Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2020 01
Ran by Tony (administrator) on FIXE (Gigabyte Technology Co., Ltd. M68M-S2P) (24-11-2020 15:36:51)
Running from C:\Users\Tony\Downloads
Loaded Profiles: Tony
Platform: Microsoft Windows 7 Entreprise Service Pack 1 (X86) Language: Anglais (États-Unis)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Numedia Soft, Inc. -> ) C:\Program Files\CDBurnerXP\NMSAccessU.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Orbiscom Ltd. All rights reserved.) [File not signed] C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [uTorrent] => C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe [1983672 2018-04-14] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --disable-quic --flag-switches-end --restore-last-session -- hxxp://cdn.bitmedianetwork.com/network/r.html?u=ue1-2cb23ae7f1 (the data entry has 117 more characters).
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {04e3e458-9457-11e3-8c46-6cf0492b43e8} - E:\CMADownloader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {16e72a91-d01e-11e5-b2a3-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2dcde1d8-4e43-11e4-a990-6cf0492b43e8} - E:\CMADownloader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2e97d61b-d069-11e5-b5a5-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2e97d6bf-d069-11e5-b5a5-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKLM\...\Windows NT x86\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\W32X86\hpzpplhn.dll [89600 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows NT x86\Print Processors\ModiPrint: C:\Windows\System32\spool\prtprocs\W32X86\mdippr.dll [28552 2007-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\LIDIL hpzlllhn: C:\Windows\system32\hpzlllhn.dll [37376 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\Microsoft Document Imaging Writer Monitor: C:\Windows\system32\mdimon.dll [28040 2007-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Redmon: C:\Windows\system32\redmonnt.dll [98304 2007-08-21] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\e-Carte Bleue Banque Populaire.lnk [2012-04-01]
ShortcutTarget: e-Carte Bleue Banque Populaire.lnk -> C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe (Orbiscom Ltd. All rights reserved.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-06-24]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech -> Logitech, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {12B7117A-BBFB-4BCF-93BF-1ADAFB526BEF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {18B7EABE-6CA6-4707-98F2-0E3A4973C0AA} - System32\Tasks\{6D1EA338-797B-4B1C-940D-B01454248476} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {221F8F3A-00EF-4755-8554-AAA0D1659246} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {29C60D44-6964-4548-9D4A-B3BD3D17C35D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {31EA3EA0-483C-4040-86CB-4F137C5DA52D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {36176F70-D095-49FD-B452-9B2902FEDA6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {39648386-5E0E-4E04-AF50-19132AA86012} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {45C903F4-D613-4C71-8CA4-6C069700F9E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4A80F0F1-2AEE-46FD-9D1D-2D34B9BF5CF6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {535ECB34-F5FC-488C-83A5-C0382F2797FC} - System32\Tasks\{B7CDDA4E-D9D5-4839-A467-17A61E4A557A} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {61B6F01D-8A3B-4FD4-805C-65C7FDF80F20} - System32\Tasks\{DCF36174-56AB-4626-B527-CA16220AAAC4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony\Videos\Architecte 3DHD Expert Cad 2010\flashplayer7_winax.exe" -d "C:\Users\Tony\Videos\Architecte 3DHD Expert Cad 2010"
Task: {6A451F7E-00EC-40FC-95C6-A4111F2F2A6B} - System32\Tasks\{86750599-1C4E-49E0-BF09-EC25F78BBAF3} => C:\Program Files\Windows Live\Mail\wlmail.exe [92024 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DDEEBA5-C3D0-4334-ACF9-7C6209E2C9E0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CB47530-3A22-4EB7-8357-8FEE8342CC88} - System32\Tasks\{63DA26B1-C59F-4192-9174-5CF21AB5AF43} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {91F1CEC3-98EE-4D6D-AED0-74D80773F9D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {A1BE2CFF-D0A4-453D-958B-2226519172EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {AB2F9BB8-2513-460B-9E0D-5F1182C1C740} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-12] (Adobe Inc. -> Adobe)
Task: {B44DEFC6-FE33-4EA4-8887-1DBF4D5F6DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
