Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by melgignac (administrator) on MELANIE (13-11-2017 09:24:55)
Running from C:\Users\melgignac\Desktop
Loaded Profiles: melgignac (Available Profiles: melgignac)
Platform: Windows 8.1 (Update) (X64) Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BE83649-EDB5-48BE-861B-E5EF42768DB4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-4136111009-1697209817-340259121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://encrypted.google.com
CHR StartupUrls: Default -> "hxxps://encrypted.google.com"
CHR NewTab: Default -> Not-active:"chrome-extension://ikaooahnheaoeceaipjcmnamnoleeblk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://spiralstab.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> SpiralsTab
CHR DefaultSuggestURL: Default -> hxxps://spiralstab.com/suggestions.php?q={searchTerms}
CHR Profile: C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Slides) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (PhotoMania) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjfnbkfaofifbiflcicanlgaiafcamj [2017-09-16]
CHR Extension: (Combiner et détruire) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\alamchlmhbodaeahnppjplfjfgpimeie [2017-09-16]
CHR Extension: (Docs) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-16]
CHR Extension: (Tv-replay) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfgogkjjjedakfeibebkfmlbmagifci [2017-09-16]
CHR Extension: (Solitaire) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfolcpdbfdjhohagaoojepienilkalj [2017-09-16]
CHR Extension: (TV) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-09-16]
CHR Extension: (iCloud) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2017-09-16]
CHR Extension: (Audiotool) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-09-16]
CHR Extension: (YouTube) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (TV) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2017-09-16]
CHR Extension: (Television) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccmmgijadofegbfojekdglknbeeminej [2017-09-16]
CHR Extension: (Voice Messenger Web) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfjllgocpapeahmekdlcjfnnmimjlbk [2017-09-16]
CHR Extension: (Save Tabs) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-13]
CHR Extension: (Polarr Photo Editor) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-09-16]
CHR Extension: (MondoZoo - Jeu de zoo) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejafdpedefplpgoacblaboikebhhjlib [2017-09-16]
CHR Extension: (Solitaire Games) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2017-09-16]
CHR Extension: (Be Tuned - Microphone and Ear Tuner) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoemkekngenpmbklnjbfigfcnpchjbha [2017-09-16]
CHR Extension: (Sheets) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs hors connexion) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-17]
CHR Extension: (AdBlock) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-09]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-08]
CHR Extension: (Fashion Avenue Game Advertising) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfpfgfhnkokdhfkfmnkbjpkkndhidch [2017-09-16]
CHR Extension: (Dinosaurs Games at Duckie Deck) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihnaalgjoilfmjondbonihamkjgeckbi [2017-09-16]
CHR Extension: (SpiralsTab) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikaooahnheaoeceaipjcmnamnoleeblk [2017-11-12]
CHR Extension: (RePlay.FR) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfaefgciinakhhijicamiodfbejphdb [2017-09-16]
CHR Extension: (Jewel Academy) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcbahondobhelgdoiiafgcahfconlab [2017-09-16]
CHR Extension: (Enregistreur de Voix) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehegmanppiacmmpiifhjalpkigpcida [2017-09-16]
CHR Extension: (TwistedWave) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2017-09-16]
CHR Extension: (Télévision en ligne) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\libolgjejdokaflkfbefhpnhpfkgallp [2017-09-16]
