Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019
Ran by Adrian (administrator) on ADRIAN-PC (Dell Inc. Inspiron 3521) (24-05-2019 10:33:05)
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulprothoster.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1497F405-E052-404B-BC6D-F21C5586BC72} - System32\Tasks\Microsoft\Windows\comhosts\runco => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe
Task: {1525B772-FB8C-4A33-8095-3B1D111CE541} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {346CD88F-2C4E-4138-BA9C-1E4A33B5F611} - System32\Tasks\AdobeGCInvoker-1.0-Adrian-PC-Adrian => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3533BBF0-3A3C-4CE4-8F84-86D517CA2393} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {82200675-0F52-47D2-AB6A-F351D3DEB67F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1174016 2011-04-24] (Microsoft Windows -> Microsoft Corporation)
Task: {8E4125AC-F326-4508-9A40-74556F01F7F8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {8E4125AC-F326-4508-9A40-74556F01F7F8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {934A53E4-A6A5-4727-BCBE-BC76A6DD986F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {93F844FE-9641-491B-8471-B3D84D3A5EA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9B9E43C7-C8A8-4993-9EA1-315B69728A06} - System32\Tasks\Microsoft\Windows\system\r => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe <==== ATTENTION
Task: {D6697156-6082-4A51-BECE-13EB6DF0032B} - System32\Tasks\A PDF Realiser => C:\Windows\system32\rundll32.exe "C:\Program Files\A PDF Realiser\A PDF Realiser.dll",YudTOxN <==== ATTENTION
Task: {D86DE2B9-2662-4A7F-81CF-A321F2B84CBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.)
Task: {E205646E-7DD1-4DB6-BB51-8071D17B216F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {F40A2F71-8C43-479C-A3C1-03699A89746F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\A PDF Realiser.job => rundll32.exe C:\Program Files\A PDF Realiser\A PDF Realiser.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_ie_https\fs_ie_https64.dll [2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_ie_https\fs_ie_https.dll [2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF DefaultProfile: r120bcec.default-1485454395780-1533903884218
FF DefaultProfile: y4erocbx.default
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218 [2019-05-24]
FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-10]
FF Extension: (Telemetry coverage) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\features\{93c81a15-9e5c-4ff5-a632-ed5eae26fdb5}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-08] [Legacy]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2019-05-24]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-05-23]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2019-05-24]
CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-05-07]
CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05]
CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-12-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-21]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
Opera:
=======
OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 fshoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsorsp64.exe [101320 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulprothoster.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Estonian Informatics Centre -> Windows (R) Win 7 DDK provider)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2014-07-23] (Broadcom Corporation -> Broadcom Corporation.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [23760 2014-07-23] (Broadcom Corporation -> Broadcom Corporation)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [9082064 2014-07-23] (Broadcom Corporation -> Broadcom Corporation)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global -> HID Global Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulgk.sys [288120 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshs.sys [102776 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [65872 2018-12-17] (F-Secure Corporation -> )