Task: {BC852C35-3E72-4951-9409-B04D87775F56} - System32\Tasks\{AF8D5DF9-92FF-41CF-A18F-89F6406C08E5} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {C5062C67-0BEC-40AB-A6CC-7F099A36B9C5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {DA957937-39DD-447E-9517-C01DF615CE06} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-12] (Adobe Inc. -> Adobe)
Task: {E31458BD-791F-48C2-9C49-DF685D437E55} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4F0609B-5D34-46E7-9BB3-CDED10B32137} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB414872-59A4-4F6D-A472-29E29AF7643D} - System32\Tasks\{28581C80-690C-48D7-881B-210DD30417F7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5OS7HP\EP-CDB-FRA[1].exe" -d C:\Users\Tony\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{3AEFE666-9167-481B-82BE-2B90E44275C4}: [DhcpNameServer] 89.2.0.1 89.2.0.2
FireFox:
========
FF DefaultProfile: sr4je9lp.default
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sr4je9lp.default [2020-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-12] (Adobe Inc. -> )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] (Apple Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-05-28] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2020-11-24]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Recherche Google) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-23]
CHR Extension: (Better Usenet) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\joicnimnpenclfnifoplemhkmgpimmde [2015-11-11]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-12] (Adobe Inc. -> Adobe)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] (Numedia Soft, Inc. -> )
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [239648 2009-07-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [150192 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [78960 2012-11-15] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [18800 2012-11-15] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-24 15:45 - 2020-11-24 15:46 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (4).exe
2020-11-24 15:38 - 2020-11-24 15:39 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (3).exe
2020-11-24 15:34 - 2020-11-24 15:34 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (2).exe
2020-11-23 17:47 - 2020-11-23 17:48 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (1).exe
2020-11-23 17:04 - 2020-11-23 17:53 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\Mozilla
2020-11-23 16:56 - 2020-11-24 15:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-23 16:52 - 2020-11-23 16:52 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST.exe
2020-11-23 16:51 - 2020-11-23 16:51 - 000064329 _____ C:\Users\Tony\Desktop\téléchargement FRST.htm
2020-11-23 16:39 - 2020-11-23 16:40 - 000017851 _____ C:\Users\Tony\Downloads\Addition.txt
2020-11-23 16:33 - 2020-11-24 15:44 - 000021491 _____ C:\Users\Tony\Downloads\FRST.txt
2020-11-23 16:22 - 2020-11-24 15:41 - 000000000 ____D C:\FRST
2020-11-12 20:51 - 2020-11-12 20:51 - 000002101 _____ C:\Users\Tony\Downloads\72320201112204936879294-recap.pdf
2020-11-12 20:49 - 2020-11-12 20:49 - 000009532 _____ C:\Users\Tony\Downloads\72320201112204936879294-tps.pdf
2020-11-12 20:28 - 2020-11-12 20:28 - 000009638 _____ C:\Users\Tony\Downloads\72320201112202616534361-tps.pdf
2020-11-12 20:26 - 2020-11-12 20:26 - 000002101 _____ C:\Users\Tony\Downloads\72320201112202616534361-recap.pdf
2020-11-12 16:16 - 2020-11-12 16:16 - 000221550 _____ C:\Users\Tony\Downloads\20201110_124410.pdf
2020-11-12 16:14 - 2020-11-12 16:15 - 000208521 _____ C:\Users\Tony\Downloads\20201110_124422.pdf
2020-11-12 16:07 - 2020-11-12 16:07 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B (2).pdf
2020-11-12 15:47 - 2020-11-12 15:47 - 000060660 _____ C:\Users\Tony\Downloads\170672300210-A2 (1) (1).pdf
2020-11-12 15:42 - 2020-11-12 15:42 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2 (2).pdf
2020-11-12 15:32 - 2020-11-12 15:32 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2 (1).pdf
2020-11-12 15:28 - 2020-11-12 15:28 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2.pdf
2020-11-12 15:27 - 2020-11-12 15:27 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B (1).pdf
2020-11-12 15:22 - 2020-11-12 15:22 - 000065705 _____ C:\Users\Tony\Desktop\Attestation permis B Paul CHEREAU.pdf
2020-11-12 15:21 - 2020-11-12 15:21 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B.pdf
2020-11-09 20:58 - 2020-11-09 20:58 - 000097156 _____ C:\Users\Tony\Downloads\sfr-facture-0663782275-0.pdf
2020-11-09 20:54 - 2020-11-09 20:54 - 000097156 _____ C:\Users\Tony\Downloads\sfr-facture-B420-021481762.pdf
2020-11-09 20:50 - 2020-11-09 20:50 - 000721220 _____ C:\Users\Tony\Downloads\AttestationHebergement.pdf
2020-11-09 20:45 - 2020-11-09 20:45 - 000829004 _____ C:\Users\Tony\Downloads\courrier cloture livret A Paul CHEREAU.pdf
