Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Clémentine (administrator) on CLÉMENTINE-PC on 16-07-2015 23:29:21
Running from C:\Users\Clémentine\Desktop
Loaded Profiles: Clémentine (Available Profiles: Clémentine)
Platform: Microsoft Windows 7 Entreprise Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell) C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\notepad.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2012-07-04] (Marvell Semiconductor, Inc.)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHEE.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [DellSystemDetect] => C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-21] (Dell)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52591;https=127.0.0.1:52591
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-11] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-29] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{90559B1A-FC90-4BA4-98F5-988F4027F58D}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Clémentine\AppData\Roaming\Mozilla\Firefox\Profiles\t6bxagwp.default-1436728464657
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-912731831-3549031389-3632180545-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\oursurfing.xml [2015-05-11]
Chrome:
=======
CHR Profile: C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Google Drive) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-18]
CHR Extension: (YouTube) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-18]
CHR Extension: (Google Search) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-18]
CHR Extension: (Blockulicious) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-12]
CHR Extension: (Gmail) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-09-27] (SEIKO EPSON CORPORATION)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [259824 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2010-07-09] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2725616 2014-01-08] (Intel® Corporation)
S2 CoupoonService; C:\Program Files\coupoon\iiwjljrnpc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslcafbc566; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BBE7B61-5D2D-4CD6-9A05-AD4A90DB5C11}\MpKslcafbc566.sys [39168 2015-07-16] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31488 2014-01-08] (Intel Corporation )
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10374144 2014-01-26] (Intel Corporation)
S3 SIS163u; C:\Windows\System32\DRIVERS\sis163u.sys [215040 2005-06-20] (SiS Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2012-05-21] (STMicroelectronics)
S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [43512 2015-05-16] () <==== ATTENTION
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\CLMENT~1\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 23:29 - 2015-07-16 23:29 - 00012486 _____ C:\Users\Clémentine\Desktop\FRST.txt
2015-07-16 23:21 - 2015-07-16 23:21 - 00034490 _____ C:\Users\Clémentine\Downloads\Shortcut.txt
2015-07-16 23:20 - 2015-07-16 23:21 - 00042650 _____ C:\Users\Clémentine\Downloads\Addition.txt
2015-07-16 23:20 - 2015-07-16 23:21 - 00022836 _____ C:\Users\Clémentine\Downloads\FRST.txt
2015-07-16 23:19 - 2015-07-16 23:29 - 00000000 ____D C:\FRST
2015-07-16 23:19 - 2015-07-16 23:19 - 01636864 _____ (Farbar) C:\Users\Clémentine\Desktop\FRST.exe
2015-07-16 23:09 - 2015-07-16 23:09 - 00000556 _____ C:\Windows\PFRO.log
2015-07-16 23:09 - 2015-07-16 23:09 - 00000056 _____ C:\Windows\setupact.log
2015-07-16 23:09 - 2015-07-16 23:09 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 22:42 - 2015-07-16 22:42 - 00006199 _____ C:\Users\Clémentine\Desktop\JRT.txt
2015-07-16 22:37 - 2015-07-16 22:37 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Clémentine\Downloads\JRT.exe
2015-07-16 20:43 - 2015-07-16 22:19 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-16 20:25 - 2015-07-16 20:25 - 00027695 _____ C:\ComboFix.txt
2015-07-16 19:59 - 2015-07-16 20:00 - 05634275 ____R (Swearware) C:\Users\Clémentine\Downloads\ComboFix.exe
2015-07-16 19:39 - 2015-07-16 19:40 - 00001676 _____ C:\Users\Public\Desktop\sapo internet móvel.lnk
2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Windows\system32\SupportAppPT
2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Program Files\sapo internet móvel
2015-07-16 19:39 - 2015-07-16 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sapo internet móvel
2015-07-16 19:37 - 2015-07-16 19:38 - 00000000 ____D C:\Users\Clémentine\Desktop\sapo internet móvel
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2015-07-13 19:39 - 2015-07-13 20:50 - 00000000 ____D C:\Users\Clémentine\Desktop\tel maman
