Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03.06.2018
Ran by mpc-perso (administrator) on XEROX (03-06-2018 12:22:51)
Running from C:\Users\mpc-perso\Desktop
Loaded Profiles: mpc-perso (Available Profiles: mpc-perso)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\...\Run: [Discord] => C:\Users\mpc-perso\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690520 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Tcpip\..\Interfaces\{DD03488C-980B-421C-9F6E-643A160622AD}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Internet Explorer:
==================
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.ca/
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.ca/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-2706604168-2991298728-1745772075-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - C:\Program Files\ImpotRapide 2013\ic2013pp.dll [2014-05-05] (Intuit Canada, a general partnership/une société en nom collectif.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 309dprz5.default
FF ProfilePath: C:\Users\mpc-perso\AppData\Roaming\Mozilla\Firefox\Profiles\309dprz5.default [2018-06-03]
FF Homepage: Mozilla\Firefox\Profiles\309dprz5.default -> hxxp://youtube.ca/
hxxp://google.ca/
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn7.0.25__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default [2018-06-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113624 2017-06-07] (SurfRight B.V.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [321768 2017-06-30] (McAfee, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-03 12:22 - 2018-06-03 12:23 - 000006608 _____ C:\Users\mpc-perso\Desktop\FRST.txt
2018-06-03 12:22 - 2018-06-03 12:22 - 001773568 _____ (Farbar) C:\Users\mpc-perso\Desktop\FRST.exe
2018-06-03 12:22 - 2018-06-03 12:22 - 000000000 ____D C:\FRST
2018-06-03 01:46 - 2018-06-03 01:46 - 000086788 _____ C:\Users\mpc-perso\Desktop\ZHPDiag.txt
2018-06-03 01:43 - 2018-06-03 01:43 - 000051222 _____ C:\Users\mpc-perso\Desktop\malawarebytes quarentaine.txt
2018-06-03 01:31 - 2018-06-03 01:31 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-03 01:31 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-03 01:30 - 2018-06-03 01:31 - 076918432 _____ (Malwarebytes ) C:\Users\mpc-perso\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5330.exe
2018-06-03 01:29 - 2018-06-03 01:29 - 000003664 _____ C:\Users\mpc-perso\Desktop\AdwCleaner[C00].txt
2018-06-03 01:26 - 2018-06-03 01:27 - 000000000 ____D C:\AdwCleaner
2018-06-03 01:26 - 2018-06-03 01:26 - 007271632 _____ (Malwarebytes) C:\Users\mpc-perso\Downloads\adwcleaner_7.1.1.exe
2018-06-03 01:18 - 2018-06-03 01:20 - 000005301 _____ C:\Users\mpc-perso\Desktop\ZHPCleaner.txt
2018-06-03 01:11 - 2018-06-03 01:11 - 003225984 _____ C:\Users\mpc-perso\Downloads\ZHPCleaner.exe
2018-06-03 01:11 - 2018-06-03 01:11 - 000000831 _____ C:\Users\mpc-perso\Desktop\ZHPCleaner.lnk
2018-06-02 19:03 - 2018-06-03 01:46 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\ZHP
2018-06-02 19:03 - 2018-06-03 01:11 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\ZHP
2018-06-02 19:03 - 2018-06-02 19:03 - 003113344 _____ C:\Users\mpc-perso\Downloads\ZHPDiag3.exe
2018-06-02 19:03 - 2018-06-02 19:03 - 000000821 _____ C:\Users\mpc-perso\Desktop\ZHPDiag.lnk
2018-06-01 16:18 - 2018-06-01 16:18 - 000109120 _____ C:\Users\mpc-perso\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-30 01:11 - 2018-05-30 01:12 - 000410344 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-28 15:28 - 2018-05-28 15:28 - 019894880 _____ (Sony Interactive Entertainment Inc.) C:\Users\mpc-perso\Downloads\RemotePlayInstaller.exe
2018-05-23 15:26 - 2018-06-03 12:20 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\comd
2018-05-22 06:05 - 2018-05-22 06:05 - 000560612 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j.odt
2018-05-22 04:48 - 2018-05-22 04:46 - 000871998 _____ C:\Users\mpc-perso\Documents\Maman pourquoi j'existe terminé mais pas corrigé.1.pdf
2018-05-22 04:47 - 2018-05-22 04:43 - 000897859 _____ C:\Users\mpc-perso\Documents\Maman pourquoi j'existe terminé mais pas corrigé - Copy.1.pdf
