Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019 Ran by Léo (administrator) on LÉO-PC (SAMSUNG ELECTRONICS CO., LTD. 350V5C/351V5C/3540VC/3440VC) (10-07-2019 18:56:36) Running from C:\Users\Léo\Desktop Loaded Profiles: Léo (Available Profiles: Léo) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Anglais (États-Unis) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Atheros) [File not signed] C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Google Inc -> Google LLC) C:\Users\Léo\AppData\Local\Google\Update\1.3.34.7\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Users\Léo\AppData\Local\Google\Update\1.3.34.7\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (M-Audio -> Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-10-02] (M-Audio -> Avid Technology, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CheckUpdate] => C:\ProgramData\Update\fmaj5.exe [613888 2014-05-02] () [File not signed] HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1149298868-2067588766-1365819076-1000\...\Run: [Google Update] => C:\Users\Léo\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-07-09] (Google Inc -> Google LLC) HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4E69A3D4-F191-4FEE-B688-2C2E4E7F2FFA} - System32\Tasks\{1753EBF6-F68F-49CC-BB51-7EB4EBF45504} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1 Task: {97FEC401-702B-4E1C-A4CF-689AEFC20107} - System32\Tasks\AdobeAAMUpdater-1.0-Léo-PC-Léo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {99A37104-9A02-4EA3-A620-499CDE2AAB36} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {A172D169-EB53-4A0C-A7CF-5DA100124586} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149298868-2067588766-1365819076-1000Core => C:\Users\Léo\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-07-09] (Google Inc -> Google LLC) Task: {A8CECB62-BFB5-4906-A905-7B4BAB80BBEB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy Task: {A8CECB62-BFB5-4906-A905-7B4BAB80BBEB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun Task: {B20215B5-9CB0-49FB-B321-8935AB4EAC61} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate Task: {B20215B5-9CB0-49FB-B321-8935AB4EAC61} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser Task: {C446050F-2AF8-4D38-AE3C-97DAAAFA6B35} - System32\Tasks\Locatorexewlidres => C:\\ProgramData\\cvolsnapwbiosrvc\Locatorexewlidres.exe Task: {D11E14CB-ADA5-42B2-8D0E-CFAB5E492C20} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"] Task: {D44C1595-9EBD-4FF4-A2C1-310571D55F4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149298868-2067588766-1365819076-1000UA => C:\Users\Léo\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-07-09] (Google Inc -> Google LLC) Task: {E460FAF1-4AB8-4F50-BBD1-AB13ACBE5FA8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.) Task: {F4F0CE40-C23D-483A-9AB6-4E31712EE4FC} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B8E448EC-69C5-4E60-AC3E-47A55928ACD4}: [NameServer] 45.86.180.227,185.162.93.213,116.203.6.218,185.130.104.222 Tcpip\..