Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by Adrian (administrator) on ADRIAN-PC (07-08-2018 13:11:22) Running from C:\Users\Adrian\Desktop Loaded Profiles: Adrian & Guest (Available Profiles: Adrian & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Adrian\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-27] (Piriform Ltd) HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [MinerGateGui] => C:\Users\Adrian\AppData\Roaming\server\minergate.exe --auto HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd) HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-03] (SUPERAntiSpyware) HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: F - F:\autorun.exe HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {abf5f654-731c-11e4-8cb8-f82fa8dc94ee} - E:\unlock.exe autoplay=true HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {bad336dc-380b-11e8-88ed-ecf4bb0c7e4f} - F:\autorun.exe HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {bad336e2-380b-11e8-88ed-ecf4bb0c7e4f} - G:\autorun.exe HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\MountPoints2: {fafbe510-26ac-11e4-88ef-f82fa8dc94ee} - E:\LG_PC_Programs.exe GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-4055709356-1465872850-4113285666-501\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com URLSearchHook: [S-1-5-21-4055709356-1465872850-4113285666-501_classes] ATTENTION => Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: haadg4ll.default-1485454395780-1505925842552 FF DefaultProfile: y4erocbx.default FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01] FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552 [2018-08-07] FF user.js: detected! => C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552 -> www.google.fr FF NetworkProxy: Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552 -> type", FF Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552\Extensions\3db0-6cc2-c767-dfda [2017-11-03] FF Extension: (antiporn) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552\Extensions\jid1-o7IpBfZ5ihakSw@jetpack.xpi [2017-10-10] [Legacy] FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21] [Legacy] FF Extension: (Flash and Video Download) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\haadg4ll.default-1485454395780-1505925842552\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-10-20] [Legacy] FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2018-08-07] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2018-08-07] CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-02-26] CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05] CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18] CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22] CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01] CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08] CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-06] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] Opera: ======= OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6170624 2014-07-23] (Dell Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows (R) Win 7 DDK provider) S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-06] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-03] (Disc Soft Ltd) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2018-01-12] () R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2015-05-08] (AnchorFree Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation) S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-07 13:11 - 2018-08-07 13:12 - 000018010 _____ C:\Users\Adrian\Desktop\FRST.txt 2018-08-07 13:10 - 2018-08-07 13:10 - 002412544 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64 (1).exe 2018-08-07 13:08 - 2018-08-07 13:08 - 000000165 ____H C:\Users\Adrian\Documents\~$Emploi du temps.xlsx 2018-08-07 11:38 - 2018-08-07 11:39 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-08-07 11:38 - 2018-08-07 11:38 - 034864672 _____ (SUPERAntiSpyware) C:\Users\Adrian\Desktop\SUPERAntiSpyware.exe 2018-08-07 11:38 - 2018-08-07 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2018-08-07 11:16 - 2018-08-07 11:16 - 003265408 _____ C:\Users\Adrian\Desktop\ZHPCleaner.exe 2018-08-07 00:50 - 2018-08-07 00:50 - 007417040 _____ (Malwarebytes) C:\Users\Adrian\Desktop\adwcleaner_7.2.2.exe 2018-08-07 00:42 - 2018-08-07 00:42 - 007417040 _____ (Malwarebytes) C:\Users\Adrian\Desktop\adwcleaner_7.2.2 (1).exe 2018-08-07 00:41 - 2018-08-07 00:41 - 007417040 _____ (Malwarebytes) C:\Users\Adrian\Downloads\adwcleaner_7.2.2.exe 2018-08-07 00:40 - 2018-08-07 11:31 - 000001508 _____ C:\Users\Adrian\Desktop\ZHPCleaner.txt 2018-08-07 00:33 - 2018-08-07 00:33 - 003265408 _____ C:\Users\Adrian\Downloads\ZHPCleaner.exe 2018-08-06 20:51 - 2018-08-07 11:12 - 000129035 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt 2018-08-06 20:44 - 2018-08-06 20:44 - 003157376 _____ C:\Users\Adrian\Downloads\ZHPDiag3.exe 2018-08-06 20:44 - 2018-08-06 20:44 - 000000822 _____ C:\Users\Adrian\Desktop\ZHPDiag.lnk 2018-08-06 19:51 - 2018-08-06 19:51 - 000000000 ____D C:\ProgramData\Synaptics 2018-08-06 17:39 - 2018-08-06 17:39 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-08-06 17:39 - 2018-08-06 17:39 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-08-06 17:39 - 2018-08-06 17:39 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-08-06 17:38 - 2018-08-06 17:38 - 016004240 _____ (Piriform Ltd) C:\Users\Adrian\Downloads\ccsetup544pro.exe 2018-08-06 13:41 - 2018-08-06 13:41 - 000503455 _____ C:\Users\Adrian\Downloads\video-1533547320.mp4 2018-08-05 20:09 - 2018-08-06 16:29 - 000002203 _____ C:\Users\Public\Desktop\Les 9 Destins de Valdo.lnk 2018-08-04 21:21 - 2018-08-04 21:21 - 000000000 ____D C:\Users\Adrian\Downloads\Leonard Cohen - Songs Of Leonard Cohen 2018-08-04 21:08 - 2018-07-26 19:56 - 000000000 ____D C:\Users\Adrian\Downloads\Plain White T's 2018-08-04 20:57 - 2018-08-04 21:04 - 000000000 ____D C:\Users\Adrian\Downloads\The Doors 2018-08-04 20:34 - 2013-03-24 21:39 - 000000000 ____D C:\Users\Adrian\Downloads\monks - 1966 - black monk time 2018-08-04 20:31 - 2018-08-04 20:45 - 000000000 ____D C:\Users\Adrian\Downloads\Simon and Garfunkel 2018-08-04 20:30 - 2018-08-04 20:37 - 000000000 ____D C:\Users\Adrian\Downloads\The Byrds 2018-08-04 20:16 - 2018-08-04 20:26 - 000000000 ____D C:\Users\Adrian\Downloads\The Rolling Stones 2018-08-04 20:16 - 2018-08-04 20:22 - 000000000 ____D C:\Users\Adrian\Downloads\Bob Dylan 2018-08-02 21:28 - 2018-08-02 21:28 - 001397565 _____ C:\Users\Adrian\Downloads\Mossad_Un agent des services secrets israeliens parle - Claire Hoy et Victor Ostrovsky.epub 2018-07-31 19:50 - 2018-08-01 01:00 - 692740940 ____R C:\Users\Adrian\Downloads\House of Horrors (1946) 66 min.Rondo Hatton.Martin Kosleck.Jonzee.H264.mkv 2018-07-31 13:40 - 2018-07-31 14:23 - 000000000 ____D C:\Users\Adrian\Downloads\James Bond Diamonds Are Forever (1971) 2018-07-30 23:24 - 2018-07-28 22:07 - 000000000 ____D C:\Users\Adrian\Downloads\Frederick Forsyth 2018-07-30 10:21 - 2018-07-30 10:21 - 006510820 _____ C:\Users\Adrian\Downloads\Frederick Forsyth.(Dame).rar 2018-07-28 17:27 - 2018-07-28 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Championship Manager 01-02 2018-07-28 17:26 - 2018-08-07 03:13 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02 2018-07-28 17:20 - 2018-07-28 17:43 - 000000000 ____D C:\Users\Adrian\Downloads\Championship.Manager.Season.00-01.PC.Game(djDEVASTATE™) 2018-07-28 17:19 - 2018-07-28 17:24 - 307431424 _____ C:\Users\Adrian\Downloads\Championship Manager 01-02.iso 2018-07-28 17:06 - 2018-07-28 19:11 - 000000000 ____D C:\Program Files (x86)\Championship Manager 3 2018-07-28 17:04 - 2016-05-16 16:24 - 571201536 _____ C:\Users\Adrian\Downloads\Entrain3.iso 2018-07-28 16:54 - 2018-07-28 17:02 - 515624523 _____ C:\Users\Adrian\Downloads\jeu-02340-entraineur_3-pcwin.7z 2018-07-27 19:30 - 2018-07-27 19:30 - 000014854 _____ C:\Users\Adrian\Downloads\Malta-day-by-day.xlsx 2018-07-25 04:56 - 2018-07-25 04:56 - 000075717 _____ C:\Users\Adrian\Downloads\Live Monitoring Weekly Production Highlights - Week 30.pdf 2018-07-23 21:08 - 2018-07-23 21:22 - 000000000 ____D C:\Users\Adrian\Downloads\James Bond Live And Let Die (1973) [1080p] 2018-07-21 17:46 - 2018-07-21 17:46 - 000018653 _____ C:\Users\Adrian\Downloads\shifts-EE-Tallinn-2018-08.xlsx 2018-07-20 16:53 - 2018-07-20 16:54 - 000000000 ____D C:\Users\Adrian\Downloads\Level 42 2018-07-20 16:53 - 2018-07-20 16:53 - 000000000 ____D