2020-11-09 18:19 - 2020-11-09 18:19 - 000104184 _____ C:\Users\Tony\Downloads\BP PAUL CHEREAU (2).pdf
2020-11-09 18:12 - 2020-11-09 18:13 - 000068678 _____ C:\Users\Tony\Downloads\20201109_125902.pdf
2020-11-05 15:07 - 2020-11-05 15:07 - 000071172 _____ C:\Users\Tony\Downloads\RICE (1).pdf
2020-11-01 17:26 - 2020-11-01 17:26 - 000048643 _____ C:\Users\Tony\Downloads\AttestationDroits (3).pdf
2020-10-29 23:29 - 2020-10-29 23:29 - 000420257 _____ C:\Users\Tony\Downloads\attestation déplacement professionnel provisoire-29.10.2020.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-24 15:34 - 2009-07-14 05:34 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-24 15:34 - 2009-07-14 05:34 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-24 15:26 - 2010-06-24 17:46 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-24 15:25 - 2012-05-23 18:55 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-11-24 15:25 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-23 17:48 - 2012-05-23 18:55 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-23 17:48 - 2011-05-13 18:28 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2020-11-23 16:57 - 2015-07-02 19:16 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 14:29 - 2010-06-24 17:25 - 000003906 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8CF93060-C14E-4B39-9A14-EAB0483F2660}
2020-11-22 13:17 - 2019-06-26 10:56 - 000000000 ____D C:\Users\Tony\Desktop\DOCUMENTS ADMINISTRATIFS CHEREAU
2020-11-18 10:02 - 2013-05-13 17:34 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-18 10:02 - 2013-05-13 17:34 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-18 10:02 - 2013-05-13 17:34 - 000002189 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-12 21:08 - 2013-08-16 02:08 - 000000000 ____D C:\Windows\system32\MRT
2020-11-12 21:02 - 2010-06-24 17:43 - 131089152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-12 15:17 - 2013-01-14 21:15 - 000000000 ___RD C:\Users\Tony\Documents\Scanned Documents
2020-11-12 14:27 - 2018-03-13 13:27 - 000004452 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-12 14:27 - 2012-09-24 07:24 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-11-12 14:27 - 2012-09-24 07:24 - 000004484 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-11-12 14:27 - 2011-08-23 12:23 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-11-12 14:27 - 2010-06-24 20:03 - 000000000 ____D C:\Windows\system32\Macromed
2020-11-01 17:23 - 2010-06-24 17:58 - 000735658 _____ C:\Windows\system32\perfh00C.dat
2020-11-01 17:23 - 2010-06-24 17:58 - 000145008 _____ C:\Windows\system32\perfc00C.dat
2020-11-01 17:23 - 2010-06-24 17:31 - 000877762 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-01 17:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-10-29 23:06 - 2016-11-29 22:14 - 000652152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories ========
2014-04-03 18:29 - 2014-04-03 18:29 - 000000036 _____ () C:\Users\Tony\AppData\Roaming\DOK52P4Q3J.dat
2012-12-24 18:16 - 2012-12-24 18:16 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Extensions
2012-12-24 18:17 - 2012-12-24 18:17 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\External Build System
2012-12-24 18:16 - 2012-12-24 18:16 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\File Templates
2012-12-24 18:15 - 2012-12-24 18:15 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Fonts
2013-08-17 06:30 - 2013-08-17 06:30 - 000000000 _____ () C:\Users\Tony\AppData\Roaming\pdfconverter
2014-08-05 09:53 - 2014-08-05 09:53 - 000000036 _____ () C:\Users\Tony\AppData\Roaming\SuYZkvrV.tmp
2013-07-13 21:20 - 2013-07-13 23:32 - 000009216 _____ () C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-21 21:47 - 2015-02-21 21:47 - 000000017 _____ () C:\Users\Tony\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-11-23 15:20
==================== End of FRST.txt ========================
Ran by Tony (administrator) on FIXE (Gigabyte Technology Co., Ltd. M68M-S2P) (24-11-2020 15:36:51)
Running from C:\Users\Tony\Downloads
Loaded Profiles: Tony
Platform: Microsoft Windows 7 Entreprise Service Pack 1 (X86) Language: Anglais (États-Unis)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Numedia Soft, Inc. -> ) C:\Program Files\CDBurnerXP\NMSAccessU.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Orbiscom Ltd. All rights reserved.) [File not signed] C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [uTorrent] => C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe [1983672 2018-04-14] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --disable-quic --flag-switches-end --restore-last-session -- hxxp://cdn.bitmedianetwork.com/network/r.html?u=ue1-2cb23ae7f1 (the data entry has 117 more characters).