CHR Extension: (Cyberkidz preschool toddler games 1) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpopdhdkpmehgceaddfgbdkgfaphgjpe [2017-09-16]
CHR Extension: (The KARAOKE Channel) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nandjepbaefppagnjcpigfngcdgjcpah [2017-09-16]
CHR Extension: (Karaoke Player) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkicphmljcbdmbkpipmlofneklkhhegh [2017-09-16]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Rollip - Photo Effects) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2017-09-16]
CHR Extension: (Viewster - Film Streaming Gratuit) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2017-09-16]
CHR Extension: (Gmail) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
CHR HKLM-x32\...\Chrome\Extension: [ikaooahnheaoeceaipjcmnamnoleeblk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-09-17] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-09-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [540016 2017-04-18] (e2eSoft Corporation)
R1 MpKsl9f728026; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E07D2F0E-4ADE-44D8-9EE3-486C739F2522}\MpKsl9f728026.sys [58120 2017-11-12] (Microsoft Corporation)
R1 MpKsld8c17b51; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E07D2F0E-4ADE-44D8-9EE3-486C739F2522}\MpKsld8c17b51.sys [58120 2017-11-13] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-09-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-09-17] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-09-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 09:24 - 2017-11-13 09:25 - 000012954 _____ C:\Users\melgignac\Desktop\FRST.txt
2017-11-13 09:24 - 2017-11-13 09:24 - 000000000 ____D C:\FRST
2017-11-13 09:23 - 2017-11-13 09:23 - 002392576 _____ (Farbar) C:\Users\melgignac\Desktop\FRST64.exe
2017-11-13 02:53 - 2017-11-13 02:53 - 000000000 ____D C:\Users\melgignac\AppData\Local\FSDART
2017-11-13 02:52 - 2017-11-13 02:56 - 000000000 ____D C:\ProgramData\F-Secure
2017-11-13 02:52 - 2017-11-13 02:53 - 000000000 ____D C:\Users\melgignac\AppData\Local\F-Secure
2017-11-13 02:40 - 2017-11-13 02:42 - 000000000 ____D C:\AdwCleaner
2017-11-13 02:40 - 2017-11-13 02:40 - 008261584 _____ (Malwarebytes) C:\Users\melgignac\Downloads\adwcleaner_7.0.4.0.exe
2017-11-12 12:10 - 2017-11-12 12:10 - 000001893 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 12:10 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-12 12:08 - 2017-11-12 12:09 - 078346672 _____ (Malwarebytes ) C:\Users\melgignac\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-12 11:51 - 2017-11-12 11:51 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-11 20:54 - 2017-11-11 21:10 - 734583434 ____R C:\Users\melgignac\Downloads\[ Torrent9.tv ] First.Kill.2017.FRENCH.BDRip.XviD-GZR.avi
2017-11-11 20:54 - 2017-11-11 21:10 - 729262756 ____R C:\Users\melgignac\Downloads\[ Torrent9.tv ] Altitude.2017.FRENCH.BDRip.XviD-EXTREME.avi
2017-11-11 20:54 - 2017-11-11 20:54 - 000058310 _____ C:\Users\melgignac\Downloads\altitude-french-dvdrip-2017.torrent
2017-11-11 20:51 - 2017-11-11 20:51 - 000030848 _____ C:\Users\melgignac\Downloads\first-kill-french-dvdrip-2017.torrent
2017-11-04 23:17 - 2017-04-18 10:00 - 000540016 _____ (e2eSoft Corporation) C:\WINDOWS\system32\Drivers\iVCam.sys
2017-11-03 08:47 - 2017-11-03 08:53 - 373291584 _____ C:\Users\melgignac\Downloads\[ Torrent9.tv ] Riverdale.US.S02E01.FRENCH.WEBRip.XviD-EXTREME.avi
2017-10-31 07:02 - 2017-10-31 07:03 - 000000000 ____D C:\Users\melgignac\Downloads\[nextorrent.net] Legion Saison 1 FRENCH HDTV
2017-10-29 00:34 - 2017-10-29 00:34 - 000000000 ____D C:\Users\melgignac\AppData\Local\e2eSoft
2017-10-26 12:48 - 2017-10-26 12:48 - 000001270 _____ C:\Users\melgignac\Desktop\sounds - Raccourci.lnk
2017-10-26 12:26 - 2017-11-11 20:44 - 000000000 ____D C:\Users\melgignac\AppData\Roaming\mIRC
2017-10-26 12:26 - 2017-10-26 12:26 - 000000973 _____ C:\Users\Public\Desktop\mIRC.lnk
2017-10-26 12:26 - 2017-10-26 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2017-10-26 12:26 - 2017-10-26 12:26 - 000000000 ____D C:\Program Files (x86)\mIRC
2017-10-26 12:25 - 2017-10-26 12:26 - 002751696 _____ (mIRC Co. Ltd.) C:\Users\melgignac\Downloads\mirc751.exe