2018-05-22 04:43 - 2018-05-22 05:04 - 000000000 ____D C:\Users\mpc-perso\Desktop\split pdf maman
2018-05-22 04:40 - 2018-05-22 04:40 - 054743284 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé - Copy.split.zip
2018-05-22 04:36 - 2018-05-10 01:45 - 001019942 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé - Copy.pdf
2018-05-22 02:15 - 2018-05-22 02:26 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\Blurb
2018-05-22 02:15 - 2018-05-22 02:19 - 000000000 ____D C:\Users\mpc-perso\Documents\Blurb
2018-05-22 02:15 - 2018-05-22 02:15 - 000000993 _____ C:\Users\Public\Desktop\BookWright.lnk
2018-05-22 02:15 - 2018-05-22 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookWright
2018-05-22 02:15 - 2018-05-22 02:15 - 000000000 ____D C:\Program Files\BookWright
2018-05-22 02:14 - 2018-05-22 02:14 - 031614576 _____ (Blurb, Inc. ) C:\Users\mpc-perso\Downloads\BookWright.exe
2018-05-22 02:14 - 2018-05-22 02:14 - 031614576 _____ (Blurb, Inc. ) C:\Users\mpc-perso\Downloads\BookWright (1).exe
2018-05-18 22:49 - 2018-06-01 02:18 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\obs-studio
2018-05-18 22:49 - 2018-05-18 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2018-05-18 22:48 - 2018-05-18 22:48 - 000000000 ____D C:\Program Files\obs-studio
2018-05-18 22:47 - 2018-05-18 22:48 - 111696656 _____ (obsproject.com) C:\Users\mpc-perso\Downloads\OBS-Studio-21.1.2-Full-Installer (1).exe
2018-05-18 22:47 - 2018-05-18 22:47 - 015232896 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x64 (1).exe
2018-05-18 22:46 - 2018-05-18 22:46 - 015232896 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x64.exe
2018-05-18 22:46 - 2018-05-18 22:46 - 014608952 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x86.exe
2018-05-18 22:45 - 2018-05-18 22:45 - 111696656 _____ (obsproject.com) C:\Users\mpc-perso\Downloads\OBS-Studio-21.1.2-Full-Installer.exe
2018-05-18 15:20 - 2018-06-03 00:33 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\curl
2018-05-14 23:28 - 2018-05-14 23:29 - 234618768 _____ (General Workings, Inc.) C:\Users\mpc-perso\Downloads\Streamlabs+OBS+Setup+0.9.0-9Az2hVlNoF401oq.exe
2018-05-10 14:17 - 2018-05-12 15:39 - 000000000 ____D C:\Users\mpc-perso\Downloads\sfx live marky
2018-05-10 02:13 - 2018-05-10 02:13 - 000000193 _____ C:\Windows\WORDPAD.INI
2018-05-10 01:45 - 2018-05-10 01:45 - 001019942 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-03 01:46 - 2009-07-14 00:34 - 000028032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-03 01:46 - 2009-07-14 00:34 - 000028032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-03 01:41 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-30 01:15 - 2017-11-29 15:19 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-30 01:15 - 2017-11-29 15:19 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\discord
2018-05-30 01:15 - 2017-11-29 15:18 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\Discord
2018-05-29 12:46 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-05-18 22:50 - 2017-05-07 13:27 - 000000000 ____D C:\Users\mpc-perso\Desktop\jeux
2018-05-18 22:47 - 2016-12-29 14:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-17 16:30 - 2018-02-28 14:26 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 16:30 - 2018-02-28 14:26 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-16 18:42 - 2017-12-17 15:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-10 13:20 - 2013-11-08 16:44 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-04 00:44 - 2009-07-14 03:48 - 000000000 ___RD C:\Users\Public\Recorded TV
==================== Files in the root of some directories =======
2016-04-20 18:31 - 2016-05-17 00:31 - 000000180 _____ () C:\Users\mpc-perso\AppData\Roaming\WB.CFG
2017-08-01 16:16 - 2017-08-01 16:16 - 000007605 _____ () C:\Users\mpc-perso\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-28 02:13
==================== End of FRST.txt ============================
Ran by mpc-perso (administrator) on XEROX (03-06-2018 12:22:51)
Running from C:\Users\mpc-perso\Desktop