R3 fsni; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\fsni64.sys [108704 2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5343584 2012-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (AnchorFree Inc -> Anchorfree Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-23 16:32 - 2019-05-24 00:45 - 000003632 _____ C:\Users\Adrian\Documents\Press Gang Metropole.txt
2019-05-22 23:41 - 2019-05-22 23:41 - 000000000 ____D C:\Users\Adrian\AppData\Local\http___www.julien-manici
2019-05-22 23:39 - 2019-05-22 23:39 - 000003071 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Logon Background Changer.lnk
2019-05-22 23:39 - 2019-05-22 23:39 - 000000000 ____D C:\Program Files (x86)\Julien MANICI
2019-05-22 23:38 - 2019-05-22 23:38 - 000795217 _____ C:\Users\Adrian\Downloads\Win7LogonBackgroundChanger_1_5_2.zip
2019-05-21 22:08 - 2019-05-21 22:08 - 000000000 ____D C:\Users\Adrian\Downloads\Get Carter (1971) [1080p]
2019-05-21 20:19 - 2019-05-21 20:19 - 000000000 ____D C:\Users\Adrian\Downloads\Passage.to.Marseille.1944.(War).1080p.BRRip.x264-Classics
2019-05-21 15:27 - 2019-05-23 20:13 - 000000000 ____D C:\Users\Adrian\AppData\LocalLow\uTorrent
2019-05-20 20:49 - 2019-05-20 20:49 - 000019794 _____ C:\Users\Adrian\Downloads\shifts-EE-Tallinn-2019-06.xlsx
2019-05-20 09:21 - 2019-05-20 09:24 - 183532169 _____ C:\Users\Adrian\Downloads\United_Progressive_Fraternity_-_Planetary_Overload.zip
2019-05-20 08:51 - 2019-05-20 08:59 - 449924931 _____ C:\Users\Adrian\Downloads\Garage 9.zip
2019-05-20 08:50 - 2019-05-20 08:51 - 019300859 _____ C:\Users\Adrian\Downloads\Shaargoth.m4a
2019-05-20 08:49 - 2019-05-20 08:54 - 179309910 _____ C:\Users\Adrian\Downloads\Big Big Train - Grand Tour.rar
2019-05-19 15:15 - 2019-05-19 15:15 - 000000000 ____D C:\Users\Adrian\AppData\Local\Techweb
2019-05-14 07:47 - 2019-05-14 07:49 - 081151128 _____ C:\Users\Adrian\Downloads\3TEETH_--_METAWAR.zip
2019-05-14 07:47 - 2019-05-14 07:49 - 066348221 _____ C:\Users\Adrian\Downloads\GALAAD.zip
2019-05-14 07:46 - 2019-05-14 07:46 - 007926824 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.42.1_win64-setup.exe
2019-05-09 09:28 - 2019-05-09 10:26 - 000004561 _____ C:\Users\Adrian\Documents\Waxx interview.txt
2019-05-07 10:53 - 2019-05-07 10:54 - 000000000 ____D C:\Users\Adrian\Downloads\Asterix - L'integrale t1 A t33 Hs (Pdf)
2019-05-05 18:49 - 2019-05-10 21:14 - 000005182 _____ C:\Users\Adrian\Documents\Interview Shaargoth.txt
2019-05-03 21:46 - 2019-05-03 21:48 - 000000193 _____ C:\Users\Adrian\Documents\Bulgarie.txt
2019-05-03 21:40 - 2019-04-10 13:13 - 005350298 _____ C:\Users\Adrian\Downloads\Professeur Choron - Je bois je fume et je vous emmerde.epub
2019-05-03 21:39 - 2019-05-03 21:39 - 005342727 _____ C:\Users\Adrian\Downloads\00PFCHRNJVEMRDE5815R8RZ.zip
2019-05-02 22:17 - 2019-05-02 22:17 - 000020438 _____ C:\Users\Adrian\Downloads\shifts-EE-Tallinn-2019-05.xlsx
2019-05-02 18:43 - 2019-05-02 18:44 - 000006176 _____ C:\Users\Adrian\Desktop\Fixlog.txt
2019-05-02 18:43 - 2019-05-02 18:43 - 000003410 _____ C:\Users\Adrian\Desktop\pbzktkobkovkhbamp.txt
2019-05-02 15:12 - 2019-05-23 22:20 - 000037620 _____ C:\Users\Adrian\Desktop\Addition.txt
2019-05-02 15:08 - 2019-05-24 10:35 - 000026059 _____ C:\Users\Adrian\Desktop\FRST.txt
2019-05-02 15:08 - 2019-05-24 10:33 - 000000000 ____D C:\FRST
2019-05-02 15:08 - 2019-05-02 15:08 - 002430464 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe
2019-05-02 15:06 - 2019-05-02 15:09 - 154881408 _____ C:\Users\Adrian\Downloads\TEA1 (13).rar
2019-05-02 14:31 - 2009-11-04 18:14 - 000000000 ____D C:\Users\Adrian\Downloads\Organisation1970
2019-05-02 13:56 - 2019-05-02 13:56 - 000000000 ____D C:\Users\Adrian\Downloads\FM The Italian Job
2019-05-02 10:44 - 2019-05-24 10:06 - 000143085 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt
2019-04-30 23:13 - 2019-04-30 23:13 - 003032448 _____ C:\Users\Adrian\Downloads\ZHPDiag3.exe
2019-04-29 23:11 - 2014-11-24 20:30 - 030414329 _____ C:\Users\Adrian\Downloads\Disco Playa.mp4
2019-04-27 12:51 - 2019-04-27 12:51 - 001497483 _____ C:\Users\Adrian\Downloads\video-1556351427.mp4
2019-04-24 01:10 - 2019-04-24 22:51 - 1354807556 _____ C:\Users\Adrian\Downloads\Dark Passage (1947).avi
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-24 10:06 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP
2019-05-24 09:58 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-24 09:58 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-24 09:42 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-24 02:59 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2019-05-24 02:58 - 2018-07-28 17:26 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02
2019-05-23 21:35 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis
2019-05-23 20:13 - 2019-04-08 15:31 - 000000000 ____D C:\Users\Adrian\AppData\Local\BitTorrentHelper
2019-05-23 16:29 - 2019-02-18 10:48 - 000000000 ____D C:\Users\Adrian\Downloads\2019
2019-05-23 15:38 - 2017-12-01 14:41 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-22 23:40 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\oobe
2019-05-22 23:18 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2019-05-22 15:52 - 2017-11-09 11:59 - 000000000 ____D C:\Users\Adrian\dwhelper
2019-05-21 22:25 - 2016-06-03 17:33 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\MPC-HC
2019-05-21 22:16 - 2014-09-04 18:07 - 001354209 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods
2019-05-21 22:15 - 2014-09-04 17:35 - 023983709 _____ C:\Users\Adrian\Documents\Films vus.odt
2019-05-21 19:25 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla
2019-05-21 13:32 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc
2019-05-21 09:45 - 2016-10-10 19:48 - 000000000 ____D C:\Users\Adrian\Downloads\[ www.TorrentDay.com ] - Hitch-Hike 1977 DVDRip x264 AC3-iCMAL
2019-05-21 09:39 - 2019-02-26 16:38 - 000000000 ____D C:\Users\Adrian\Downloads\Man on a String [1960 - USA] Ernest Borgnine cold war thriller
2019-05-20 12:58 - 2017-09-23 12:55 - 000000000 ____D C:\Program Files\Pale Moon
2019-05-20 09:18 - 2014-07-30 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-20 09:18 - 2014-07-30 10:34 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2019-05-16 21:07 - 2018-05-10 22:45 - 000003554 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Adrian-PC-Adrian
2019-05-15 23:31 - 2017-04-14 11:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 23:10 - 2017-12-01 14:39 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 23:10 - 2017-12-01 14:39 - 000003254 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-13 20:31 - 2014-07-23 19:30 - 000000000 ____D C:\Users\Adrian
2019-05-10 11:03 - 2009-07-14 08:13 - 000788438 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-08 10:06 - 2019-01-18 21:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag
2019-05-07 10:50 - 2019-04-08 17:50 - 000000000 ____D C:\Users\Adrian\Downloads\A.Meia.Noite.Levarei.Sua.Alma
2019-05-02 14:06 - 2019-04-11 22:37 - 000000000 ____D C:\Users\Adrian\Downloads\Press Gang Metropol
2019-04-30 01:14 - 2018-01-10 20:10 - 000000000 ____D C:\Users\Adrian\Documents\Roman
2019-04-29 18:48 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox
2019-04-28 12:38 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie
2019-04-26 09:06 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat
2018-09-28 13:07 - 2018-09-28 13:07 - 000000000 _____ () C:\Users\Adrian\AppData\Local\oobelibMkey.log
2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt
2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2015-12-17 13:22
==================== End of FRST.txt ============================
Ran by Adrian (administrator) on ADRIAN-PC (Dell Inc. Inspiron 3521) (24-05-2019 10:33:05)