2017-10-26 11:36 - 2017-11-11 20:51 - 000000000 ____D C:\Users\melgignac\AppData\LocalLow\BitTorrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 09:10 - 2017-09-19 10:02 - 000003948 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA2783BA-F042-4B0C-B144-1E43FC00C151}
2017-11-13 03:37 - 2017-09-16 23:16 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4136111009-1697209817-340259121-1001
2017-11-13 02:50 - 2017-09-19 09:47 - 000776990 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-13 02:50 - 2017-09-19 09:47 - 000154886 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-13 02:50 - 2014-11-21 03:44 - 001735950 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-13 02:50 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-13 02:44 - 2017-09-17 05:33 - 000000000 __SHD C:\Users\melgignac\IntelGraphicsProfiles
2017-11-13 02:44 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-13 02:44 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-11-13 02:42 - 2017-09-26 10:29 - 000000000 ____D C:\Users\melgignac\AppData\Roaming\BitTorrent
2017-11-12 11:50 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-12 11:50 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-09 04:03 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-05 22:47 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-05 22:47 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-05 18:46 - 2017-09-16 23:09 - 000000000 ____D C:\Users\melgignac\AppData\Local\Packages
2017-11-05 05:05 - 2017-09-19 09:08 - 000000000 ____D C:\Users\melgignac\AppData\Local\ElevatedDiagnostics
2017-10-31 21:17 - 2017-09-17 13:39 - 000000000 ____D C:\Users\melgignac
2017-10-19 07:43 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 11:59 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-16 11:42 - 2013-08-22 09:44 - 000337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-16 11:38 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-05 05:04
==================== End of FRST.txt ============================
Ran by melgignac (administrator) on MELANIE (13-11-2017 09:24:55)
Running from C:\Users\melgignac\Desktop
Loaded Profiles: melgignac (Available Profiles: melgignac)
Platform: Windows 8.1 (Update) (X64) Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BE83649-EDB5-48BE-861B-E5EF42768DB4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-4136111009-1697209817-340259121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://encrypted.google.com
CHR StartupUrls: Default -> "hxxps://encrypted.google.com"
CHR NewTab: Default -> Not-active:"chrome-extension://ikaooahnheaoeceaipjcmnamnoleeblk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://spiralstab.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> SpiralsTab
CHR DefaultSuggestURL: Default -> hxxps://spiralstab.com/suggestions.php?q={searchTerms}
CHR Profile: C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Slides) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (PhotoMania) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjfnbkfaofifbiflcicanlgaiafcamj [2017-09-16]
CHR Extension: (Combiner et détruire) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\alamchlmhbodaeahnppjplfjfgpimeie [2017-09-16]
CHR Extension: (Docs) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-16]
CHR Extension: (Tv-replay) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfgogkjjjedakfeibebkfmlbmagifci [2017-09-16]
CHR Extension: (Solitaire) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfolcpdbfdjhohagaoojepienilkalj [2017-09-16]
CHR Extension: (TV) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-09-16]
CHR Extension: (iCloud) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2017-09-16]
CHR Extension: (Audiotool) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-09-16]
CHR Extension: (YouTube) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (TV) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2017-09-16]
CHR Extension: (Television) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccmmgijadofegbfojekdglknbeeminej [2017-09-16]
CHR Extension: (Voice Messenger Web) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfjllgocpapeahmekdlcjfnnmimjlbk [2017-09-16]
