Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018 Ran by Megaport (administrator) on DESKTOP-TU8NRI0 (15-05-2018 20:24:51) Running from C:\Users\Megaport\Desktop Loaded Profiles: Megaport (Available Profiles: Megaport) Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: Anglais (Royaume-Uni) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Megaport GmbH) C:\Program Files\Megaport\Megaport Languagetool Service.exe (F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe (F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe (F-Secure Corporation) C:\Program Files (x86)\SFR Sécurité\fshoster32.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.24.11294.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\9eaee87abab23b313c5b7697b9a103ad\WindowsUpdateBox.exe (Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{294d3229-7677-4941-97f9-74b04bdcdb0f}: [DhcpNameServer] 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{2a08ef6c-d79a-4450-b315-36fa730962c7}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{c705a682-306a-44a3-94c6-0c7aaebaae9d}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e0efccdb-3940-4cbe-a3be-ec16ad254bc7}: [DhcpNameServer] 89.2.0.1 89.2.0.2 Internet Explorer: ================== BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https64.dll [2018-03-12] (F-Secure Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https.dll [2018-03-12] (F-Secure Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-3446404936-4264823063-2574871056-1001 -> about:start FireFox: ======== FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-03-12] FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-06] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default [2018-05-15] CHR Extension: (Slides) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06] CHR Extension: (Docs) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06] CHR Extension: (Google Drive) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06] CHR Extension: (YouTube) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06] CHR Extension: (Sheets) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06] CHR Extension: (Google Docs hors connexion) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-11] CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-03-06] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2018-04-14] CHR Extension: (Gmail) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06] CHR Extension: (Chrome Media Router) - C:\Users\Megaport\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24] CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 fshoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\SFR Sécurité\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsulhoster; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshoster64.exe [572896 2018-05-13] (F-Secure Corporation) R2 fsulorsp; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsorsp64.exe [78304 2018-05-13] (F-Secure Corporation) R2 Megaport Languagetool; C:\Program Files\Megaport\Megaport Languagetool Service.exe [532480 2018-01-25] (Megaport GmbH) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 F-Secure Gatekeeper; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fsulgk.sys [239952 2018-05-13] (F-Secure Corporation) R1 F-Secure UL HIPS; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\ulcore\1525688755\fshs.sys [102216 2018-05-13] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [73928 2018-03-03] () R3 fsni; C:\Program Files (x86)\SFR Sécurité\apps\Ultralight\nif\1520854327\fsni64.sys [117576 2018-03-12] (F-Secure Corporation) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5707264 2017-09-29] (Realtek Semiconductor Corporation ) S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation ) S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-15 20:24 - 2018-05-15 20:25 - 000013090 _____ C:\Users\Megaport\Desktop\FRST.txt 2018-05-15 20:24 - 2018-05-15 20:24 - 002404864 _____ (Farbar) C:\Users\Megaport\Desktop\FRST64.exe 2018-05-15 19:22 - 2018-05-15 19:22 - 000093305 _____ C:\Users\Megaport\Desktop\ZHPDiag.txt 2018-05-15 19:20 - 2018-05-15 19:22 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\ZHP 2018-05-15 19:20 - 2018-05-15 19:20 - 000000868 _____ C:\Users\Megaport\Desktop\ZHPDiag.lnk 2018-05-15 19:20 - 2018-05-15 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\ZHP 2018-05-15 19:19 - 2018-05-15 19:19 - 003099008 _____ C:\Users\Megaport\Downloads\ZHPDiag3.exe 2018-05-15 19:00 - 2018-05-15 19:00 - 000000000 ____D C:\ProgramData\TEMP 2018-05-15 18:59 - 2018-05-15 18:59 - 000000000 ____D C:\Users\Megaport\Documents\Simply Super Software 2018-05-15 18:18 - 2018-05-15 18:19 - 000000000 ____D C:\MARMITON 2018-05-15 18:04 - 2018-05-15 18:04 - 000000000 ____D C:\AdwCleaner 2018-05-15 17:53 - 2018-05-15 20:24 - 000000000 ____D C:\FRST 2018-05-14 19:26 - 2018-05-15 20:01 - 000000000 ____D C:\Users\Megaport\Desktop\POUR LES AUTRES 2018-05-13 20:36 - 2018-05-13 20:36 - 000003592 _____ C:\Windows\System32\Tasks\Skype 2018-04-27 20:26 - 2018-04-27 20:48 - 000000000 ____D C:\Users\Megaport\Desktop\Pour moi boulot 2018-04-27 19:26 - 2018-04-27 20:31 - 000000000 ____D C:\Users\Megaport\Desktop\Mp3 France 2018-04-21 12:55 - 2018-04-21 12:56 - 000000000 ____D C:\Users\Megaport\Desktop\Pour mes séries 2018-04-18 21:05 - 2018-04-18 21:07 - 000000000 ____D C:\Users\Megaport\AppData\Local\MSfree Inc 2018-04-18 20:48 - 2018-04-18 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\PCHEALTH 