\Interfaces\{B8E448EC-69C5-4E60-AC3E-47A55928ACD4}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1149298868-2067588766-1365819076-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e625388e8e02a599&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e625388e8e02a599&q={searchTerms} SearchScopes: HKU\S-1-5-21-1149298868-2067588766-1365819076-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e625388e8e02a599&q={searchTerms} SearchScopes: HKU\S-1-5-21-1149298868-2067588766-1365819076-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: wW6pNSbH.default FF ProfilePath: C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\wW6pNSbH.default [2019-07-10] FF user.js: detected! => C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\wW6pNSbH.default\user.js [2019-07-06] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1149298868-2067588766-1365819076-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Léo\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-07-09] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-1149298868-2067588766-1365819076-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Léo\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-07-09] (Google Inc -> Google LLC) Chrome: ======= CHR Profile: C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default [2019-07-10] CHR Extension: (Slides) - C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-09] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-09] CHR Extension: (Chrome Media Router) - C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-09] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.PDHUKQ5PKDYXFQT7AHWGABP634 - C:\Users\Léo\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (No Name) - C:\Users\Léo\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknpohplagminmhchlbhigcgcdfigion [2019-07-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation - pGFX -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-15] (Microsoft Windows -> Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2768384 2011-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) S3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited -> Focusrite Audio Engineering Limited) S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry) [File not signed] S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. ) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) R3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2009-10-02] (M-Audio -> Avid Technology, Inc.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc. -> MusicLab, Inc.) S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Focusrite Audio Engineering Limited -> Novation DMS Ltd.) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed] S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2015-02-07] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 2015-02-07] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 SoundGridMIDI; C:\Windows\System32\drivers\SoundGridMidi.sys [43264 2018-03-15] (Waves Inc -> Waves Audio Ltd.) R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [22016 2018-03-15] (Waves Audio Ltd.) [File not signed] R2 SoundGridProtocol; C:\Windows\System32\DRIVERS\SoundGridProtocol.sys [117504 2018-03-15] (Waves Inc -> Waves Audio Ltd.) R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [56832 2018-03-15] (Waves Audio Ltd.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-01-21 15:19 - 2015-04-30 18:20 - 000000000 ____D C:\Windows\system32\appmgmt 2019-07-10 11:39 - 2019-07-10 11:39 - 000015335 _____ C:\Users\Léo\Downloads\fixing-boot-manager-using-startup-repair.pdf 2019-07-10 11:39 - 2019-07-10 11:39 - 000015335 _____ C:\Users\Léo\Downloads\fixing-boot-manager-using-startup-repair (1).pdf 2019-07-10 11:25 - 2019-07-10 11:34 - 000000000 ____D C:\Users\Léo\AppData\LocalLow\Mozilla 2019-07-10 11:25 - 2019-07-10 11:25 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-10 11:25 - 2019-07-10 11:25 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk 2019-07-10 11:25 - 