Loaded Profiles: mpc-perso (Available Profiles: mpc-perso)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\...\Run: [Discord] => C:\Users\mpc-perso\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690520 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Tcpip\..\Interfaces\{DD03488C-980B-421C-9F6E-643A160622AD}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Internet Explorer:
==================
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.ca/
HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.ca/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-2706604168-2991298728-1745772075-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - C:\Program Files\ImpotRapide 2013\ic2013pp.dll [2014-05-05] (Intuit Canada, a general partnership/une société en nom collectif.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 309dprz5.default
FF ProfilePath: C:\Users\mpc-perso\AppData\Roaming\Mozilla\Firefox\Profiles\309dprz5.default [2018-06-03]
FF Homepage: Mozilla\Firefox\Profiles\309dprz5.default -> hxxp://youtube.ca/
hxxp://google.ca/
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn7.0.25__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default [2018-06-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\mpc-perso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2706604168-2991298728-1745772075-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113624 2017-06-07] (SurfRight B.V.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [321768 2017-06-30] (McAfee, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-03 12:22 - 2018-06-03 12:23 - 000006608 _____ C:\Users\mpc-perso\Desktop\FRST.txt
2018-06-03 12:22 - 2018-06-03 12:22 - 001773568 _____ (Farbar) C:\Users\mpc-perso\Desktop\FRST.exe
2018-06-03 12:22 - 2018-06-03 12:22 - 000000000 ____D C:\FRST
2018-06-03 01:46 - 2018-06-03 01:46 - 000086788 _____ C:\Users\mpc-perso\Desktop\ZHPDiag.txt
2018-06-03 01:43 - 2018-06-03 01:43 - 000051222 _____ C:\Users\mpc-perso\Desktop\malawarebytes quarentaine.txt
2018-06-03 01:31 - 2018-06-03 01:31 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-03 01:31 - 2018-06-03 01:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-03 01:31 - 2018-04-26 05:36 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-03 01:30 - 2018-06-03 01:31 - 076918432 _____ (Malwarebytes ) C:\Users\mpc-perso\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5330.exe
2018-06-03 01:29 - 2018-06-03 01:29 - 000003664 _____ C:\Users\mpc-perso\Desktop\AdwCleaner[C00].txt
2018-06-03 01:26 - 2018-06-03 01:27 - 000000000 ____D C:\AdwCleaner
2018-06-03 01:26 - 2018-06-03 01:26 - 007271632 _____ (Malwarebytes) C:\Users\mpc-perso\Downloads\adwcleaner_7.1.1.exe
2018-06-03 01:18 - 2018-06-03 01:20 - 000005301 _____ C:\Users\mpc-perso\Desktop\ZHPCleaner.txt
2018-06-03 01:11 - 2018-06-03 01:11 - 003225984 _____ C:\Users\mpc-perso\Downloads\ZHPCleaner.exe
2018-06-03 01:11 - 2018-06-03 01:11 - 000000831 _____ C:\Users\mpc-perso\Desktop\ZHPCleaner.lnk
2018-06-02 19:03 - 2018-06-03 01:46 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\ZHP
2018-06-02 19:03 - 2018-06-03 01:11 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\ZHP
2018-06-02 19:03 - 2018-06-02 19:03 - 003113344 _____ C:\Users\mpc-perso\Downloads\ZHPDiag3.exe
2018-06-02 19:03 - 2018-06-02 19:03 - 000000821 _____ C:\Users\mpc-perso\Desktop\ZHPDiag.lnk
2018-06-01 16:18 - 2018-06-01 16:18 - 000109120 _____ C:\Users\mpc-perso\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-30 01:11 - 2018-05-30 01:12 - 000410344 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-28 15:28 - 2018-05-28 15:28 - 019894880 _____ (Sony Interactive Entertainment Inc.) C:\Users\mpc-perso\Downloads\RemotePlayInstaller.exe
2018-05-23 15:26 - 2018-06-03 12:20 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\comd
2018-05-22 06:05 - 2018-05-22 06:05 - 000560612 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j.odt
2018-05-22 04:48 - 2018-05-22 04:46 - 000871998 _____ C:\Users\mpc-perso\Documents\Maman pourquoi j'existe terminé mais pas corrigé.1.pdf
2018-05-22 04:47 - 2018-05-22 04:43 - 000897859 _____ C:\Users\mpc-perso\Documents\Maman pourquoi j'existe terminé mais pas corrigé - Copy.1.pdf