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulprothoster.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1497F405-E052-404B-BC6D-F21C5586BC72} - System32\Tasks\Microsoft\Windows\comhosts\runco => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe
Task: {1525B772-FB8C-4A33-8095-3B1D111CE541} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {346CD88F-2C4E-4138-BA9C-1E4A33B5F611} - System32\Tasks\AdobeGCInvoker-1.0-Adrian-PC-Adrian => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3533BBF0-3A3C-4CE4-8F84-86D517CA2393} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {82200675-0F52-47D2-AB6A-F351D3DEB67F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1174016 2011-04-24] (Microsoft Windows -> Microsoft Corporation)
Task: {8E4125AC-F326-4508-9A40-74556F01F7F8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {8E4125AC-F326-4508-9A40-74556F01F7F8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {934A53E4-A6A5-4727-BCBE-BC76A6DD986F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {93F844FE-9641-491B-8471-B3D84D3A5EA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9B9E43C7-C8A8-4993-9EA1-315B69728A06} - System32\Tasks\Microsoft\Windows\system\r => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe <==== ATTENTION
Task: {D6697156-6082-4A51-BECE-13EB6DF0032B} - System32\Tasks\A PDF Realiser => C:\Windows\system32\rundll32.exe "C:\Program Files\A PDF Realiser\A PDF Realiser.dll",YudTOxN <==== ATTENTION
Task: {D86DE2B9-2662-4A7F-81CF-A321F2B84CBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.)
Task: {E205646E-7DD1-4DB6-BB51-8071D17B216F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {F278B569-019D-4EAB-B904-25DA94ED00E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {F40A2F71-8C43-479C-A3C1-03699A89746F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\A PDF Realiser.job => rundll32.exe C:\Program Files\A PDF Realiser\A PDF Realiser.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_ie_https\fs_ie_https64.dll [2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_ie_https\fs_ie_https.dll [2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF DefaultProfile: r120bcec.default-1485454395780-1533903884218
FF DefaultProfile: y4erocbx.default
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218 [2019-05-24]
FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-10]
FF Extension: (Telemetry coverage) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\features\{93c81a15-9e5c-4ff5-a632-ed5eae26fdb5}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-08] [Legacy]
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2019-05-24]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-05-23]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2019-05-24]
CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-05-07]
CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05]
CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-12-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-21]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
Opera:
=======
OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 fshoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshoster64.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsorsp64.exe [101320 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulprothoster.exe [588416 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Estonian Informatics Centre -> Windows (R) Win 7 DDK provider)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2014-07-23] (Broadcom Corporation -> Broadcom Corporation.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [23760 2014-07-23] (Broadcom Corporation -> Broadcom Corporation)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [9082064 2014-07-23] (Broadcom Corporation -> Broadcom Corporation)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global -> HID Global Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fsulgk.sys [288120 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1558345349\fshs.sys [102776 2019-05-20] (F-Secure Corporation -> F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [65872 2018-12-17] (F-Secure Corporation -> )