2019-07-10 11:25 - 000000000 ____D C:\Users\Léo\AppData\Local\Mozilla 2019-07-10 11:25 - 2019-07-10 11:25 - 000000000 ____D C:\ProgramData\Mozilla 2019-07-10 11:25 - 2019-07-10 11:25 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-10 11:25 - 2019-07-10 11:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-10 11:24 - 2019-07-10 11:25 - 047200464 _____ (Mozilla) C:\Users\Léo\Downloads\Firefox Setup 67.0.3.exe 2019-07-10 11:22 - 2019-07-10 11:22 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-09 22:26 - 2019-07-09 22:26 - 000002407 _____ C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-07-09 22:26 - 2019-07-09 22:26 - 000002370 _____ C:\Users\Léo\Desktop\Google Chrome.lnk 2019-07-09 22:25 - 2019-07-09 22:25 - 000003674 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149298868-2067588766-1365819076-1000UA 2019-07-09 22:25 - 2019-07-09 22:25 - 000003402 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149298868-2067588766-1365819076-1000Core 2019-07-09 09:58 - 2019-07-09 10:10 - 000015547 _____ C:\Users\Léo\Desktop\Fixlog.txt 2019-07-08 17:21 - 2019-07-08 17:24 - 000043873 _____ C:\Users\Léo\Desktop\Addition.txt 2019-07-08 17:19 - 2019-07-10 18:57 - 000017846 _____ C:\Users\Léo\Desktop\FRST.txt 2019-07-08 17:19 - 2019-07-10 18:56 - 000000000 ____D C:\FRST 2019-07-08 17:19 - 2019-07-08 17:19 - 002420224 _____ (Farbar) C:\Users\Léo\Desktop\FRST64.exe 2019-07-08 14:46 - 2019-07-08 14:46 - 000253280 _____ C:\Users\Léo\Desktop\ZHPCleaner (R).txt 2019-07-08 13:08 - 2019-07-08 13:08 - 003033984 _____ (Nicolas Coolman) C:\Users\Léo\ZHPDiag3.exe 2019-07-08 12:50 - 2019-07-08 12:50 - 000051349 _____ C:\Users\Léo\Desktop\Malware bytes.txt 2019-07-08 12:02 - 2019-07-08 12:02 - 000000000 ____D C:\Users\Léo\AppData\Local\mbamtray 2019-07-08 12:02 - 2019-07-08 12:02 - 000000000 ____D C:\Users\Léo\AppData\Local\mbam 2019-07-08 12:01 - 2019-07-08 12:01 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-08 12:01 - 2019-07-08 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-08 12:01 - 2019-07-08 12:01 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-08 12:01 - 2019-07-08 11:58 - 064455440 _____ (Malwarebytes ) C:\Users\Léo\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11438.exe 2019-07-08 12:01 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-07-08 11:52 - 2019-07-08 12:08 - 000000000 ____D C:\Users\Léo\Desktop\déinfection pc 2019-07-08 11:52 - 2019-07-08 11:52 - 000008193 _____ C:\Users\Léo\Desktop\AdwCleaner[C00].txt 2019-07-08 11:46 - 2019-07-08 11:48 - 000000000 ____D C:\AdwCleaner 2019-07-08 11:45 - 2019-07-08 11:45 - 007025360 _____ (Malwarebytes) C:\Users\Léo\Downloads\adwcleaner_7.3.exe 2019-07-08 11:42 - 2019-07-08 14:35 - 000250815 _____ C:\Users\Léo\Desktop\ZHPCleaner (S).txt 2019-07-08 11:34 - 2019-07-08 11:34 - 003140480 _____ (Nicolas Coolman) C:\Users\Léo\Downloads\ZHPCleaner.exe 2019-07-08 11:34 - 2019-07-08 11:34 - 000000826 _____ C:\Users\Léo\Desktop\ZHPCleaner.lnk 2019-07-08 11:22 - 2019-07-08 11:22 - 007411912 _____ (VS Revo Group ) C:\Users\Léo\Downloads\revosetup.exe 2019-07-08 11:22 - 2019-07-08 11:22 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2019-07-08 11:22 - 2019-07-08 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2019-07-08 11:22 - 2019-07-08 11:22 - 000000000 ____D C:\Program Files\VS Revo Group 2019-07-07 19:38 - 2019-07-10 18:55 - 000293939 _____ C:\Users\Léo\Desktop\ZHPDiag.txt 2019-07-07 18:10 - 2019-07-08 13:08 - 000000663 _____ C:\Users\Léo\Desktop\ZHPDiag.lnk 2019-07-07 18:09 - 2019-07-10 18:55 - 000000000 ____D C:\Users\Léo\AppData\Roaming\ZHP 2019-07-07 18:09 - 2019-07-08 11:34 - 000000000 ____D C:\Users\Léo\AppData\Local\ZHP 2019-07-07 18:09 - 2019-07-07 18:09 - 003033984 _____ (Nicolas Coolman) C:\Users\Léo\Downloads\ZHPDiag3.exe 2019-07-07 17:43 - 2019-07-07 17:43 - 000130501 _____ C:\Users\Léo\Downloads\ResetWUEng.zip 2019-07-07 17:42 - 2019-07-07 17:42 - 000004061 _____ C:\Users\Léo\Downloads\Reset-WindowsUpdate.ps1 2019-07-07 17:26 - 2019-07-07 17:26 - 000313366 _____ C:\Users\Léo\Downloads\WindowsUpdate.diagcab 2019-07-07 06:53 - 2019-07-07 06:54 - 031264856 _____ (M-Audio) C:\Users\Léo\Downloads\Install M-Audio M-Track 8X4M 1.0.3.exe 2019-07-07 06:39 - 2019-07-07 06:39 - 005074344 _____ (Easeware ) C:\Users\Léo\Downloads\DriverEasy_Setup.exe 2019-07-07 02:11 - 2019-07-07 02:11 - 000000000 ____D C:\Anti-Malware 2019-07-07 02:10 - 2019-07-07 02:10 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2019-07-07 02:10 - 2019-07-07 02:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes 2019-07-07 02:07 - 2019-07-07 02:08 - 065859251 _____ C:\Users\Léo\Downloads\malwarebytes licencia full.rar 2019-07-07 01:46 - 2019-07-07 06:56 - 000000000 ____D C:\ProgramData\LimagitoX 2019-07-07 01:45 - 2019-07-07 01:45 - 000003754 _____ C:\Windows\System32\Tasks\Locatorexewlidres 2019-07-07 01:44 - 2019-07-07 02:55 - 000000000 __SHD C:\ProgramData\cvolsnapwbiosrvc 2019-07-07 01:44 - 2019-07-07 01:44 - 057686458 _____ (www.limagito.com ) C:\ProgramData\llimagitox.exe 2019-07-07 01:40 - 2019-07-07 01:40 - 060120186 _____ C:\Users\Léo\Downloads\Files.rar 2019-07-06 22:20 - 2019-07-09 10:21 - 000000000 ____D C:\Windows\pss 2019-07-06 22:16 - 2019-07-08 11:46 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2019-07-06 22:08 - 2019-07-06 22:09 - 005569984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-07-06 22:08 - 2019-07-06 22:09 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2019-07-06 20:29 - 2019-07-07 07:54 - 000000000 ____D C:\Program Files (x86)\rZdaClXBU 2019-07-06 20:29 - 2019-07-07 05:58 - 000000000 ____D C:\Users\Léo\AppData\Roaming\1337 2019-07-06 20:29 - 2019-07-07 02:36 - 000000000 ____D C:\Windows\System32\Tasks\System 2019-07-06 20:29 - 2019-07-06 20:29 - 000000000 ____D C:\ProgramData\jbrd1DZBJBYK 2019-07-06 20:28 - 2019-07-06 22:07 - 000000290 __RSH C:\Users\Léo\ntuser.pol 2019-07-06 20:28 - 2019-07-06 20:30 - 000003242 __RSH C:\ProgramData\ntuser.pol 2019-07-06 20:27 - 2019-07-06 20:30 - 000000000 ____D C:\Users\Léo\AppData\Local\Mail.Ru 2019-07-06 20:27 - 2019-07-06 20:27 - 000000000 ____D C:\Users\Léo\AppData\Roaming\Python 2019-07-06 20:27 - 2019-07-02 14:46 - 000084480 _____ C:\Users\Léo\AppData\Local\task.dll 2019-07-06 20:21 - 2019-07-06 20:22 - 001126961 _____ C:\Users\Léo\Downloads\Setup_6132.zip 2019-07-06 19:58 - 2019-07-06 19:58 - 000000000 ____D C:\Users\Léo\Desktop\RGC Audio z3ta Plus Access Virus VSTi v1.2.Retail-ELiTE 2019-07-06 19:58 - 2019-07-06 19:58 - 000000000 ____D C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite 2019-07-06 19:58 - 2019-07-06 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite 2019-07-06 19:56 - 2019-07-06 19:57 - 003467089 _____ C:\Users\Léo\Downloads\1819.rar 2019-07-04 22:56 - 2019-07-04 22:58 - 099855508 _____ C:\Users\Léo\Downloads\hannemjoen-strangers-stems.zip 2019-07-03 12:41 - 2019-07-03 12:41 - 000312944 _____ C:\Users\Léo\Downloads\Adresse bien présentée…Courrier mieux distribué.pdf 2019-07-01 22:21 - 2019-07-01 22:21 - 000002104 _____ C:\Users\Public\Desktop\Google Earth.lnk 2019-07-01 22:21 - 2019-07-01 22:21 - 000000000 ____D C:\Users\Léo\AppData\LocalLow\Google 2019-07-01 22:21 - 2019-07-01 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2019-07-01 22:19 - 2019-07-01 22:20 - 030589432 _____ C:\Users\Léo\Downloads\GoogleEarthWin.exe 2019-07-01 22:12 - 2019-07-02 11:02 - 000000000 ____D C:\Program Files\Google 2019-07-01 22:04 - 2019-07-01 22:06 - 014993976 _____ (Macrovision Corporation) C:\Users\Léo\Downloads\Google Earth402737.exe 2019-06-30 19:55 - 2019-06-30 19:55 - 000019629 _____ C:\Users\Léo\Downloads\INV0021.pdf 2019-06-29 12:03 - 2019-07-04 22:51 - 000000000 ____D C:\Users\Léo\Desktop\Waves 2019-06-27 12:25 - 2019-06-27 12:34 - 000000000 ____D C:\ProgramData\Waves Audio 2019-06-27 12:16 - 2019-06-27 12:25 - 000000000 ____D C:\Program Files (x86)\Waves 2019-06-27 11:51 - 2018-03-15 04:06 - 000117504 _____ (Waves Audio Ltd.) C:\Windows\system32\Drivers\SoundGridProtocol.sys 2019-06-27 11:51 - 2018-03-15 04:06 - 000088576 _____ (Waves Audio Ltd.) C:\Windows\system32\SoundGridAsio.dll 2019-06-27 11:51 - 2018-03-15 04:06 - 000069632 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\SoundGridAsio.dll 2019-06-27 11:51 - 2018-03-15 04:06 - 000056832 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\Drivers\SoundGridProtocol.sys 2019-06-27 11:51 - 2018-03-15 04:06 - 000043264 _____ (Waves Audio Ltd.) C:\Windows\system32\Drivers\SoundGridMidi.sys 2019-06-27 11:51 - 2018-03-15 04:06 - 000025088 _____ (Waves Audio Ltd.) C:\Windows\system32\SoundGridInstHlp.dll 2019-06-27 11:51 - 2018-03-15 04:06 - 000022016 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\Drivers\SoundGridMidi.sys 2019-06-27 11:51 - 2018-03-15 04:06 - 000018944 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\SoundGridInstHlp.dll 2019-06-22 21:04 - 2019-06-22 21:14 - 000000000 ____D C:\Users\Léo\Desktop\Nouveau dossier 2019-06-21 21:33 - 2019-06-21 21:33 - 000005936 _____ C:\Users\Léo\Downloads\wetransfer-46d0de.zip 2019-06-17 22:33 - 2019-07-01 22:18 - 000000000 ____D C:\Users\Léo\AppData\Roaming\Google 2019-06-15 22:55 - 2019-06-20 16:21 - 000000000 ____D C:\Users\Léo\Desktop\SAMPLES 2019-06-13 17:10 - 2019-06-13 17:11 - 000000000 ___RD C:\Users\Léo\Desktop\LEOBENSALEM_SOUNDS_V4 ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-10 18:43 - 2017-12-01 23:37 - 000000000 ___RD C:\Users\Léo\Desktop\exports 2019-07-10 18:37 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaVintageVerbPreferences 2019-07-10 18:37 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb 2019-07-10 18:37 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2019-07-10 18:37 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaRoom 2019-07-10 11:29 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-07-10 11:29 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-07-10 11:25 - 2015-05-01 00:34 - 000000000 ____D C:\Users\Léo\AppData\Roaming\Mozilla 2019-07-10 11:22 - 2019-04-24 17:47 - 000000000 ____D C:\ProgramData\Update 2019-07-10 11:22 - 2018-05-23 22:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-07-10 11:22 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-09 23:04 - 2015-06-10 13:04 - 000000000 ____D C:\Program Files (x86)\Google 2019-07-09 22:25 - 2015-06-10 13:04 - 000000000 ____D C:\Users\Léo\AppData\Local\Google 2019-07-09 22:18 - 2015-06-08 22:04 - 000000000 ____D C:\Users\Léo\AppData\Local\ElevatedDiagnostics 2019-07-09 22:18 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2019-07-09 20:19 