2018-05-22 04:43 - 2018-05-22 05:04 - 000000000 ____D C:\Users\mpc-perso\Desktop\split pdf maman
2018-05-22 04:40 - 2018-05-22 04:40 - 054743284 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé - Copy.split.zip
2018-05-22 04:36 - 2018-05-10 01:45 - 001019942 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé - Copy.pdf
2018-05-22 02:15 - 2018-05-22 02:26 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\Blurb
2018-05-22 02:15 - 2018-05-22 02:19 - 000000000 ____D C:\Users\mpc-perso\Documents\Blurb
2018-05-22 02:15 - 2018-05-22 02:15 - 000000993 _____ C:\Users\Public\Desktop\BookWright.lnk
2018-05-22 02:15 - 2018-05-22 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookWright
2018-05-22 02:15 - 2018-05-22 02:15 - 000000000 ____D C:\Program Files\BookWright
2018-05-22 02:14 - 2018-05-22 02:14 - 031614576 _____ (Blurb, Inc. ) C:\Users\mpc-perso\Downloads\BookWright.exe
2018-05-22 02:14 - 2018-05-22 02:14 - 031614576 _____ (Blurb, Inc. ) C:\Users\mpc-perso\Downloads\BookWright (1).exe
2018-05-18 22:49 - 2018-06-01 02:18 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\obs-studio
2018-05-18 22:49 - 2018-05-18 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2018-05-18 22:48 - 2018-05-18 22:48 - 000000000 ____D C:\Program Files\obs-studio
2018-05-18 22:47 - 2018-05-18 22:48 - 111696656 _____ (obsproject.com) C:\Users\mpc-perso\Downloads\OBS-Studio-21.1.2-Full-Installer (1).exe
2018-05-18 22:47 - 2018-05-18 22:47 - 015232896 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x64 (1).exe
2018-05-18 22:46 - 2018-05-18 22:46 - 015232896 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x64.exe
2018-05-18 22:46 - 2018-05-18 22:46 - 014608952 _____ (Microsoft Corporation) C:\Users\mpc-perso\Downloads\vc2017redist_x86.exe
2018-05-18 22:45 - 2018-05-18 22:45 - 111696656 _____ (obsproject.com) C:\Users\mpc-perso\Downloads\OBS-Studio-21.1.2-Full-Installer.exe
2018-05-18 15:20 - 2018-06-03 00:33 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\curl
2018-05-14 23:28 - 2018-05-14 23:29 - 234618768 _____ (General Workings, Inc.) C:\Users\mpc-perso\Downloads\Streamlabs+OBS+Setup+0.9.0-9Az2hVlNoF401oq.exe
2018-05-10 14:17 - 2018-05-12 15:39 - 000000000 ____D C:\Users\mpc-perso\Downloads\sfx live marky
2018-05-10 02:13 - 2018-05-10 02:13 - 000000193 _____ C:\Windows\WORDPAD.INI
2018-05-10 01:45 - 2018-05-10 01:45 - 001019942 _____ C:\Users\mpc-perso\Desktop\Maman pourquoi j'existe terminé mais pas corrigé.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-03 01:46 - 2009-07-14 00:34 - 000028032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-03 01:46 - 2009-07-14 00:34 - 000028032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-03 01:41 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-30 01:15 - 2017-11-29 15:19 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-30 01:15 - 2017-11-29 15:19 - 000000000 ____D C:\Users\mpc-perso\AppData\Roaming\discord
2018-05-30 01:15 - 2017-11-29 15:18 - 000000000 ____D C:\Users\mpc-perso\AppData\Local\Discord
2018-05-29 12:46 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-05-18 22:50 - 2017-05-07 13:27 - 000000000 ____D C:\Users\mpc-perso\Desktop\jeux
2018-05-18 22:47 - 2016-12-29 14:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-17 16:30 - 2018-02-28 14:26 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 16:30 - 2018-02-28 14:26 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-16 18:42 - 2017-12-17 15:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-10 13:20 - 2013-11-08 16:44 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-04 00:44 - 2009-07-14 03:48 - 000000000 ___RD C:\Users\Public\Recorded TV
==================== Files in the root of some directories =======
2016-04-20 18:31 - 2016-05-17 00:31 - 000000180 _____ () C:\Users\mpc-perso\AppData\Roaming\WB.CFG
2017-08-01 16:16 - 2017-08-01 16:16 - 000007605 _____ () C:\Users\mpc-perso\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-28 02:13
==================== End of FRST.txt ============================