CHR Extension: (Save Tabs) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-13]
CHR Extension: (Polarr Photo Editor) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-09-16]
CHR Extension: (MondoZoo - Jeu de zoo) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejafdpedefplpgoacblaboikebhhjlib [2017-09-16]
CHR Extension: (Solitaire Games) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2017-09-16]
CHR Extension: (Be Tuned - Microphone and Ear Tuner) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoemkekngenpmbklnjbfigfcnpchjbha [2017-09-16]
CHR Extension: (Sheets) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs hors connexion) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-17]
CHR Extension: (AdBlock) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-09]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-08]
CHR Extension: (Fashion Avenue Game Advertising) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfpfgfhnkokdhfkfmnkbjpkkndhidch [2017-09-16]
CHR Extension: (Dinosaurs Games at Duckie Deck) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihnaalgjoilfmjondbonihamkjgeckbi [2017-09-16]
CHR Extension: (SpiralsTab) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikaooahnheaoeceaipjcmnamnoleeblk [2017-11-12]
CHR Extension: (RePlay.FR) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfaefgciinakhhijicamiodfbejphdb [2017-09-16]
CHR Extension: (Jewel Academy) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcbahondobhelgdoiiafgcahfconlab [2017-09-16]
CHR Extension: (Enregistreur de Voix) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehegmanppiacmmpiifhjalpkigpcida [2017-09-16]
CHR Extension: (TwistedWave) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2017-09-16]
CHR Extension: (Télévision en ligne) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\libolgjejdokaflkfbefhpnhpfkgallp [2017-09-16]
CHR Extension: (Cyberkidz preschool toddler games 1) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpopdhdkpmehgceaddfgbdkgfaphgjpe [2017-09-16]
CHR Extension: (The KARAOKE Channel) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nandjepbaefppagnjcpigfngcdgjcpah [2017-09-16]
CHR Extension: (Karaoke Player) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkicphmljcbdmbkpipmlofneklkhhegh [2017-09-16]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Rollip - Photo Effects) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2017-09-16]
CHR Extension: (Viewster - Film Streaming Gratuit) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2017-09-16]
CHR Extension: (Gmail) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\melgignac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-16]
CHR HKLM-x32\...\Chrome\Extension: [ikaooahnheaoeceaipjcmnamnoleeblk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-09-17] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-09-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [540016 2017-04-18] (e2eSoft Corporation)
R1 MpKsl9f728026; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E07D2F0E-4ADE-44D8-9EE3-486C739F2522}\MpKsl9f728026.sys [58120 2017-11-12] (Microsoft Corporation)
R1 MpKsld8c17b51; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E07D2F0E-4ADE-44D8-9EE3-486C739F2522}\MpKsld8c17b51.sys [58120 2017-11-13] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-09-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-09-17] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-09-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 09:24 - 2017-11-13 09:25 - 000012954 _____ C:\Users\melgignac\Desktop\FRST.txt
2017-11-13 09:24 - 2017-11-13 09:24 - 000000000 ____D C:\FRST
2017-11-13 09:23 - 2017-11-13 09:23 - 002392576 _____ (Farbar) C:\Users\melgignac\Desktop\FRST64.exe
2017-11-13 02:53 - 2017-11-13 02:53 - 000000000 ____D C:\Users\melgignac\AppData\Local\FSDART
2017-11-13 02:52 - 2017-11-13 02:56 - 000000000 ____D C:\ProgramData\F-Secure
2017-11-13 02:52 - 2017-11-13 02:53 - 000000000 ____D C:\Users\melgignac\AppData\Local\F-Secure
2017-11-13 02:40 - 2017-11-13 02:42 - 000000000 ____D C:\AdwCleaner
2017-11-13 02:40 - 2017-11-13 02:40 - 008261584 _____ (Malwarebytes) C:\Users\melgignac\Downloads\adwcleaner_7.0.4.0.exe
