Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by KEKEDJ (administrator) on BUREAU-KEKEDJ on 06-04-2014 20:16:55 Running from C:\Users\KEKEDJ\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKU\S-1-5-21-317579529-3843981089-2556235408-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [815496 2013-09-25] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\KEKEDJ\AppData\Roaming\Mozilla\Firefox\Profiles\d4o66bdo.default FF Homepage: hxxp://www.google.fr/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml FF Extension: FrameFox - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF} [2013-10-19] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 20:16 - 2014-04-06 20:17 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt 2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST 2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt 2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe 2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe 2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt 2014-04-01 19:02 - 2014-04-01 19:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-01 19:01 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-01 19:01 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-01 19:01 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe 2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt 2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt 2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2014-03-30 10:20 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP 2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe 2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk 2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk 2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag 2014-03-29 22:46 - 2014-03-29 22:53 - 00000000 ____D () C:\AdwCleaner 2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe ==================== One Month Modified Files and Folders ======= 2014-04-06 20:17 - 2014-04-06 20:16 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt 2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST 2014-04-06 20:00 - 2014-02-26 14:55 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt 2014-04-06 16:24 - 2011-04-12 11:16 - 00694766 _____ () C:\Windows\system32\perfh00C.dat 2014-04-06 16:24 - 2011-04-12 11:16 - 00127478 _____ () C:\Windows\system32\perfc00C.dat 2014-04-06 16:24 - 2009-07-14 07:13 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe 2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe 2014-04-06 16:21 - 2013-01-13 02:00 - 00015095 _____ () C:\Windows\setupact.log 2014-04-06 14:00 - 2014-02-26 14:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 13:52 - 2012-12-22 15:37 - 00155816 _____ () C:\Windows\WindowsUpdate.log 2014-04-02 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-02 10:24 - 2013-04-02 12:22 - 00057182 _____ () C:\Windows\PFRO.log 2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt 2014-04-01 19:18 - 2013-09-02 12:40 - 00000000 ____D () C:\Windows\SysWOW64\dfrg 2014-04-01 19:18 - 2012-12-22 15:46 - 00000000 ____D () C:\Users\KEKEDJ\Desktop\installation 2014-04-01 19:04 - 2014-04-01 19:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe 2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt 2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt 2014-04-01 13:44 - 2014-03-30 10:20 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP 2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt 2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe 2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk 2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk 2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag 2014-03-29 23:46 - 2013-10-06 12:17 - 00007605 _____ () C:\Users\KEKEDJ\AppData\Local\resmon.resmoncfg 2014-03-29 22:53 - 2014-03-29 22:46 - 00000000 ____D () C:\AdwCleaner 2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 01:37 ==================== End Of Log ============================