R3 fsni; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1558619842\fsni64.sys [108704 2019-05-23] (F-Secure Corporation -> F-Secure Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5343584 2012-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (AnchorFree Inc -> Anchorfree Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-23 16:32 - 2019-05-24 00:45 - 000003632 _____ C:\Users\Adrian\Documents\Press Gang Metropole.txt
2019-05-22 23:41 - 2019-05-22 23:41 - 000000000 ____D C:\Users\Adrian\AppData\Local\http___www.julien-manici
2019-05-22 23:39 - 2019-05-22 23:39 - 000003071 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Logon Background Changer.lnk
2019-05-22 23:39 - 2019-05-22 23:39 - 000000000 ____D C:\Program Files (x86)\Julien MANICI
2019-05-22 23:38 - 2019-05-22 23:38 - 000795217 _____ C:\Users\Adrian\Downloads\Win7LogonBackgroundChanger_1_5_2.zip
2019-05-21 22:08 - 2019-05-21 22:08 - 000000000 ____D C:\Users\Adrian\Downloads\Get Carter (1971) [1080p]
2019-05-21 20:19 - 2019-05-21 20:19 - 000000000 ____D C:\Users\Adrian\Downloads\Passage.to.Marseille.1944.(War).1080p.BRRip.x264-Classics
2019-05-21 15:27 - 2019-05-23 20:13 - 000000000 ____D C:\Users\Adrian\AppData\LocalLow\uTorrent
2019-05-20 20:49 - 2019-05-20 20:49 - 000019794 _____ C:\Users\Adrian\Downloads\shifts-EE-Tallinn-2019-06.xlsx
2019-05-20 09:21 - 2019-05-20 09:24 - 183532169 _____ C:\Users\Adrian\Downloads\United_Progressive_Fraternity_-_Planetary_Overload.zip
2019-05-20 08:51 - 2019-05-20 08:59 - 449924931 _____ C:\Users\Adrian\Downloads\Garage 9.zip
2019-05-20 08:50 - 2019-05-20 08:51 - 019300859 _____ C:\Users\Adrian\Downloads\Shaargoth.m4a
2019-05-20 08:49 - 2019-05-20 08:54 - 179309910 _____ C:\Users\Adrian\Downloads\Big Big Train - Grand Tour.rar
2019-05-19 15:15 - 2019-05-19 15:15 - 000000000 ____D C:\Users\Adrian\AppData\Local\Techweb
2019-05-14 07:47 - 2019-05-14 07:49 - 081151128 _____ C:\Users\Adrian\Downloads\3TEETH_--_METAWAR.zip
2019-05-14 07:47 - 2019-05-14 07:49 - 066348221 _____ C:\Users\Adrian\Downloads\GALAAD.zip
2019-05-14 07:46 - 2019-05-14 07:46 - 007926824 _____ (Tim Kosse) C:\Users\Adrian\Downloads\FileZilla_3.42.1_win64-setup.exe
2019-05-09 09:28 - 2019-05-09 10:26 - 000004561 _____ C:\Users\Adrian\Documents\Waxx interview.txt
2019-05-07 10:53 - 2019-05-07 10:54 - 000000000 ____D C:\Users\Adrian\Downloads\Asterix - L'integrale t1 A t33 Hs (Pdf)
2019-05-05 18:49 - 2019-05-10 21:14 - 000005182 _____ C:\Users\Adrian\Documents\Interview Shaargoth.txt
2019-05-03 21:46 - 2019-05-03 21:48 - 000000193 _____ C:\Users\Adrian\Documents\Bulgarie.txt
2019-05-03 21:40 - 2019-04-10 13:13 - 005350298 _____ C:\Users\Adrian\Downloads\Professeur Choron - Je bois je fume et je vous emmerde.epub
2019-05-03 21:39 - 2019-05-03 21:39 - 005342727 _____ C:\Users\Adrian\Downloads\00PFCHRNJVEMRDE5815R8RZ.zip
2019-05-02 22:17 - 2019-05-02 22:17 - 000020438 _____ C:\Users\Adrian\Downloads\shifts-EE-Tallinn-2019-05.xlsx
2019-05-02 18:43 - 2019-05-02 18:44 - 000006176 _____ C:\Users\Adrian\Desktop\Fixlog.txt
2019-05-02 18:43 - 2019-05-02 18:43 - 000003410 _____ C:\Users\Adrian\Desktop\pbzktkobkovkhbamp.txt
2019-05-02 15:12 - 2019-05-23 22:20 - 000037620 _____ C:\Users\Adrian\Desktop\Addition.txt
2019-05-02 15:08 - 2019-05-24 10:35 - 000026059 _____ C:\Users\Adrian\Desktop\FRST.txt
2019-05-02 15:08 - 2019-05-24 10:33 - 000000000 ____D C:\FRST
2019-05-02 15:08 - 2019-05-02 15:08 - 002430464 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe
2019-05-02 15:06 - 2019-05-02 15:09 - 154881408 _____ C:\Users\Adrian\Downloads\TEA1 (13).rar
2019-05-02 14:31 - 2009-11-04 18:14 - 000000000 ____D C:\Users\Adrian\Downloads\Organisation1970
2019-05-02 13:56 - 2019-05-02 13:56 - 000000000 ____D C:\Users\Adrian\Downloads\FM The Italian Job