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {04e3e458-9457-11e3-8c46-6cf0492b43e8} - E:\CMADownloader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {16e72a91-d01e-11e5-b2a3-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2dcde1d8-4e43-11e4-a990-6cf0492b43e8} - E:\CMADownloader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2e97d61b-d069-11e5-b5a5-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-448322351-3195172183-1875800185-1001\...\MountPoints2: {2e97d6bf-d069-11e5-b5a5-6cf0492b43e8} - E:\HiSuiteDownLoader.exe
HKLM\...\Windows NT x86\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\W32X86\hpzpplhn.dll [89600 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows NT x86\Print Processors\ModiPrint: C:\Windows\System32\spool\prtprocs\W32X86\mdippr.dll [28552 2007-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\LIDIL hpzlllhn: C:\Windows\system32\hpzlllhn.dll [37376 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\Microsoft Document Imaging Writer Monitor: C:\Windows\system32\mdimon.dll [28040 2007-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Redmon: C:\Windows\system32\redmonnt.dll [98304 2007-08-21] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\e-Carte Bleue Banque Populaire.lnk [2012-04-01]
ShortcutTarget: e-Carte Bleue Banque Populaire.lnk -> C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe (Orbiscom Ltd. All rights reserved.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-06-24]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech -> Logitech, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {12B7117A-BBFB-4BCF-93BF-1ADAFB526BEF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {18B7EABE-6CA6-4707-98F2-0E3A4973C0AA} - System32\Tasks\{6D1EA338-797B-4B1C-940D-B01454248476} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {221F8F3A-00EF-4755-8554-AAA0D1659246} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {29C60D44-6964-4548-9D4A-B3BD3D17C35D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {31EA3EA0-483C-4040-86CB-4F137C5DA52D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {36176F70-D095-49FD-B452-9B2902FEDA6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {39648386-5E0E-4E04-AF50-19132AA86012} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {45C903F4-D613-4C71-8CA4-6C069700F9E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4A80F0F1-2AEE-46FD-9D1D-2D34B9BF5CF6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {535ECB34-F5FC-488C-83A5-C0382F2797FC} - System32\Tasks\{B7CDDA4E-D9D5-4839-A467-17A61E4A557A} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {61B6F01D-8A3B-4FD4-805C-65C7FDF80F20} - System32\Tasks\{DCF36174-56AB-4626-B527-CA16220AAAC4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony\Videos\Architecte 3DHD Expert Cad 2010\flashplayer7_winax.exe" -d "C:\Users\Tony\Videos\Architecte 3DHD Expert Cad 2010"
Task: {6A451F7E-00EC-40FC-95C6-A4111F2F2A6B} - System32\Tasks\{86750599-1C4E-49E0-BF09-EC25F78BBAF3} => C:\Program Files\Windows Live\Mail\wlmail.exe [92024 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DDEEBA5-C3D0-4334-ACF9-7C6209E2C9E0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CB47530-3A22-4EB7-8357-8FEE8342CC88} - System32\Tasks\{63DA26B1-C59F-4192-9174-5CF21AB5AF43} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {91F1CEC3-98EE-4D6D-AED0-74D80773F9D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {A1BE2CFF-D0A4-453D-958B-2226519172EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {AB2F9BB8-2513-460B-9E0D-5F1182C1C740} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-12] (Adobe Inc. -> Adobe)
Task: {B44DEFC6-FE33-4EA4-8887-1DBF4D5F6DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
Task: {BC852C35-3E72-4951-9409-B04D87775F56} - System32\Tasks\{AF8D5DF9-92FF-41CF-A18F-89F6406C08E5} => C:\APPCHEREAU\WOWpLauncher.exe [9044744 2015-10-06] (Wargaming.net LLP -> Wargaming.net) [File not signed]
Task: {C5062C67-0BEC-40AB-A6CC-7F099A36B9C5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {DA957937-39DD-447E-9517-C01DF615CE06} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-12] (Adobe Inc. -> Adobe)
