Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Adrian (administrator) on ADRIAN-PC (18-09-2018 16:37:41)
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Adrian\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-27] (Piriform Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [MinerGateGui] => C:\Users\Adrian\AppData\Roaming\server\minergate.exe --auto
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {f9e572d3-d7ac-11e7-b488-ecf4bb0c7e4f} - E:\autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: r120bcec.default-1485454395780-1533903884218
FF DefaultProfile: y4erocbx.default
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218 [2018-09-18]
FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-10]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2018-09-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-02-26]
CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05]
CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22]
CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-10]
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
Opera:
=======
OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows (R) Win 7 DDK provider)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-03] (Disc Soft Ltd)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2018-01-12] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2015-05-08] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-18 16:06 - 2018-09-18 16:06 - 000000165 ____H C:\Users\Adrian\Documents\~$Emploi du temps.xlsx
2018-09-15 11:56 - 2018-09-15 11:59 - 158211501 _____ C:\Users\Adrian\Downloads\Cali.rar
2018-09-15 11:45 - 2018-09-15 11:46 - 108429092 _____ C:\Users\Adrian\Downloads\David Crosby.rar
2018-09-12 21:40 - 2018-09-12 21:40 - 000296448 _____ (PortableAppZ.blogspot.com) C:\Users\Adrian\Downloads\Unlocker_Portable_1.9.2_32-64_Multilingual.exe
2018-09-12 21:40 - 2018-09-12 21:40 - 000000000 ____D C:\UnlockerPortable
2018-09-12 16:14 - 2018-09-12 16:17 - 000000000 ____D C:\Users\Adrian\Downloads\Dr Feelgood-1974-1989-14 cd
2018-09-12 11:08 - 2018-09-12 11:08 - 000000000 ____D C:\Users\Adrian\Downloads\PLAIN WHITE T's - DISCOGRAPHY [CHANNEL NEO]
2018-09-11 17:23 - 2018-09-06 10:18 - 000000000 ____D C:\Users\Adrian\Downloads\Theraphosa
2018-09-11 17:22 - 2018-09-06 10:57 - 000000000 ____D C:\Users\Adrian\Downloads\Anti-Flag
2018-09-11 12:52 - 2018-09-11 12:52 - 000186584 _____ C:\Users\Adrian\Desktop\ZHPDiag.html
2018-09-11 12:39 - 2018-09-11 12:39 - 003164544 _____ C:\Users\Adrian\Desktop\ZHPDiag3.exe
2018-09-11 12:04 - 2018-09-11 12:10 - 000000000 ____D C:\Users\Adrian\Downloads\James Bond For Your Eyes Only (1981)
2018-09-11 12:03 - 2018-09-11 12:12 - 122619497 _____ C:\Users\Adrian\Downloads\Haken_--_Vector.zip
2018-09-11 12:02 - 2018-09-11 12:03 - 061090519 _____ C:\Users\Adrian\Downloads\Joe Bonamassa.rar
2018-09-11 12:01 - 2018-09-11 12:10 - 150636759 _____ C:\Users\Adrian\Downloads\Uriah Heep - 2018 - Living The Dream.zip
2018-09-11 11:58 - 2018-09-11 11:58 - 007792288 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.36.0_win64-setup.exe
2018-09-11 11:58 - 2018-09-11 11:58 - 007791072 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.35.1_win64-setup.exe
2018-09-08 14:42 - 2018-09-08 14:43 - 000000000 ____D C:\Users\Adrian\Downloads\1977 - Johnny Thunders & The Heartbreakers - L.A.M.F. (Vinyl Rip + bonus)
2018-09-05 00:29 - 2018-09-05 00:29 - 000000853 _____ C:\Users\Adrian\Desktop\µTorrent.lnk
2018-09-04 18:38 - 2018-09-04 18:38 - 000017291 _____ C:\Users\Adrian\Desktop\ZHPCleaner.html
2018-09-01 10:39 - 2018-09-01 10:47 - 000000000 ____D C:\Users\Adrian\Downloads\Hasil Adkins - Chicken Walk (Cult US Lo-Fi Rockabilly)
2018-09-01 10:39 - 2018-09-01 10:40 - 000000000 ____D C:\Users\Adrian\Downloads\Television - Adventure (1978) By Muro
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-18 16:38 - 2018-08-07 13:11 - 000015071 _____ C:\Users\Adrian\Desktop\FRST.txt
2018-09-18 16:06 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-18 16:06 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-18 16:04 - 2017-11-28 13:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 15:51 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-17 17:29 - 2018-05-30 11:50 - 000010255 _____ C:\Users\Adrian\Documents\Emploi du temps.xlsx
2018-09-17 15:09 - 2018-07-28 17:26 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02
2018-09-15 12:01 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla
2018-09-15 11:44 - 2014-07-30 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-09-15 11:44 - 2014-07-30 10:34 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-09-12 21:34 - 2018-08-04 21:08 - 000000000 ____D C:\Users\Adrian\Downloads\Plain White T's
2018-09-12 21:34 - 2014-08-01 15:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag
2018-09-12 21:26 - 2014-09-04 18:07 - 001307552 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods
2018-09-12 21:18 - 2014-09-04 17:35 - 023982676 _____ C:\Users\Adrian\Documents\Films vus.odt
2018-09-12 17:30 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc
2018-09-12 17:30 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2018-09-12 16:27 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis
2018-09-11 12:47 - 2018-08-06 20:51 - 000125541 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt
2018-09-11 12:47 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP
2018-09-10 19:46 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner
2018-09-08 14:46 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Installations
2018-09-08 14:44 - 2014-10-13 20:32 - 000000000 ____D C:\Users\Adrian\Downloads\Photos
2018-09-08 14:41 - 2018-07-12 23:56 - 000000000 ____D C:\Users\Adrian\Downloads\The Shangri-Las - Myrmidons of melodrama (1963-66), pop
2018-09-07 15:18 - 2018-08-04 20:30 - 000000000 ____D C:\Users\Adrian\Downloads\The Byrds
2018-09-05 00:29 - 2014-07-24 16:42 - 000000833 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-09-04 19:53 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Livres
2018-09-04 18:37 - 2018-08-07 00:40 - 000001763 _____ C:\Users\Adrian\Desktop\ZHPCleaner.txt
2018-09-04 18:26 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie
2018-09-04 18:16 - 2016-06-05 17:10 - 000000832 _____ C:\Users\Adrian\Desktop\ZHPCleaner.lnk
2018-09-04 13:56 - 2017-11-09 11:59 - 000000000 ____D C:\Users\Adrian\dwhelper
2018-09-03 15:49 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox
2018-09-01 11:05 - 2018-07-03 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abandonware-France
==================== Files in the root of some directories =======
2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat
2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt
2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-17 13:22
==================== End of FRST.txt ============================
Ran by Adrian (administrator) on ADRIAN-PC (18-09-2018 16:37:41)
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Adrian\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-27] (Piriform Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [MinerGateGui] => C:\Users\Adrian\AppData\Roaming\server\minergate.exe --auto
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {f9e572d3-d7ac-11e7-b488-ecf4bb0c7e4f} - E:\autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: r120bcec.default-1485454395780-1533903884218
FF DefaultProfile: y4erocbx.default
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218 [2018-09-18]
FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-10]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2018-09-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-02-26]
CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05]
CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22]
CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-10]
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
Opera:
=======
OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows (R) Win 7 DDK provider)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-03] (Disc Soft Ltd)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2018-01-12] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2015-05-08] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-18 16:06 - 2018-09-18 16:06 - 000000165 ____H C:\Users\Adrian\Documents\~$Emploi du temps.xlsx
2018-09-15 11:56 - 2018-09-15 11:59 - 158211501 _____ C:\Users\Adrian\Downloads\Cali.rar
2018-09-15 11:45 - 2018-09-15 11:46 - 108429092 _____ C:\Users\Adrian\Downloads\David Crosby.rar
2018-09-12 21:40 - 2018-09-12 21:40 - 000296448 _____ (PortableAppZ.blogspot.com) C:\Users\Adrian\Downloads\Unlocker_Portable_1.9.2_32-64_Multilingual.exe
2018-09-12 21:40 - 2018-09-12 21:40 - 000000000 ____D C:\UnlockerPortable
2018-09-12 16:14 - 2018-09-12 16:17 - 000000000 ____D C:\Users\Adrian\Downloads\Dr Feelgood-1974-1989-14 cd
2018-09-12 11:08 - 2018-09-12 11:08 - 000000000 ____D C:\Users\Adrian\Downloads\PLAIN WHITE T's - DISCOGRAPHY [CHANNEL NEO]
2018-09-11 17:23 - 2018-09-06 10:18 - 000000000 ____D C:\Users\Adrian\Downloads\Theraphosa