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaShimmer 2019-07-09 10:03 - 2019-02-20 14:22 - 000000000 ____D C:\Users\Léo\AppData\LocalLow\Temp 2019-07-08 13:08 - 2015-02-16 18:41 - 000000000 ____D C:\Users\Léo 2019-07-08 12:50 - 2015-02-16 19:14 - 000000000 ____D C:\Users\Léo\Desktop\progs 2019-07-08 12:04 - 2015-03-12 22:42 - 000746014 _____ C:\Windows\system32\perfh00C.dat 2019-07-08 12:04 - 2015-03-12 22:42 - 000149906 _____ C:\Windows\system32\perfc00C.dat 2019-07-08 12:04 - 2009-07-14 07:13 - 001669584 _____ C:\Windows\system32\PerfStringBackup.INI 2019-07-08 12:04 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2019-07-08 12:02 - 2015-05-06 19:55 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-08 11:18 - 2009-07-14 07:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-07-07 12:20 - 2018-05-07 20:37 - 000000000 ____D C:\Program Files\Gramblr 2019-07-06 20:27 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2019-07-06 20:01 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaUberMod 2019-07-06 20:01 - 2018-04-15 22:18 - 000000000 ____D C:\ProgramData\ValhallaPlate 2019-07-06 20:00 - 2015-02-16 19:18 - 000000000 ____D C:\Program Files (x86)\VstPlugins 2019-07-04 17:52 - 2018-06-17 01:49 - 000000000 ___RD C:\Users\Léo\Desktop\01 2019-07-02 19:25 - 2018-05-27 18:56 - 000000000 ____D C:\ProgramData\boost_interprocess 2019-07-01 22:17 - 2015-02-16 18:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-01 18:58 - 2015-03-25 14:01 - 000000000 ____D C:\Users\Léo\AppData\Local\CrashDumps 2019-06-29 23:53 - 2018-10-31 23:23 - 000000000 ____D C:\Users\Léo\Desktop\plug in disparus 2019-06-27 12:27 - 2018-05-27 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves 2019-06-27 12:25 - 2018-05-27 18:16 - 000000000 ____D C:\Users\Public\Waves Audio 2019-06-27 12:10 - 2015-03-01 19:10 - 000000000 ____D C:\Program Files\Common Files\VST3 2019-06-19 13:27 - 2019-03-27 19:53 - 000000000 ____D C:\Users\Léo\Desktop\Sounds of KSHMR (Vol.1, Vol.2 & Vol.3) 2019-06-18 14:18 - 2018-01-10 16:57 - 000000000 ____D C:\Users\Léo\Documents\Camtasia Studio 2019-06-18 00:04 - 2015-03-19 19:57 - 000020480 _____ C:\Users\Léo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-06-16 22:30 - 2015-11-13 21:28 - 000000000 ____D C:\Users\Léo\AppData\Roaming\Ample Sound 2019-06-10 12:37 - 2019-03-14 01:47 - 000000000 ____D C:\Users\Léo\Desktop\Nouveau dossier (14) ==================== Files in the root of some directories ================ 2019-07-07 01:44 - 2019-07-07 01:44 - 057686458 _____ (www.limagito.com ) C:\ProgramData\llimagitox.exe 2019-07-08 13:08 - 2019-07-08 13:08 - 003033984 _____ (Nicolas Coolman) C:\Users\Léo\ZHPDiag3.exe 2018-05-07 21:56 - 2018-05-07 21:56 - 000000132 _____ () C:\Users\Léo\AppData\Roaming\Préfs Filtre IllExportation Adobe CS6 2018-05-07 21:17 - 2019-05-11 22:08 - 000000132 _____ () C:\Users\Léo\AppData\Roaming\Préfs Format PNG Adobe CS6 2015-03-19 19:57 - 2019-06-18 00:04 - 000020480 _____ () C:\Users\Léo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-11-18 16:37 - 2017-11-18 16:37 - 000007606 _____ () C:\Users\Léo\AppData\Local\Resmon.ResmonCfg 2019-07-06 20:27 - 2019-07-02 14:46 - 000084480 _____ () C:\Users\Léo\AppData\Local\task.dll ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. -> 'C:\Windows\system32\bcdedit' n'est pas reconnu en tant que commande interne ou externe, un programme ex�cutable ou un fichier de commandes. LastRegBack: 2015-05-05 16:08 ==================== End of FRST.txt ============================