Publicité
Publicité
Commentaire : FRST
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Megaport (administrator) on DESKTOP-TU8NRI0 (15-05-2018 20:24:51)
Running from C:\Users\Megaport\Desktop
Loaded Profiles: Megaport (Available Profiles: Megaport)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: Anglais (Royaume-Uni)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Megaport GmbH) C:\Program Files\Megaport\Megaport Languagetool Service.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.24.11294.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\9eaee87abab23b313c5b7697b9a103ad\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{294d3229-7677-4941-97f9-74b04bdcdb0f}: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{2a08ef6c-d79a-4450-b315-36fa730962c7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{c705a682-306a-44a3-94c6-0c7aaebaae9d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e0efccdb-3940-4cbe-a3be-ec16ad254bc7}: [DhcpNameServer] 89.2.0.1 89.2.0.2
Internet Explorer:
==================
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https64.dll [2018-03-12] (F-Secure Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https.dll [2018-03-12] (F-Secure Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3446404936-4264823063-2574871056-1001 -> about:start
FireFox:
========
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-03-12]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default [2018-05-15]
CHR Extension: (Slides) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Docs) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (YouTube) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06]
CHR Extension: (Sheets) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Google Docs hors connexion) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-11]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-03-06]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 fshoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe [572896 2018-05-13] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe [78304 2018-05-13] (F-Secure Corporation)
R2 Megaport Languagetool; C:\Program Files\Megaport\Megaport Languagetool Service.exe [532480 2018-01-25] (Megaport GmbH) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsulgk.sys [239952 2018-05-13] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshs.sys [102216 2018-05-13] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [73928 2018-03-03] ()
R3 fsni; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\fsni64.sys [117576 2018-03-12] (F-Secure Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5707264 2017-09-29] (Realtek Semiconductor Corporation )
S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 20:24 - 2018-05-15 20:25 - 000013090 _____ C:\Users\Megaport\Desktop\FRST.txt
2018-05-15 20:24 - 2018-05-15 20:24 - 002404864 _____ (Farbar) C:\Users\Megaport\Desktop\FRST64.exe
2018-05-15 19:22 - 2018-05-15 19:22 - 000093305 _____ C:\Users\Megaport\Desktop\ZHPDiag.txt
2018-05-15 19:20 - 2018-05-15 19:22 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\ZHP
2018-05-15 19:20 - 2018-05-15 19:20 - 000000868 _____ C:\Users\Megaport\Desktop\ZHPDiag.lnk
2018-05-15 19:20 - 2018-05-15 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\ZHP
2018-05-15 19:19 - 2018-05-15 19:19 - 003099008 _____ C:\Users\Megaport\Downloads\ZHPDiag3.exe
2018-05-15 19:00 - 2018-05-15 19:00 - 000000000 ____D C:\ProgramData\TEMP
2018-05-15 18:59 - 2018-05-15 18:59 - 000000000 ____D C:\Users\Megaport\Documents\Simply Super Software
2018-05-15 18:18 - 2018-05-15 18:19 - 000000000 ____D C:\MARMITON
2018-05-15 18:04 - 2018-05-15 18:04 - 000000000 ____D C:\AdwCleaner
2018-05-15 17:53 - 2018-05-15 20:24 - 000000000 ____D C:\FRST
2018-05-14 19:26 - 2018-05-15 20:01 - 000000000 ____D C:\Users\Megaport\Desktop\POUR LES AUTRES
2018-05-13 20:36 - 2018-05-13 20:36 - 000003592 _____ C:\Windows\System32\Tasks\Skype
2018-04-27 20:26 - 2018-04-27 20:48 - 000000000 ____D C:\Users\Megaport\Desktop\Pour moi boulot
2018-04-27 19:26 - 2018-04-27 20:31 - 000000000 ____D C:\Users\Megaport\Desktop\Mp3 France
2018-04-21 12:55 - 2018-04-21 12:56 - 000000000 ____D C:\Users\Megaport\Desktop\Pour mes séries
2018-04-18 21:05 - 2018-04-18 21:07 - 000000000 ____D C:\Users\Megaport\AppData\Local\MSfree Inc
2018-04-18 20:48 - 2018-04-18 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\PCHEALTH
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-04-18 20:46 - 2018-04-18 20:49 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-18 20:46 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\SHELLNEW