2015-07-12 22:17 - 2015-07-12 22:17 - 00001347 _____ C:\Users\Clémentine\Desktop\Star Trek Online.lnk
2015-07-12 21:52 - 2015-07-12 21:52 - 00015800 _____ C:\Windows\system32\results.xml
2015-07-12 21:49 - 2015-07-12 21:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Local\Intel
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-07-12 21:06 - 2015-07-12 21:06 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2015-07-12 21:05 - 2015-07-12 21:05 - 00638976 _____ C:\Users\Clémentine\Downloads\Detection(2).msi
2015-07-09 23:27 - 2015-06-28 16:06 - 734003488 _____ C:\Users\Clémentine\Desktop\Pourquoi j'ai pas Mangé mon Père (Film 2h12mn VF).avi
2015-06-18 22:16 - 2015-06-18 22:16 - 00000000 ____D C:\Users\Clémentine\AppData\Local\mva3vwetn0ljbmz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 23:24 - 2014-12-24 00:58 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 23:20 - 2014-03-23 14:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 23:19 - 2014-03-23 14:44 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 23:18 - 2014-03-23 00:07 - 01987085 _____ C:\Windows\WindowsUpdate.log
2015-07-16 23:10 - 2009-07-14 06:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-16 23:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 23:05 - 2015-05-23 21:21 - 00000000 ____D C:\Users\Clémentine\AppData\Local\CrashDumps
2015-07-16 23:04 - 2014-05-31 11:31 - 00000000 ____D C:\AdwCleaner
2015-07-16 23:02 - 2015-06-15 18:46 - 00002165 _____ C:\Users\Clémentine\Desktop\Google Chrome.lnk
2015-07-16 23:01 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media
2015-07-16 22:51 - 2014-05-31 11:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 22:46 - 2015-05-11 22:51 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\4C4C4544-1431377460-4D10-804E-C8C04F324D31
2015-07-16 22:21 - 2015-05-11 22:55 - 00000000 ____D C:\Users\Clémentine\AppData\Local\4C4C4544-1431384901-4D10-804E-C8C04F324D31
2015-07-16 22:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-16 22:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-16 20:45 - 2014-03-23 00:12 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 20:27 - 2015-05-23 21:01 - 00000000 ____D C:\Users\Clémentine\AppData\Local\VirtualStore
2015-07-16 20:25 - 2014-12-07 01:40 - 00000000 ____D C:\Qoobox
2015-07-16 20:23 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-16 20:09 - 2014-12-07 01:39 - 00000000 ____D C:\Windows\erdnt
2015-07-16 20:09 - 2009-07-14 04:03 - 52428800 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 38273024 _____ C:\Windows\system32\config\COMPON~1.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 18087936 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00065536 _____ C:\Windows\system32\config\SAM.bak
2015-07-16 19:39 - 2014-12-08 02:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-16 19:22 - 2014-03-29 23:12 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 23:56 - 2014-12-23 20:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-12 23:20 - 2014-12-26 00:11 - 00000000 ____D C:\Users\Clémentine\Documents\TrackMania
2015-07-12 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-07-12 22:32 - 2014-12-25 22:32 - 00000000 ____D C:\ProgramData\IRtDZJqW
2015-07-12 22:32 - 2014-12-23 20:55 - 00000000 ____D C:\Windows\Minidump
2015-07-12 22:31 - 2014-12-25 22:30 - 00000000 ____D C:\Program Files\TmSunriseDemoMag
2015-07-12 21:56 - 2014-03-23 00:11 - 00000000 ____D C:\Users\Clémentine
2015-07-12 21:52 - 2014-03-23 02:01 - 00000000 ____D C:\ProgramData\Intel
2015-07-12 21:49 - 2014-03-23 00:32 - 00000000 ____D C:\Program Files\Intel
2015-07-12 21:46 - 2014-03-23 01:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-12 21:02 - 2015-03-22 18:36 - 00000000 ____D C:\Users\Clémentine\Desktop\tablette
2015-07-12 20:51 - 2014-12-23 21:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-12 20:47 - 2015-05-16 16:55 - 00000000 ____D C:\Program Files\version58SpeedCheck
2015-07-12 20:33 - 2014-12-23 21:48 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-12 20:28 - 2015-01-07 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-12 20:08 - 2015-02-03 01:25 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\TeamViewer
2015-07-12 20:08 - 2014-12-23 22:22 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\DAEMON Tools Lite
2015-07-12 20:08 - 2014-03-29 21:49 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\uTorrent
2015-07-10 12:41 - 2014-06-08 11:06 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\vlc
2015-07-10 12:40 - 2014-10-12 22:37 - 00000000 ____D C:\Users\Clémentine\Desktop\film