2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2018-04-18 20:48 - 2018-04-18 20:48 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2018-04-18 20:46 - 2018-04-18 20:49 - 000000000 ____D C:\Program Files\Microsoft Office 2018-04-18 20:46 - 2018-04-18 20:48 - 000000000 ____D C:\Windows\SHELLNEW 2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 __RHD C:\MSOCache 2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Users\Megaport\AppData\Local\Microsoft Help 2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files\Microsoft Analysis Services 2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-04-18 20:46 - 2018-04-18 20:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_4 2018-04-17 19:33 - 2018-04-17 19:33 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus-4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-15 20:19 - 2018-04-12 19:16 - 000000000 ___HD C:\$WINDOWS.~BT 2018-05-15 20:16 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-05-15 20:13 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\Panther 2018-05-15 18:55 - 2018-01-26 11:35 - 000954122 _____ C:\Windows\system32\perfh013.dat 2018-05-15 18:55 - 2018-01-26 11:35 - 000269890 _____ C:\Windows\system32\perfc013.dat 2018-05-15 18:55 - 2018-01-26 11:32 - 000930026 _____ C:\Windows\system32\perfh010.dat 2018-05-15 18:55 - 2018-01-26 11:32 - 000261372 _____ C:\Windows\system32\perfc010.dat 2018-05-15 18:55 - 2018-01-26 11:30 - 001084464 _____ C:\Windows\system32\perfh00C.dat 2018-05-15 18:55 - 2018-01-26 11:30 - 000272350 _____ C:\Windows\system32\perfc00C.dat 2018-05-15 18:55 - 2018-01-26 11:28 - 000959592 _____ C:\Windows\system32\perfh007.dat 2018-05-15 18:55 - 2018-01-26 11:28 - 000268040 _____ C:\Windows\system32\perfc007.dat 2018-05-15 18:55 - 2018-01-26 11:24 - 005798814 _____ C:\Windows\system32\PerfStringBackup.INI 2018-05-15 18:51 - 2018-01-26 11:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-15 18:51 - 2018-01-26 10:45 - 000000000 ____D C:\ProgramData\NVIDIA 2018-05-15 18:50 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI 2018-05-15 18:14 - 2018-01-26 10:51 - 000000000 ____D C:\Windows\system32\MRT 2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-05-15 18:12 - 2018-01-26 10:51 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-05-15 18:12 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp 2018-05-15 17:23 - 2018-01-26 11:18 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-05-15 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness 2018-05-15 05:56 - 2018-03-03 17:44 - 000000000 ____D C:\Users\Megaport\AppData\Local\PlaceholderTileLogoFolder 2018-05-15 05:56 - 2018-01-26 11:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\Packages 2018-05-13 19:17 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache 2018-05-03 19:50 - 2018-03-18 21:06 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_1 2018-05-03 19:46 - 2018-03-18 21:06 - 000000117 _____ C:\Users\Megaport\AppData\Roaming\D2Info0 2018-05-03 19:46 - 2018-03-18 20:28 - 000224439 _____ C:\Users\Megaport\AppData\Localtransition_c68e0c0086a6c99d1c3b40d2464e5fe3.ini 2018-05-02 05:35 - 2018-01-26 11:22 - 000002420 _____ C:\Users\Megaport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-05-02 05:35 - 2018-01-26 11:22 - 000000000 ___RD C:\Users\Megaport\OneDrive 2018-05-02 05:35 - 2018-01-26 10:57 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3446404936-4264823063-2574871056-1001 2018-05-01 23:25 - 2018-03-06 07:31 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-05-01 23:25 - 2018-03-06 07:31 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-01 09:54 - 2018-04-07 19:39 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_3 2018-05-01 09:36 - 2018-03-23 17:45 - 000000008 _____ C:\Users\Megaport\AppData\Roaming\DofusAppId0_2 2018-04-30 21:00 - 2018-01-26 11:18 - 000392848 _____ C:\Windows\system32\FNTCACHE.DAT 2018-04-30 16:45 - 2018-03-18 21:06 - 000000000 ____D C:\Users\Megaport\AppData\Roaming\Dofus 2018-04-29 20:03 - 2018-03-03 18:41 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-28 18:43 - 2018-04-06 22:47 - 000000000 ____D C:\Users\Megaport\Desktop\fm2018 2018-04-28 07:11 - 2018-03-06 07:22 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-04-27 20:59 - 2018-03-03 18:53 - 000000000 ____D C:\Users\Megaport\Desktop\Pour autre DD 2018-04-26 23:04 - 2018-03-03 19:20 - 000000000 ____D C:\Users\Megaport\AppData\Local\JDownloader v2.0 2018-04-21 20:09 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF 2018-04-18 21:08 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\NDF 2018-04-18 20:56 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini 2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-04-18 20:48 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-04-18 20:47 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system ==================== Files in the root of some directories ======= 2018-03-18 21:06 - 2018-05-03 19:46 - 000000117 _____ () C:\Users\Megaport\AppData\Roaming\D2Info0 2018-03-18 21:06 - 2018-05-03 19:50 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_1 2018-03-23 17:45 - 2018-05-01 09:36 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_2 2018-04-07 19:39 - 2018-05-01 09:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_3 2018-04-17 19:33 - 2018-04-30 16:54 - 000000008 _____ () C:\Users\Megaport\AppData\Roaming\DofusAppId0_4 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-14 19:00 ==================== End of FRST.txt ============================