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 __RHD C:\MSOCache
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Users\Megaport\AppData\Local\Microsoft Help
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_4
2018-04-17 19:33 - 2018-04-17 19:33 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus-4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 20:19 - 2018-04-12 19:16 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-15 20:16 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-15 20:13 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\Panther
2018-05-15 18:55 - 2018-01-26 11:35 - 000954122 _____ C:\Windows\system32\perfh013.dat
2018-05-15 18:55 - 2018-01-26 11:35 - 000269890 _____ C:\Windows\system32\perfc013.dat
2018-05-15 18:55 - 2018-01-26 11:32 - 000930026 _____ C:\Windows\system32\perfh010.dat
2018-05-15 18:55 - 2018-01-26 11:32 - 000261372 _____ C:\Windows\system32\perfc010.dat
2018-05-15 18:55 - 2018-01-26 11:30 - 001084464 _____ C:\Windows\system32\perfh00C.dat
2018-05-15 18:55 - 2018-01-26 11:30 - 000272350 _____ C:\Windows\system32\perfc00C.dat
2018-05-15 18:55 - 2018-01-26 11:28 - 000959592 _____ C:\Windows\system32\perfh007.dat
2018-05-15 18:55 - 2018-01-26 11:28 - 000268040 _____ C:\Windows\system32\perfc007.dat
2018-05-15 18:55 - 2018-01-26 11:24 - 005798814 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-15 18:51 - 2018-01-26 11:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 18:51 - 2018-01-26 10:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-15 18:50 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-05-15 18:14 - 2018-01-26 10:51 - 000000000 ____D C:\Windows\system32\MRT
2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-15 18:12 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp
2018-05-15 17:23 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-15 05:56 - 2018-03-03 17:44 - 000000000 ____D C:\Users\Megaport\AppData\Local\PlaceholderTileLogoFolder
2018-05-15 05:56 - 2018-01-26 11:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\Packages
2018-05-13 19:17 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-05-03 19:50 - 2018-03-18 21:06 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_1
2018-05-03 19:46 - 2018-03-18 21:06 - 000000117 _____ C:\Users\Megaport\AppData\Roaming\D2Info0
2018-05-03 19:46 - 2018-03-18 20:28 - 000224439 _____ C:\Users\Megaport\AppData\Localtransition_c68e0c0086a6c99d1c3b40d2464e5fe3.ini
2018-05-02 05:35 - 2018-01-26 11:22 - 000002420 _____ C:\Users\Megaport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-02 05:35 - 2018-01-26 11:22 - 000000000 ___RD C:\Users\Megaport\OneDrive
2018-05-02 05:35 - 2018-01-26 10:57 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3446404936-4264823063-2574871056-1001
2018-05-01 23:25 - 2018-03-06 07:31 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:25 - 2018-03-06 07:31 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 09:54 - 2018-04-07 19:39 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_3
2018-05-01 09:36 - 2018-03-23 17:45 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_2
2018-04-30 21:00 - 2018-01-26 11:18 - 000392848 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-30 16:45 - 2018-03-18 21:06 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus
2018-04-29 20:03 - 2018-03-03 18:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-28 18:43 - 2018-04-06 22:47 - 000000000 ____D C:\Users\Megaport\Desktop\fm2018
2018-04-28 07:11 - 2018-03-06 07:22 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 20:59 - 2018-03-03 18:53 - 000000000 ____D C:\Users\Megaport\Desktop\Pour autre DD
2018-04-26 23:04 - 2018-03-03 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\JDownloader v2.0
2018-04-21 20:09 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-04-18 21:08 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF
2018-04-18 20:56 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini
2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-18 20:47 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system
==================== Files in the root of some directories =======
2018-03-18 21:06 - 2018-05-03 19:46 - 000000117 _____ () C:\Users\Megaport\AppData\Roaming\D2Info0
2018-03-18 21:06 - 2018-05-03 19:50 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_1
2018-03-23 17:45 - 2018-05-01 09:36 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_2
2018-04-07 19:39 - 2018-05-01 09:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_3
2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_4
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-14 19:00
==================== End of FRST.txt ============================