2017-11-12 12:10 - 2017-11-12 12:10 - 000001893 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-12 12:10 - 2017-11-12 12:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 12:10 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-12 12:08 - 2017-11-12 12:09 - 078346672 _____ (Malwarebytes ) C:\Users\melgignac\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-12 11:51 - 2017-11-12 11:51 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-11 20:54 - 2017-11-11 21:10 - 734583434 ____R C:\Users\melgignac\Downloads\[ Torrent9.tv ] First.Kill.2017.FRENCH.BDRip.XviD-GZR.avi
2017-11-11 20:54 - 2017-11-11 21:10 - 729262756 ____R C:\Users\melgignac\Downloads\[ Torrent9.tv ] Altitude.2017.FRENCH.BDRip.XviD-EXTREME.avi
2017-11-11 20:54 - 2017-11-11 20:54 - 000058310 _____ C:\Users\melgignac\Downloads\altitude-french-dvdrip-2017.torrent
2017-11-11 20:51 - 2017-11-11 20:51 - 000030848 _____ C:\Users\melgignac\Downloads\first-kill-french-dvdrip-2017.torrent
2017-11-04 23:17 - 2017-04-18 10:00 - 000540016 _____ (e2eSoft Corporation) C:\WINDOWS\system32\Drivers\iVCam.sys
2017-11-03 08:47 - 2017-11-03 08:53 - 373291584 _____ C:\Users\melgignac\Downloads\[ Torrent9.tv ] Riverdale.US.S02E01.FRENCH.WEBRip.XviD-EXTREME.avi
2017-10-31 07:02 - 2017-10-31 07:03 - 000000000 ____D C:\Users\melgignac\Downloads\[nextorrent.net] Legion Saison 1 FRENCH HDTV
2017-10-29 00:34 - 2017-10-29 00:34 - 000000000 ____D C:\Users\melgignac\AppData\Local\e2eSoft
2017-10-26 12:48 - 2017-10-26 12:48 - 000001270 _____ C:\Users\melgignac\Desktop\sounds - Raccourci.lnk
2017-10-26 12:26 - 2017-11-11 20:44 - 000000000 ____D C:\Users\melgignac\AppData\Roaming\mIRC
2017-10-26 12:26 - 2017-10-26 12:26 - 000000973 _____ C:\Users\Public\Desktop\mIRC.lnk
2017-10-26 12:26 - 2017-10-26 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2017-10-26 12:26 - 2017-10-26 12:26 - 000000000 ____D C:\Program Files (x86)\mIRC
2017-10-26 12:25 - 2017-10-26 12:26 - 002751696 _____ (mIRC Co. Ltd.) C:\Users\melgignac\Downloads\mirc751.exe
2017-10-26 11:36 - 2017-11-11 20:51 - 000000000 ____D C:\Users\melgignac\AppData\LocalLow\BitTorrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 09:10 - 2017-09-19 10:02 - 000003948 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA2783BA-F042-4B0C-B144-1E43FC00C151}
2017-11-13 03:37 - 2017-09-16 23:16 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4136111009-1697209817-340259121-1001
2017-11-13 02:50 - 2017-09-19 09:47 - 000776990 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-13 02:50 - 2017-09-19 09:47 - 000154886 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-13 02:50 - 2014-11-21 03:44 - 001735950 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-13 02:50 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-13 02:44 - 2017-09-17 05:33 - 000000000 __SHD C:\Users\melgignac\IntelGraphicsProfiles
2017-11-13 02:44 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-13 02:44 - 2013-08-22 08:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-11-13 02:42 - 2017-09-26 10:29 - 000000000 ____D C:\Users\melgignac\AppData\Roaming\BitTorrent
2017-11-12 11:50 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-12 11:50 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-09 04:03 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-05 22:47 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-05 22:47 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-05 18:46 - 2017-09-16 23:09 - 000000000 ____D C:\Users\melgignac\AppData\Local\Packages
2017-11-05 05:05 - 2017-09-19 09:08 - 000000000 ____D C:\Users\melgignac\AppData\Local\ElevatedDiagnostics
2017-10-31 21:17 - 2017-09-17 13:39 - 000000000 ____D C:\Users\melgignac
2017-10-19 07:43 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 11:59 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-10-16 11:42 - 2013-08-22 09:44 - 000337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-16 11:38 - 2013-08-22 10:36 - 000000000 ___RD C:\WINDOWS\ToastData
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-05 05:04
==================== End of FRST.txt ============================