2018-09-11 17:22 - 2018-09-06 10:57 - 000000000 ____D C:\Users\Adrian\Downloads\Anti-Flag
2018-09-11 12:52 - 2018-09-11 12:52 - 000186584 _____ C:\Users\Adrian\Desktop\ZHPDiag.html
2018-09-11 12:39 - 2018-09-11 12:39 - 003164544 _____ C:\Users\Adrian\Desktop\ZHPDiag3.exe
2018-09-11 12:04 - 2018-09-11 12:10 - 000000000 ____D C:\Users\Adrian\Downloads\James Bond For Your Eyes Only (1981)
2018-09-11 12:03 - 2018-09-11 12:12 - 122619497 _____ C:\Users\Adrian\Downloads\Haken_--_Vector.zip
2018-09-11 12:02 - 2018-09-11 12:03 - 061090519 _____ C:\Users\Adrian\Downloads\Joe Bonamassa.rar
2018-09-11 12:01 - 2018-09-11 12:10 - 150636759 _____ C:\Users\Adrian\Downloads\Uriah Heep - 2018 - Living The Dream.zip
2018-09-11 11:58 - 2018-09-11 11:58 - 007792288 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.36.0_win64-setup.exe
2018-09-11 11:58 - 2018-09-11 11:58 - 007791072 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.35.1_win64-setup.exe
2018-09-08 14:42 - 2018-09-08 14:43 - 000000000 ____D C:\Users\Adrian\Downloads\1977 - Johnny Thunders & The Heartbreakers - L.A.M.F. (Vinyl Rip + bonus)
2018-09-05 00:29 - 2018-09-05 00:29 - 000000853 _____ C:\Users\Adrian\Desktop\µTorrent.lnk
2018-09-04 18:38 - 2018-09-04 18:38 - 000017291 _____ C:\Users\Adrian\Desktop\ZHPCleaner.html
2018-09-01 10:39 - 2018-09-01 10:47 - 000000000 ____D C:\Users\Adrian\Downloads\Hasil Adkins - Chicken Walk (Cult US Lo-Fi Rockabilly)
2018-09-01 10:39 - 2018-09-01 10:40 - 000000000 ____D C:\Users\Adrian\Downloads\Television - Adventure (1978) By Muro
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-18 16:38 - 2018-08-07 13:11 - 000015071 _____ C:\Users\Adrian\Desktop\FRST.txt
2018-09-18 16:06 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-18 16:06 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-18 16:04 - 2017-11-28 13:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 15:51 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-17 17:29 - 2018-05-30 11:50 - 000010255 _____ C:\Users\Adrian\Documents\Emploi du temps.xlsx
2018-09-17 15:09 - 2018-07-28 17:26 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02
2018-09-15 12:01 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla
2018-09-15 11:44 - 2014-07-30 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-09-15 11:44 - 2014-07-30 10:34 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-09-12 21:34 - 2018-08-04 21:08 - 000000000 ____D C:\Users\Adrian\Downloads\Plain White T's
2018-09-12 21:34 - 2014-08-01 15:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag
2018-09-12 21:26 - 2014-09-04 18:07 - 001307552 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods
2018-09-12 21:18 - 2014-09-04 17:35 - 023982676 _____ C:\Users\Adrian\Documents\Films vus.odt
2018-09-12 17:30 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc
2018-09-12 17:30 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2018-09-12 16:27 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis
2018-09-11 12:47 - 2018-08-06 20:51 - 000125541 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt
2018-09-11 12:47 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP
2018-09-10 19:46 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner
2018-09-08 14:46 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Installations
2018-09-08 14:44 - 2014-10-13 20:32 - 000000000 ____D C:\Users\Adrian\Downloads\Photos
2018-09-08 14:41 - 2018-07-12 23:56 - 000000000 ____D C:\Users\Adrian\Downloads\The Shangri-Las - Myrmidons of melodrama (1963-66), pop
2018-09-07 15:18 - 2018-08-04 20:30 - 000000000 ____D C:\Users\Adrian\Downloads\The Byrds
2018-09-05 00:29 - 2014-07-24 16:42 - 000000833 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-09-04 19:53 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Livres
2018-09-04 18:37 - 2018-08-07 00:40 - 000001763 _____ C:\Users\Adrian\Desktop\ZHPCleaner.txt
2018-09-04 18:26 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie
2018-09-04 18:16 - 2016-06-05 17:10 - 000000832 _____ C:\Users\Adrian\Desktop\ZHPCleaner.lnk
2018-09-04 13:56 - 2017-11-09 11:59 - 000000000 ____D C:\Users\Adrian\dwhelper
2018-09-03 15:49 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox
2018-09-01 11:05 - 2018-07-03 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abandonware-France
==================== Files in the root of some directories =======
2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat
2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt
2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-17 13:22
==================== End of FRST.txt ============================