Ran by Megaport (administrator) on DESKTOP-TU8NRI0 (15-05-2018 20:24:51)
Running from C:\Users\Megaport\Desktop
Loaded Profiles: Megaport (Available Profiles: Megaport)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: Anglais (Royaume-Uni)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Megaport GmbH) C:\Program Files\Megaport\Megaport Languagetool Service.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe
(F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.24.11294.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\9eaee87abab23b313c5b7697b9a103ad\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{294d3229-7677-4941-97f9-74b04bdcdb0f}: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{2a08ef6c-d79a-4450-b315-36fa730962c7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{c705a682-306a-44a3-94c6-0c7aaebaae9d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e0efccdb-3940-4cbe-a3be-ec16ad254bc7}: [DhcpNameServer] 89.2.0.1 89.2.0.2
Internet Explorer:
==================
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https64.dll [2018-03-12] (F-Secure Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https.dll [2018-03-12] (F-Secure Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3446404936-4264823063-2574871056-1001 -> about:start
FireFox:
========
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-03-12]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default [2018-05-15]
CHR Extension: (Slides) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Docs) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (YouTube) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06]
CHR Extension: (Sheets) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Google Docs hors connexion) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-11]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-03-06]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 fshoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe [572896 2018-05-13] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe [78304 2018-05-13] (F-Secure Corporation)
R2 Megaport Languagetool; C:\Program Files\Megaport\Megaport Languagetool Service.exe [532480 2018-01-25] (Megaport GmbH) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsulgk.sys [239952 2018-05-13] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshs.sys [102216 2018-05-13] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [73928 2018-03-03] ()
R3 fsni; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\fsni64.sys [117576 2018-03-12] (F-Secure Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5707264 2017-09-29] (Realtek Semiconductor Corporation )
S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 20:24 - 2018-05-15 20:25 - 000013090 _____ C:\Users\Megaport\Desktop\FRST.txt
2018-05-15 20:24 - 2018-05-15 20:24 - 002404864 _____ (Farbar) C:\Users\Megaport\Desktop\FRST64.exe
2018-05-15 19:22 - 2018-05-15 19:22 - 000093305 _____ C:\Users\Megaport\Desktop\ZHPDiag.txt
2018-05-15 19:20 - 2018-05-15 19:22 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\ZHP
2018-05-15 19:20 - 2018-05-15 19:20 - 000000868 _____ C:\Users\Megaport\Desktop\ZHPDiag.lnk
2018-05-15 19:20 - 2018-05-15 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\ZHP
2018-05-15 19:19 - 2018-05-15 19:19 - 003099008 _____ C:\Users\Megaport\Downloads\ZHPDiag3.exe
2018-05-15 19:00 - 2018-05-15 19:00 - 000000000 ____D C:\ProgramData\TEMP
2018-05-15 18:59 - 2018-05-15 18:59 - 000000000 ____D C:\Users\Megaport\Documents\Simply Super Software
2018-05-15 18:18 - 2018-05-15 18:19 - 000000000 ____D C:\MARMITON
2018-05-15 18:04 - 2018-05-15 18:04 - 000000000 ____D C:\AdwCleaner
2018-05-15 17:53 - 2018-05-15 20:24 - 000000000 ____D C:\FRST
2018-05-14 19:26 - 2018-05-15 20:01 - 000000000 ____D C:\Users\Megaport\Desktop\POUR LES AUTRES
2018-05-13 20:36 - 2018-05-13 20:36 - 000003592 _____ C:\Windows\System32\Tasks\Skype
2018-04-27 20:26 - 2018-04-27 20:48 - 000000000 ____D C:\Users\Megaport\Desktop\Pour moi boulot
2018-04-27 19:26 - 2018-04-27 20:31 - 000000000 ____D C:\Users\Megaport\Desktop\Mp3 France
2018-04-21 12:55 - 2018-04-21 12:56 - 000000000 ____D C:\Users\Megaport\Desktop\Pour mes séries
2018-04-18 21:05 - 2018-04-18 21:07 - 000000000 ____D C:\Users\Megaport\AppData\Local\MSfree Inc
2018-04-18 20:48 - 2018-04-18 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\PCHEALTH
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-04-18 20:46 - 2018-04-18 20:49 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-18 20:46 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\SHELLNEW
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 __RHD C:\MSOCache
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Users\Megaport\AppData\Local\Microsoft Help
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_4
2018-04-17 19:33 - 2018-04-17 19:33 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus-4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 20:19 - 2018-04-12 19:16 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-15 20:16 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-15 20:13 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\Panther
2018-05-15 18:55 - 2018-01-26 11:35 - 000954122 _____ C:\Windows\system32\perfh013.dat
2018-05-15 18:55 - 2018-01-26 11:35 - 000269890 _____ C:\Windows\system32\perfc013.dat
2018-05-15 18:55 - 2018-01-26 11:32 - 000930026 _____ C:\Windows\system32\perfh010.dat
2018-05-15 18:55 - 2018-01-26 11:32 - 000261372 _____ C:\Windows\system32\perfc010.dat
2018-05-15 18:55 - 2018-01-26 11:30 - 001084464 _____ C:\Windows\system32\perfh00C.dat
2018-05-15 18:55 - 2018-01-26 11:30 - 000272350 _____ C:\Windows\system32\perfc00C.dat
2018-05-15 18:55 - 2018-01-26 11:28 - 000959592 _____ C:\Windows\system32\perfh007.dat
2018-05-15 18:55 - 2018-01-26 11:28 - 000268040 _____ C:\Windows\system32\perfc007.dat
2018-05-15 18:55 - 2018-01-26 11:24 - 005798814 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-15 18:51 - 2018-01-26 11:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 18:51 - 2018-01-26 10:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-15 18:50 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-05-15 18:14 - 2018-01-26 10:51 - 000000000 ____D C:\Windows\system32\MRT
2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-15 18:12 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp
2018-05-15 17:23 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-15 05:56 - 2018-03-03 17:44 - 000000000 ____D C:\Users\Megaport\AppData\Local\PlaceholderTileLogoFolder
2018-05-15 05:56 - 2018-01-26 11:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\Packages
2018-05-13 19:17 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-05-03 19:50 - 2018-03-18 21:06 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_1
2018-05-03 19:46 - 2018-03-18 21:06 - 000000117 _____ C:\Users\Megaport\AppData\Roaming\D2Info0
2018-05-03 19:46 - 2018-03-18 20:28 - 000224439 _____ C:\Users\Megaport\AppData\Localtransition_c68e0c0086a6c99d1c3b40d2464e5fe3.ini
2018-05-02 05:35 - 2018-01-26 11:22 - 000002420 _____ C:\Users\Megaport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-02 05:35 - 2018-01-26 11:22 - 000000000 ___RD C:\Users\Megaport\OneDrive
2018-05-02 05:35 - 2018-01-26 10:57 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3446404936-4264823063-2574871056-1001
2018-05-01 23:25 - 2018-03-06 07:31 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:25 - 2018-03-06 07:31 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 09:54 - 2018-04-07 19:39 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_3
2018-05-01 09:36 - 2018-03-23 17:45 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_2
2018-04-30 21:00 - 2018-01-26 11:18 - 000392848 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-30 16:45 - 2018-03-18 21:06 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus
2018-04-29 20:03 - 2018-03-03 18:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-28 18:43 - 2018-04-06 22:47 - 000000000 ____D C:\Users\Megaport\Desktop\fm2018
2018-04-28 07:11 - 2018-03-06 07:22 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 20:59 - 2018-03-03 18:53 - 000000000 ____D C:\Users\Megaport\Desktop\Pour autre DD
2018-04-26 23:04 - 2018-03-03 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\JDownloader v2.0
2018-04-21 20:09 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-04-18 21:08 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF
2018-04-18 20:56 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini
2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-18 20:47 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system
==================== Files in the root of some directories =======
2018-03-18 21:06 - 2018-05-03 19:46 - 000000117 _____ () C:\Users\Megaport\AppData\Roaming\D2Info0
2018-03-18 21:06 - 2018-05-03 19:50 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_1
2018-03-23 17:45 - 2018-05-01 09:36 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_2
2018-04-07 19:39 - 2018-05-01 09:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_3
2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_4
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-14 19:00
==================== End of FRST.txt ============================