -> Oodrive)
ShellIconOverlayIdentifiers: [ 2ShareboxErrorOverlayIcon] -> {3976090B-700F-433D-93B0-2D2BC93C0099} => C:/Users/33689/AppData/Local/Pack Serenity/Darty Cloud/bin/Sharebox.ShellIntegration.DLL [2018-07-24] (Oodrive -> Oodrive)
ShellIconOverlayIdentifiers: [ 4ShareboxIgnoredOverlayIcon] -> {78A2A1F2-1584-4334-A4A0-D6E398C5A5AB} => C:/Users/33689/AppData/Local/Pack Serenity/Darty Cloud/bin/Sharebox.ShellIntegration.DLL [2018-07-24] (Oodrive -> Oodrive)
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Pack Darty\Security\FsShellExtension64.dll [2019-03-25] (F-Secure Corporation -> F-Secure Corporation)
ContextMenuHandlers1_S-1-5-21-3448136684-3648235207-1330842672-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3448136684-3648235207-1330842672-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3448136684-3648235207-1330842672-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\33689\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
==================== Shortcuts & WMI ========================
(Items may be listed in the fixlist.txt file to be removed or restored.)
==================== Loaded Modules (With whitelist) ==============
2019-09-04 13:24 - 2019-05-28 15:06 - 001021440 _____ () [Unsigned file] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-03-15 21:08 - 2018-08-12 21:29 - 001255424 _____ (Robert Simpson, et al.) [Unsigned file] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
==================== Alternate Data Streams (With whitelist) =========
(If an item is included in the fixlist.txt file, only the alternate data stream (ADS) will be removed.)
AlternateDataStreams: C:\Users\33689\Desktop\Dropbox.lnk:com.dropbox.attributes [168]
==================== Safe Mode (With whitelist) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The "AlternateShell" will be restored.)
==================== Associations (With whitelist) ===============
(If an item is included in the fixlist.txt file, the Registry item will be restored to default or removed.)
==================== Internet Explorer trusted/sensitive sites ===============
(If an item is included in the fixlist.txt file, it will be removed from the Registry.)
==================== Hosts content: ===============================
(If needed, the Hosts: command can be included in the fixlist.txt file to reset the hosts file.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-09-04 13:25 - 2019-09-04 13:25 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other zones ============================
(Currently, there is no automatic fix for this section.)
HKU\S-1-5-21-3448136684-3648235207-1330842672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\33689\Pictures\louise-labe.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
The firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an item is included in the fixlist.txt file, it will be removed.
==================== FirewallRules (With whitelist) ===============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless listed separately.)
FirewallRules: [{58BC0EC7-3A3D-4AF6-B143-298A610C879D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{497EFA09-BBA0-4B48-BC0A-35CA1DA09D16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD4FE9DD-DCD2-4348-AF72-871FB3DB146C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0ED530D6-81E4-481B-8993-096279E656AD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D3DD13F-5BCF-4B8A-9B9D-F9462184A542}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B234611A-BE05-442D-8305-EADF2DBC5FA0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93C79BAE-DB44-4FE1-8D5A-115D3128306F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4A82BBEF-F4DF-409B-95F0-16C1A6E8F505}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA3FCB54-B4C0-4434-9289-259F2BA29101}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A83BD57-8175-4472-AA27-5AC1244F8CF4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No file
FirewallRules: [{FEFE160C-E0D9-46EB-A9ED-3A2B895E7083}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No file
FirewallRules: [{03645AA4-B743-4FFF-9770-09DA93DBD95E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
==================== System Restore Points =========================
WARNING: System Restore is disabled (Total:118 GB) (Free:54.32 GB) (46%)
==================== Device Manager Errors =============
==================== Event log errors: =========================
Application Errors:
==================
Error: (09/08/2019 12:38:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Failed to initialize SCEP certificate enrollment for WORKGROUP\LAPTOP-GH2ORFMJ$ via https://AMD-KeyId-6eca8c8ddd7bfeee8e8ddf5fb4d1ad346c96519f.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-6eca8c8ddd7bfeee8e8ddf5fb4d1ad346c96519f.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Date: Sun, 08 Sep 2019 10:38:21 GMT
Pragma: no-cache
Content-Length: 121
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 0999fcc2-ddb1-4fc3-be77-9fa989ebcfe0
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: GET(1406ms)
Step: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/08/2019 10:38:20 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Failed to initialize SCEP certificate enrollment for WORKGROUP\LAPTOP-GH2ORFMJ$ via https://AMD-KeyId-6eca8c8ddd7bfeee8e8ddf5fb4d1ad346c96519f.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Method: GET(15ms)
Step: GetCACaps
The address or server name could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (09/04/2019 02:14:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Failed to initialize SCEP certificate enrollment for WORKGROUP\LAPTOP-GH2ORFMJ$ via https://AMD-KeyId-6eca8c8ddd7bfeee8e8ddf5fb4d1ad346c96519f.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
GetCACaps: Not Found
{"Message":"The authority "amd-keyid-6eca8c8ddd7bfeee8e8ddf5fb4d1ad346c96519f.microsoftaik.azure.net" does not exist."}
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Date: Wed, 04 Sep 2019 12:14:56 GMT
Pragma: no-cache
Content-Length: 121
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: e168ec59-25b8-456e-8792-32520d33e9be
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: GET(2265ms)
Step: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/04/2019 02:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name of the failing application dwm.exe, version: 10.0.18362.329, timestamp: 0xd71652ca
Name of the failing module: ntdll.dll, version: 10.0.18362.329, timestamp: 0x5c516d44
Exception code: 0xc000000d
Error offset: 0x000000000010f220
ID of the failing process: 0x44c
Time of the failing application start: 0x01d56318a52c17a2
Path of the failing application: C:\WINDOWS\system32\dwm.exe
Path of the failing module: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: f7d610c1-83e5-43f5-889e-367221cd844f
Name of the failing package:
ID of the application relative to the failing package: