Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Normand (administrator) on NORMAND-PC on 03-06-2014 10:33:15
Running from C:\Users\Normand\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-08-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzytCtCyBtCzy0AtA0FyC0FtN0D0Tzu0SzztAtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0D0EyCtAzztBzztG0CyByByBtG0Azz0EyDtG0A0B0FtBtGtCtD0CyBzyzzyCyCyBtAyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0FyDtA0CtCtCtGyC0E0AyCtGtByC0EyBtGzy0EtCzytGyEyEzzyCyByEtA0FzyzytBtC2Q&cr=1501685526&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzytCtCyBtCzy0AtA0FyC0FtN0D0Tzu0SzztAtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0D0EyCtAzztBzztG0CyByByBtG0Azz0EyDtG0A0B0FtBtGtCtD0CyBzyzzyCyCyBtAyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0FyDtA0CtCtCtGyC0E0AyCtGtByC0EyBtGzy0EtCzytGyEyEzzyCyByEtA0FzyzytBtC2Q&cr=1501685526&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - No File
Handler: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - No File
Handler-x32: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - C:\Program Files (x86)\ImpotRapide 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - C:\Program Files (x86)\ImpotRapide 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 96.22.246.145 24.200.228.113 24.200.210.241
FireFox:
========
FF ProfilePath: C:\Users\Normand\AppData\Roaming\Mozilla\Firefox\Profiles\wax5o045.default
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Normand\AppData\Roaming\Mozilla\Firefox\Profiles\wax5o045.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-27]
==================== Services (Whitelisted) =================
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-22] (Kaspersky Lab ZAO)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-22] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-01-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-01-22] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-22] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-03 10:33 - 2014-06-03 10:33 - 00015307 _____ () C:\Users\Normand\Desktop\FRST.txt
2014-06-03 10:32 - 2014-06-03 10:32 - 02068992 _____ (Farbar) C:\Users\Normand\Desktop\FRST64.exe
2014-06-03 10:23 - 2014-06-03 10:33 - 00000000 ____D () C:\FRST
2014-06-03 00:07 - 2014-06-03 00:07 - 00079917 _____ () C:\Users\Normand\Desktop\ZHPDiag.txt
2014-06-03 00:06 - 2014-06-03 00:06 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-03 00:04 - 2014-06-03 00:07 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00001991 _____ () C:\Users\Normand\Desktop\ZHPFix.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00001864 _____ () C:\Users\Normand\Desktop\ZHPDiag.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-31 11:00 - 2014-06-01 15:00 - 00013984 _____ () C:\Users\Normand\Desktop\Calendrier 2014.xlsx
2014-05-21 12:44 - 2014-06-01 11:03 - 00014230 _____ () C:\Users\Normand\Desktop\Normand suivi.xlsx
2014-05-20 11:07 - 2014-06-02 11:33 - 00009091 _____ () C:\Users\Normand\Desktop\Chats poids.xlsx
2014-05-14 10:22 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:22 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:22 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 10:22 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 10:22 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:22 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:20 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:20 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:20 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:20 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 10:29 - 2014-05-11 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 10:52 - 2014-05-19 11:44 - 00015764 _____ () C:\Users\Normand\Desktop\videotron facturation.xlsx
2014-05-07 10:39 - 2014-05-07 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
==================== One Month Modified Files and Folders =======
2014-06-03 10:33 - 2014-06-03 10:33 - 00015307 _____ () C:\Users\Normand\Desktop\FRST.txt
2014-06-03 10:33 - 2014-06-03 10:23 - 00000000 ____D () C:\FRST
2014-06-03 10:33 - 2014-03-24 17:20 - 00000000 ____D () C:\Users\Normand\AppData\Local\Temp
2014-06-03 10:32 - 2014-06-03 10:32 - 02068992 _____ (Farbar) C:\Users\Normand\Desktop\FRST64.exe
2014-06-03 10:30 - 2014-03-27 15:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-03 10:30 - 2014-03-24 17:21 - 01611658 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 10:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 10:30 - 2009-07-14 00:51 - 00039866 _____ () C:\Windows\setupact.log
2014-06-03 10:20 - 2009-07-14 00:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 10:20 - 2009-07-14 00:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 10:17 - 2011-04-12 05:16 - 00750710 _____ () C:\Windows\system32\perfh00C.dat
2014-06-03 10:17 - 2011-04-12 05:16 - 00150854 _____ () C:\Windows\system32\perfc00C.dat
2014-06-03 10:17 - 2009-07-14 01:13 - 01678428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 00:25 - 2014-03-27 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 00:07 - 2014-06-03 00:07 - 00079917 _____ () C:\Users\Normand\Desktop\ZHPDiag.txt
2014-06-03 00:07 - 2014-06-03 00:04 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\ZHP
2014-06-03 00:06 - 2014-06-03 00:06 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-03 00:04 - 2014-06-03 00:04 - 00001991 _____ () C:\Users\Normand\Desktop\ZHPFix.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00001864 _____ () C:\Users\Normand\Desktop\ZHPDiag.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-06-02 11:33 - 2014-05-20 11:07 - 00009091 _____ () C:\Users\Normand\Desktop\Chats poids.xlsx
2014-06-02 11:03 - 2014-03-27 23:42 - 00000152 _____ () C:\Windows\Antidote.ini
2014-06-01 15:00 - 2014-05-31 11:00 - 00013984 _____ () C:\Users\Normand\Desktop\Calendrier 2014.xlsx
2014-06-01 11:03 - 2014-05-21 12:44 - 00014230 _____ () C:\Users\Normand\Desktop\Normand suivi.xlsx
2014-06-01 09:50 - 2010-11-20 23:47 - 00051354 _____ () C:\Windows\PFRO.log
2014-06-01 09:50 - 2009-07-14 01:08 - 00003364 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 11:17 - 2014-04-06 10:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 11:17 - 2014-04-06 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 11:17 - 2014-04-06 10:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-27 11:15 - 2014-03-27 15:40 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\Skype
2014-05-22 10:50 - 2014-03-30 16:51 - 00000000 ____D () C:\Users\Normand\Desktop\cd à graver
2014-05-19 11:44 - 2014-05-10 10:52 - 00015764 _____ () C:\Users\Normand\Desktop\videotron facturation.xlsx
2014-05-15 10:27 - 2014-03-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Sécurité des points d'accès
2014-05-14 21:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 10:45 - 2014-03-25 09:59 - 00000000 ____D () C:\Users\Normand\AppData\Local\Adobe
2014-05-14 10:43 - 2014-04-11 10:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 10:38 - 2014-04-11 10:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 10:38 - 2014-04-11 10:06 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 10:25 - 2014-03-24 17:20 - 00000000 ___RD () C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 10:25 - 2014-03-24 17:20 - 00000000 ___RD () C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 10:24 - 2014-04-24 00:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:22 - 2014-03-29 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:21 - 2014-03-24 18:54 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:21 - 2014-03-24 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 10:14 - 2014-03-27 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-04-06 10:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-04-06 10:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-04-06 10:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:29 - 2014-05-11 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 10:19 - 2014-03-24 17:20 - 00000000 ____D () C:\Users\Normand
2014-05-09 10:03 - 2014-04-11 10:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-09 02:14 - 2014-05-14 10:20 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 10:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 10:39 - 2014-05-07 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-06 00:40 - 2014-05-14 10:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 10:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 10:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 10:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-24 20:47
==================== End Of Log ============================
Ran by Normand (administrator) on NORMAND-PC on 03-06-2014 10:33:15
Running from C:\Users\Normand\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-08-01] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzytCtCyBtCzy0AtA0FyC0FtN0D0Tzu0SzztAtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0D0EyCtAzztBzztG0CyByByBtG0Azz0EyDtG0A0B0FtBtGtCtD0CyBzyzzyCyCyBtAyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0FyDtA0CtCtCtGyC0E0AyCtGtByC0EyBtGzy0EtCzytGyEyEzzyCyByEtA0FzyzytBtC2Q&cr=1501685526&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzytCtCyBtCzy0AtA0FyC0FtN0D0Tzu0SzztAtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0D0EyCtAzztBzztG0CyByByBtG0Azz0EyDtG0A0B0FtBtGtCtD0CyBzyzzyCyCyBtAyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0FyDtA0CtCtCtGyC0E0AyCtGtByC0EyBtGzy0EtCzytGyEyEzzyCyByEtA0FzyzytBtC2Q&cr=1501685526&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - No File
Handler: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - No File
Handler-x32: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - C:\Program Files (x86)\ImpotRapide 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - C:\Program Files (x86)\ImpotRapide 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 96.22.246.145 24.200.228.113 24.200.210.241
FireFox:
========
FF ProfilePath: C:\Users\Normand\AppData\Roaming\Mozilla\Firefox\Profiles\wax5o045.default
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Normand\AppData\Roaming\Mozilla\Firefox\Profiles\wax5o045.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-27]
==================== Services (Whitelisted) =================
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-22] (Kaspersky Lab ZAO)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-22] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-01-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-01-22] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-22] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-03 10:33 - 2014-06-03 10:33 - 00015307 _____ () C:\Users\Normand\Desktop\FRST.txt
2014-06-03 10:32 - 2014-06-03 10:32 - 02068992 _____ (Farbar) C:\Users\Normand\Desktop\FRST64.exe
2014-06-03 10:23 - 2014-06-03 10:33 - 00000000 ____D () C:\FRST
2014-06-03 00:07 - 2014-06-03 00:07 - 00079917 _____ () C:\Users\Normand\Desktop\ZHPDiag.txt
2014-06-03 00:06 - 2014-06-03 00:06 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-03 00:04 - 2014-06-03 00:07 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00001991 _____ () C:\Users\Normand\Desktop\ZHPFix.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00001864 _____ () C:\Users\Normand\Desktop\ZHPDiag.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-31 11:00 - 2014-06-01 15:00 - 00013984 _____ () C:\Users\Normand\Desktop\Calendrier 2014.xlsx
2014-05-21 12:44 - 2014-06-01 11:03 - 00014230 _____ () C:\Users\Normand\Desktop\Normand suivi.xlsx
2014-05-20 11:07 - 2014-06-02 11:33 - 00009091 _____ () C:\Users\Normand\Desktop\Chats poids.xlsx
2014-05-14 10:22 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:22 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:22 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 10:22 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 10:22 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:22 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:20 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:20 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:20 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:20 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 10:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 10:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 10:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 10:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 10:29 - 2014-05-11 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 10:52 - 2014-05-19 11:44 - 00015764 _____ () C:\Users\Normand\Desktop\videotron facturation.xlsx
2014-05-07 10:39 - 2014-05-07 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
==================== One Month Modified Files and Folders =======
2014-06-03 10:33 - 2014-06-03 10:33 - 00015307 _____ () C:\Users\Normand\Desktop\FRST.txt
2014-06-03 10:33 - 2014-06-03 10:23 - 00000000 ____D () C:\FRST
2014-06-03 10:33 - 2014-03-24 17:20 - 00000000 ____D () C:\Users\Normand\AppData\Local\Temp
2014-06-03 10:32 - 2014-06-03 10:32 - 02068992 _____ (Farbar) C:\Users\Normand\Desktop\FRST64.exe
2014-06-03 10:30 - 2014-03-27 15:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-03 10:30 - 2014-03-24 17:21 - 01611658 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 10:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 10:30 - 2009-07-14 00:51 - 00039866 _____ () C:\Windows\setupact.log
2014-06-03 10:20 - 2009-07-14 00:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 10:20 - 2009-07-14 00:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 10:17 - 2011-04-12 05:16 - 00750710 _____ () C:\Windows\system32\perfh00C.dat
2014-06-03 10:17 - 2011-04-12 05:16 - 00150854 _____ () C:\Windows\system32\perfc00C.dat
2014-06-03 10:17 - 2009-07-14 01:13 - 01678428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 00:25 - 2014-03-27 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 00:07 - 2014-06-03 00:07 - 00079917 _____ () C:\Users\Normand\Desktop\ZHPDiag.txt
2014-06-03 00:07 - 2014-06-03 00:04 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\ZHP
2014-06-03 00:06 - 2014-06-03 00:06 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-03 00:04 - 2014-06-03 00:04 - 00001991 _____ () C:\Users\Normand\Desktop\ZHPFix.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00001864 _____ () C:\Users\Normand\Desktop\ZHPDiag.lnk
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-06-02 11:33 - 2014-05-20 11:07 - 00009091 _____ () C:\Users\Normand\Desktop\Chats poids.xlsx
2014-06-02 11:03 - 2014-03-27 23:42 - 00000152 _____ () C:\Windows\Antidote.ini
2014-06-01 15:00 - 2014-05-31 11:00 - 00013984 _____ () C:\Users\Normand\Desktop\Calendrier 2014.xlsx
2014-06-01 11:03 - 2014-05-21 12:44 - 00014230 _____ () C:\Users\Normand\Desktop\Normand suivi.xlsx
2014-06-01 09:50 - 2010-11-20 23:47 - 00051354 _____ () C:\Windows\PFRO.log
2014-06-01 09:50 - 2009-07-14 01:08 - 00003364 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 11:17 - 2014-04-06 10:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 11:17 - 2014-04-06 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 11:17 - 2014-04-06 10:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-27 11:15 - 2014-03-27 15:40 - 00000000 ____D () C:\Users\Normand\AppData\Roaming\Skype
2014-05-22 10:50 - 2014-03-30 16:51 - 00000000 ____D () C:\Users\Normand\Desktop\cd à graver
2014-05-19 11:44 - 2014-05-10 10:52 - 00015764 _____ () C:\Users\Normand\Desktop\videotron facturation.xlsx
2014-05-15 10:27 - 2014-03-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Sécurité des points d'accès
2014-05-14 21:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 10:45 - 2014-03-25 09:59 - 00000000 ____D () C:\Users\Normand\AppData\Local\Adobe
2014-05-14 10:43 - 2014-04-11 10:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 10:38 - 2014-04-11 10:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 10:38 - 2014-04-11 10:06 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 10:25 - 2014-03-24 17:20 - 00000000 ___RD () C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 10:25 - 2014-03-24 17:20 - 00000000 ___RD () C:\Users\Normand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 10:24 - 2014-04-24 00:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:22 - 2014-03-29 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 10:21 - 2014-03-24 18:54 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:21 - 2014-03-24 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-12 10:14 - 2014-03-27 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-04-06 10:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-04-06 10:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-04-06 10:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:29 - 2014-05-11 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 10:19 - 2014-03-24 17:20 - 00000000 ____D () C:\Users\Normand
2014-05-09 10:03 - 2014-04-11 10:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-09 02:14 - 2014-05-14 10:20 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 10:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 10:39 - 2014-05-07 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-06 00:40 - 2014-05-14 10:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 10:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 10:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 10:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-24 20:47
==================== End Of Log ============================