Task: {E31458BD-791F-48C2-9C49-DF685D437E55} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4F0609B-5D34-46E7-9BB3-CDED10B32137} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB414872-59A4-4F6D-A472-29E29AF7643D} - System32\Tasks\{28581C80-690C-48D7-881B-210DD30417F7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5OS7HP\EP-CDB-FRA[1].exe" -d C:\Users\Tony\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2
Tcpip\..\Interfaces\{3AEFE666-9167-481B-82BE-2B90E44275C4}: [DhcpNameServer] 89.2.0.1 89.2.0.2
FireFox:
========
FF DefaultProfile: sr4je9lp.default
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sr4je9lp.default [2020-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-12] (Adobe Inc. -> )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] (Apple Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-05-28] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2020-11-24]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Recherche Google) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-23]
CHR Extension: (Better Usenet) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\joicnimnpenclfnifoplemhkmgpimmde [2015-11-11]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-12] (Adobe Inc. -> Adobe)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] (Numedia Soft, Inc. -> )
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [239648 2009-07-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [150192 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [78960 2012-11-15] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [18800 2012-11-15] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-24 15:45 - 2020-11-24 15:46 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (4).exe
2020-11-24 15:38 - 2020-11-24 15:39 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (3).exe
2020-11-24 15:34 - 2020-11-24 15:34 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (2).exe
2020-11-23 17:47 - 2020-11-23 17:48 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST (1).exe
2020-11-23 17:04 - 2020-11-23 17:53 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\Mozilla
2020-11-23 16:56 - 2020-11-24 15:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-23 16:52 - 2020-11-23 16:52 - 002010112 _____ (Farbar) C:\Users\Tony\Downloads\FRST.exe
2020-11-23 16:51 - 2020-11-23 16:51 - 000064329 _____ C:\Users\Tony\Desktop\téléchargement FRST.htm
2020-11-23 16:39 - 2020-11-23 16:40 - 000017851 _____ C:\Users\Tony\Downloads\Addition.txt
2020-11-23 16:33 - 2020-11-24 15:44 - 000021491 _____ C:\Users\Tony\Downloads\FRST.txt
2020-11-23 16:22 - 2020-11-24 15:41 - 000000000 ____D C:\FRST
2020-11-12 20:51 - 2020-11-12 20:51 - 000002101 _____ C:\Users\Tony\Downloads\72320201112204936879294-recap.pdf
2020-11-12 20:49 - 2020-11-12 20:49 - 000009532 _____ C:\Users\Tony\Downloads\72320201112204936879294-tps.pdf
2020-11-12 20:28 - 2020-11-12 20:28 - 000009638 _____ C:\Users\Tony\Downloads\72320201112202616534361-tps.pdf
2020-11-12 20:26 - 2020-11-12 20:26 - 000002101 _____ C:\Users\Tony\Downloads\72320201112202616534361-recap.pdf
2020-11-12 16:16 - 2020-11-12 16:16 - 000221550 _____ C:\Users\Tony\Downloads\20201110_124410.pdf
2020-11-12 16:14 - 2020-11-12 16:15 - 000208521 _____ C:\Users\Tony\Downloads\20201110_124422.pdf
2020-11-12 16:07 - 2020-11-12 16:07 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B (2).pdf
2020-11-12 15:47 - 2020-11-12 15:47 - 000060660 _____ C:\Users\Tony\Downloads\170672300210-A2 (1) (1).pdf
2020-11-12 15:42 - 2020-11-12 15:42 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2 (2).pdf
2020-11-12 15:32 - 2020-11-12 15:32 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2 (1).pdf
2020-11-12 15:28 - 2020-11-12 15:28 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-A2.pdf
2020-11-12 15:27 - 2020-11-12 15:27 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B (1).pdf
2020-11-12 15:22 - 2020-11-12 15:22 - 000065705 _____ C:\Users\Tony\Desktop\Attestation permis B Paul CHEREAU.pdf
2020-11-12 15:21 - 2020-11-12 15:21 - 000061279 _____ C:\Users\Tony\Downloads\170672300210-B.pdf
2020-11-09 20:58 - 2020-11-09 20:58 - 000097156 _____ C:\Users\Tony\Downloads\sfr-facture-0663782275-0.pdf