C:\Users\Adrian\Downloads\Men At Work - Two Hearts (1985) By Muro 2018-07-19 17:59 - 2018-07-19 17:59 - 000000000 ____D C:\Users\Adrian\Downloads\Billy ze kick et les gamins en folie 1993 2018-07-19 17:58 - 2018-07-19 17:58 - 000000000 ____D C:\Users\Adrian\Downloads\1983 - Cargo 2018-07-12 23:58 - 2018-07-13 00:50 - 000000000 ____D C:\Users\Adrian\Downloads\Berlin - Pleasure Victim [FLAC+MP3](Big Papi) Original 1982 CD Source 2018-07-12 23:58 - 2018-07-13 00:04 - 000000000 ____D C:\Users\Adrian\Downloads\Berlin - Count Three And Pray 2018-07-12 23:56 - 2018-07-13 00:01 - 000000000 ____D C:\Users\Adrian\Downloads\The Shangri-Las - Myrmidons of melodrama (1963-66), pop 2018-07-12 23:56 - 2018-07-12 23:56 - 000000000 ____D C:\Users\Adrian\Downloads\The Shangri-Las - Leaders of the Pack [2005] FLAC 2018-07-12 23:55 - 2018-07-13 00:04 - 000000000 ____D C:\Users\Adrian\Downloads\Love Life 2018-07-12 23:55 - 2018-07-13 00:03 - 000000000 ____D C:\Users\Adrian\Downloads\Pleasure Victim 2018-07-12 23:47 - 2018-07-13 00:51 - 000000000 ____D C:\Users\Adrian\Downloads\[1980] Information 2018-07-12 21:55 - 2018-07-14 22:17 - 000003668 _____ C:\Users\Adrian\Documents\Good Charlotte Interview.txt 2018-07-09 10:21 - 2018-07-09 10:22 - 000464760 _____ C:\Windows\system32\FNTCACHE.DAT 2018-07-08 21:34 - 2018-07-08 21:34 - 001323258 _____ C:\Users\Adrian\Downloads\Dragon Ball Z (par Ariane Carletti) - fiche chanson - B&M.mpeg 2018-07-08 11:27 - 2018-07-08 11:27 - 000121864 _____ C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-07 12:43 - 2018-05-30 11:50 - 000009659 _____ C:\Users\Adrian\Documents\Emploi du temps.xlsx 2018-08-07 12:19 - 2017-09-23 12:55 - 000000000 ____D C:\Program Files\Pale Moon 2018-08-07 11:38 - 2017-03-29 20:04 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2018-08-07 11:31 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP 2018-08-07 11:24 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Installations 2018-08-07 11:10 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-07 11:10 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-07 10:54 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-07 00:43 - 2016-06-04 14:37 - 000000000 ____D C:\AdwCleaner 2018-08-07 00:33 - 2017-09-07 14:06 - 000000000 ____D C:\Users\Adrian\AppData\Local\ZHP 2018-08-06 19:51 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2018-08-06 17:41 - 2016-06-03 17:33 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\MPC-HC 2018-08-06 17:41 - 2015-08-17 15:39 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2018-08-06 17:41 - 2015-04-30 22:03 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite 2018-08-06 17:41 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla 2018-08-06 17:41 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent 2018-08-06 17:39 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner 2018-08-06 16:29 - 2018-07-06 00:14 - 000002331 _____ C:\Users\Public\Desktop\Les Guignols de l'Info ...le jeu!.lnk 2018-08-06 16:29 - 2018-07-03 17:46 - 000001876 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk 2018-08-06 16:29 - 2018-06-28 21:45 - 000000624 _____ C:\Users\Public\Desktop\RomStation.lnk 2018-08-06 16:29 - 2018-03-31 14:35 - 000001022 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2018-08-06 16:29 - 2018-01-17 17:13 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk 2018-08-06 16:29 - 2017-12-27 22:43 - 000002030 _____ C:\Users\Public\Desktop\Les états d'Amérique du Nord.lnk 2018-08-06 16:29 - 2017-12-03 02:40 - 000001811 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2018-08-06 16:29 - 2017-12-01 14:41 - 000002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-06 16:29 - 2017-12-01 14:41 - 000002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-06 16:29 - 2017-09-23 12:55 - 000001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk 2018-08-06 16:29 - 2017-09-23 12:55 - 000000923 _____ C:\Users\Public\Desktop\Pale Moon.lnk 2018-08-06 16:29 - 2017-04-14 11:33 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-06 16:29 - 2017-04-14 11:33 - 000002001 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2018-08-06 16:29 - 2016-06-26 15:25 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-06 16:29 - 2016-06-26 15:25 - 000002001 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2018-08-06 16:29 - 2015-08-17 15:36 - 000001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2018-08-06 16:29 - 2015-07-30 19:04 - 000001070 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2018-08-06 16:29 - 2014-09-01 22:47 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2018-08-06 16:29 - 2014-08-01 15:32 - 000000977 _____ C:\Users\Public\Desktop\Mp3tag.lnk 2018-08-06 16:29 - 2014-07-24 14:39 - 000001024 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-08-06 16:29 - 2014-07-24 14:36 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk 2018-08-06 16:29 - 2009-07-14 07:57 - 000001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2018-08-06 16:29 - 2009-07-14 07:57 - 000001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2018-08-06 16:29 - 2009-07-14 07:57 - 000001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2018-08-06 16:29 - 2009-07-14 07:57 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2018-08-06 16:29 - 2009-07-14 07:54 - 000001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2018-08-06 16:28 - 2016-06-05 17:10 - 000000832 _____ C:\Users\Adrian\Desktop\ZHPCleaner.lnk 2018-08-06 16:28 - 2016-06-03 17:32 - 000001748 _____ C:\Users\Adrian\Desktop\MPC-HC x64.lnk 2018-08-06 16:28 - 2016-05-02 20:24 - 000001968 _____ C:\Users\Adrian\Desktop\AVI ReComp.lnk 2018-08-06 16:28 - 2014-09-01 22:47 - 000000947 _____ C:\Users\Adrian\Desktop\Audacity.lnk 2018-08-06 16:28 - 2014-07-24 16:42 - 000000794 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2018-08-06 16:28 - 2009-07-14 08:01 - 000001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2018-08-06 16:28 - 2009-07-14 07:49 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2018-08-06 16:26 - 2017-11-03 23:14 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\3hqdlvlvpef 2018-08-06 15:55 - 2017-09-13 20:24 - 000000000 ____D C:\FRST 2018-08-06 15:54 - 2017-09-15 10:46 - 000000000 ____D C:\Users\Adrian\Desktop\FRST-OlderVersion 2018-08-06 15:54 - 2017-09-13 20:23 - 002412544 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe 2018-08-05 20:09 - 2018-07-03 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abandonware-France 2018-08-05 20:07 - 2017-09-14 21:10 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Abandonware-France 2018-08-05 17:53 - 2018-01-10 15:24 - 000000000 ____D C:\RomStation 2018-08-04 20:58 - 2009-07-14 08:13 - 000788374 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-04 20:06 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis 2018-08-03 20:02 - 2014-08-01 15:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag 2018-08-01 17:44 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox 2018-07-28 22:18 - 2018-01-10 20:10 - 000000000 ____D C:\Users\Adrian\Documents\Roman 2018-07-19 18:00 - 2014-10-13 20:31 - 000000000 ____D C:\Users\Adrian\Downloads\Livres 2018-07-16 00:20 - 2014-09-04 17:35 - 023982391 _____ C:\Users\Adrian\Documents\Films vus.odt 2018-07-16 00:13 - 2014-09-04 18:07 - 001307465 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods 2018-07-14 18:18 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc 2018-07-13 17:44 - 2014-10-13 20:32 - 000000000 ____D C:\Users\Adrian\Downloads\Photos 2018-07-13 17:11 - 2018-06-14 15:40 - 000000000 ____D C:\Users\Adrian\Downloads\Polyester-John Waters.Eng..DVDRip.XViD.PARENTE.1981 2018-07-13 17:10 - 2018-06-15 17:06 - 000000000 ____D C:\Users\Adrian\Downloads\Cop Land 2018-07-13 17:10 - 2018-06-14 15:40 - 000000000 ____D C:\Users\Adrian\Downloads\Pink Flamingos 2018-07-10 20:10 - 2017-11-28 13:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-07-10 10:16 - 2018-07-02 21:38 - 000000000 ____D C:\Users\Adrian\Downloads\GOOD CHARLOTTE - DISCOGRAPHY [CHANNEL NEO] 2018-07-10 10:12 - 2009-07-14 08:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-07-08 17:00 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie ==================== Files in the root of some directories ======= 2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat 2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt 2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-17 13:22 ==================== End of FRST.txt ============================