2019-05-02 10:44 - 2019-05-24 10:06 - 000143085 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt
2019-04-30 23:13 - 2019-04-30 23:13 - 003032448 _____ C:\Users\Adrian\Downloads\ZHPDiag3.exe
2019-04-29 23:11 - 2014-11-24 20:30 - 030414329 _____ C:\Users\Adrian\Downloads\Disco Playa.mp4
2019-04-27 12:51 - 2019-04-27 12:51 - 001497483 _____ C:\Users\Adrian\Downloads\video-1556351427.mp4
2019-04-24 01:10 - 2019-04-24 22:51 - 1354807556 _____ C:\Users\Adrian\Downloads\Dark Passage (1947).avi
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-24 10:06 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP
2019-05-24 09:58 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-24 09:58 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-24 09:42 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-24 02:59 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2019-05-24 02:58 - 2018-07-28 17:26 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02
2019-05-23 21:35 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis
2019-05-23 20:13 - 2019-04-08 15:31 - 000000000 ____D C:\Users\Adrian\AppData\Local\BitTorrentHelper
2019-05-23 16:29 - 2019-02-18 10:48 - 000000000 ____D C:\Users\Adrian\Downloads\2019
2019-05-23 15:38 - 2017-12-01 14:41 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-22 23:40 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\oobe
2019-05-22 23:18 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2019-05-22 15:52 - 2017-11-09 11:59 - 000000000 ____D C:\Users\Adrian\dwhelper
2019-05-21 22:25 - 2016-06-03 17:33 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\MPC-HC
2019-05-21 22:16 - 2014-09-04 18:07 - 001354209 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods
2019-05-21 22:15 - 2014-09-04 17:35 - 023983709 _____ C:\Users\Adrian\Documents\Films vus.odt
2019-05-21 19:25 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla
2019-05-21 13:32 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc
2019-05-21 09:45 - 2016-10-10 19:48 - 000000000 ____D C:\Users\Adrian\Downloads\[ www.TorrentDay.com ] - Hitch-Hike 1977 DVDRip x264 AC3-iCMAL
2019-05-21 09:39 - 2019-02-26 16:38 - 000000000 ____D C:\Users\Adrian\Downloads\Man on a String [1960 - USA] Ernest Borgnine cold war thriller
2019-05-20 12:58 - 2017-09-23 12:55 - 000000000 ____D C:\Program Files\Pale Moon
2019-05-20 09:18 - 2014-07-30 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-20 09:18 - 2014-07-30 10:34 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2019-05-16 21:07 - 2018-05-10 22:45 - 000003554 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Adrian-PC-Adrian
2019-05-15 23:31 - 2017-04-14 11:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 23:10 - 2017-12-01 14:39 - 000003382 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 23:10 - 2017-12-01 14:39 - 000003254 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-13 20:31 - 2014-07-23 19:30 - 000000000 ____D C:\Users\Adrian
2019-05-10 11:03 - 2009-07-14 08:13 - 000788438 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-08 10:06 - 2019-01-18 21:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag
2019-05-07 10:50 - 2019-04-08 17:50 - 000000000 ____D C:\Users\Adrian\Downloads\A.Meia.Noite.Levarei.Sua.Alma
2019-05-02 14:06 - 2019-04-11 22:37 - 000000000 ____D C:\Users\Adrian\Downloads\Press Gang Metropol
2019-04-30 01:14 - 2018-01-10 20:10 - 000000000 ____D C:\Users\Adrian\Documents\Roman
2019-04-29 18:48 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox
2019-04-28 12:38 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie
2019-04-26 09:06 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat
2018-09-28 13:07 - 2018-09-28 13:07 - 000000000 _____ () C:\Users\Adrian\AppData\Local\oobelibMkey.log
2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt
2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2015-12-17 13:22
==================== End of FRST.txt ============================