2020-11-09 20:54 - 2020-11-09 20:54 - 000097156 _____ C:\Users\Tony\Downloads\sfr-facture-B420-021481762.pdf
2020-11-09 20:50 - 2020-11-09 20:50 - 000721220 _____ C:\Users\Tony\Downloads\AttestationHebergement.pdf
2020-11-09 20:45 - 2020-11-09 20:45 - 000829004 _____ C:\Users\Tony\Downloads\courrier cloture livret A Paul CHEREAU.pdf
2020-11-09 18:19 - 2020-11-09 18:19 - 000104184 _____ C:\Users\Tony\Downloads\BP PAUL CHEREAU (2).pdf
2020-11-09 18:12 - 2020-11-09 18:13 - 000068678 _____ C:\Users\Tony\Downloads\20201109_125902.pdf
2020-11-05 15:07 - 2020-11-05 15:07 - 000071172 _____ C:\Users\Tony\Downloads\RICE (1).pdf
2020-11-01 17:26 - 2020-11-01 17:26 - 000048643 _____ C:\Users\Tony\Downloads\AttestationDroits (3).pdf
2020-10-29 23:29 - 2020-10-29 23:29 - 000420257 _____ C:\Users\Tony\Downloads\attestation déplacement professionnel provisoire-29.10.2020.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-24 15:34 - 2009-07-14 05:34 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-24 15:34 - 2009-07-14 05:34 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-24 15:26 - 2010-06-24 17:46 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-24 15:25 - 2012-05-23 18:55 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-11-24 15:25 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-23 17:48 - 2012-05-23 18:55 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-23 17:48 - 2011-05-13 18:28 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2020-11-23 16:57 - 2015-07-02 19:16 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 14:29 - 2010-06-24 17:25 - 000003906 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8CF93060-C14E-4B39-9A14-EAB0483F2660}
2020-11-22 13:17 - 2019-06-26 10:56 - 000000000 ____D C:\Users\Tony\Desktop\DOCUMENTS ADMINISTRATIFS CHEREAU
2020-11-18 10:02 - 2013-05-13 17:34 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-18 10:02 - 2013-05-13 17:34 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-18 10:02 - 2013-05-13 17:34 - 000002189 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-12 21:08 - 2013-08-16 02:08 - 000000000 ____D C:\Windows\system32\MRT
2020-11-12 21:02 - 2010-06-24 17:43 - 131089152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-12 15:17 - 2013-01-14 21:15 - 000000000 ___RD C:\Users\Tony\Documents\Scanned Documents
2020-11-12 14:27 - 2018-03-13 13:27 - 000004452 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-12 14:27 - 2012-09-24 07:24 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-11-12 14:27 - 2012-09-24 07:24 - 000004484 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-11-12 14:27 - 2011-08-23 12:23 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-11-12 14:27 - 2010-06-24 20:03 - 000000000 ____D C:\Windows\system32\Macromed
2020-11-01 17:23 - 2010-06-24 17:58 - 000735658 _____ C:\Windows\system32\perfh00C.dat
2020-11-01 17:23 - 2010-06-24 17:58 - 000145008 _____ C:\Windows\system32\perfc00C.dat
2020-11-01 17:23 - 2010-06-24 17:31 - 000877762 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-01 17:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-10-29 23:06 - 2016-11-29 22:14 - 000652152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories ========
2014-04-03 18:29 - 2014-04-03 18:29 - 000000036 _____ () C:\Users\Tony\AppData\Roaming\DOK52P4Q3J.dat
2012-12-24 18:16 - 2012-12-24 18:16 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Extensions
2012-12-24 18:17 - 2012-12-24 18:17 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\External Build System
2012-12-24 18:16 - 2012-12-24 18:16 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\File Templates
2012-12-24 18:15 - 2012-12-24 18:15 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Fonts
2013-08-17 06:30 - 2013-08-17 06:30 - 000000000 _____ () C:\Users\Tony\AppData\Roaming\pdfconverter
2014-08-05 09:53 - 2014-08-05 09:53 - 000000036 _____ () C:\Users\Tony\AppData\Roaming\SuYZkvrV.tmp
2013-07-13 21:20 - 2013-07-13 23:32 - 000009216 _____ () C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-21 21:47 - 2015-02-21 21:47 - 000000017 _____ () C:\Users\Tony\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-11-23 15:20
==================== End of FRST.txt ========================