2015-07-10 12:37 - 2014-04-01 17:55 - 00000000 ____D C:\Users\Clémentine\Desktop\copain
2015-07-10 12:21 - 2014-12-23 18:22 - 00000000 ____D C:\Users\Clémentine\Desktop\david carreira
2015-07-05 12:11 - 2014-03-23 00:45 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:49 - 2014-03-29 23:12 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-18 22:03 - 2015-05-16 16:55 - 00002323 _____ C:\Windows\patsearch.bin
==================== Files in the root of some directories =======
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\C4aaoVlg1UkYxM5DDt
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Clémentine\AppData\Roaming\JVUEG
2014-03-23 15:31 - 2015-01-12 01:23 - 0000139 _____ () C:\Users\Clémentine\AppData\Roaming\WB.CFG
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\xpkqFDxR
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD.exe
Some files in TEMP:
====================
C:\Users\Clémentine\AppData\Local\temp\Quarantine.exe
C:\Users\Clémentine\AppData\Local\temp\sqlite3.dll
C:\Users\Clémentine\AppData\Local\temp\{1F8F0212-F65B-4C40-AFB7-0AC782FD1FE1}-GoogleUpdateSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-12 22:53
==================== End of log ============================
Ran by Clémentine (administrator) on CLÉMENTINE-PC on 16-07-2015 23:29:21
Running from C:\Users\Clémentine\Desktop
Loaded Profiles: Clémentine (Available Profiles: Clémentine)
Platform: Microsoft Windows 7 Entreprise Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell) C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\notepad.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2012-07-04] (Marvell Semiconductor, Inc.)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHEE.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [DellSystemDetect] => C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-21] (Dell)
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52591;https=127.0.0.1:52591
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-11] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-29] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{90559B1A-FC90-4BA4-98F5-988F4027F58D}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Clémentine\AppData\Roaming\Mozilla\Firefox\Profiles\t6bxagwp.default-1436728464657
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-912731831-3549031389-3632180545-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\oursurfing.xml [2015-05-11]
Chrome:
=======
CHR Profile: C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Google Drive) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-18]
CHR Extension: (YouTube) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-18]
CHR Extension: (Google Search) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-18]
CHR Extension: (Blockulicious) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-12]
CHR Extension: (Gmail) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-09-27] (SEIKO EPSON CORPORATION)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [259824 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2010-07-09] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2725616 2014-01-08] (Intel® Corporation)
S2 CoupoonService; C:\Program Files\coupoon\iiwjljrnpc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslcafbc566; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BBE7B61-5D2D-4CD6-9A05-AD4A90DB5C11}\MpKslcafbc566.sys [39168 2015-07-16] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31488 2014-01-08] (Intel Corporation )
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10374144 2014-01-26] (Intel Corporation)
S3 SIS163u; C:\Windows\System32\DRIVERS\sis163u.sys [215040 2005-06-20] (SiS Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2012-05-21] (STMicroelectronics)
S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [43512 2015-05-16] () <==== ATTENTION
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\CLMENT~1\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 23:29 - 2015-07-16 23:29 - 00012486 _____ C:\Users\Clémentine\Desktop\FRST.txt
2015-07-16 23:21 - 2015-07-16 23:21 - 00034490 _____ C:\Users\Clémentine\Downloads\Shortcut.txt
2015-07-16 23:20 - 2015-07-16 23:21 - 00042650 _____ C:\Users\Clémentine\Downloads\Addition.txt
2015-07-16 23:20 - 2015-07-16 23:21 - 00022836 _____ C:\Users\Clémentine\Downloads\FRST.txt
2015-07-16 23:19 - 2015-07-16 23:29 - 00000000 ____D C:\FRST
2015-07-16 23:19 - 2015-07-16 23:19 - 01636864 _____ (Farbar) C:\Users\Clémentine\Desktop\FRST.exe
2015-07-16 23:09 - 2015-07-16 23:09 - 00000556 _____ C:\Windows\PFRO.log
2015-07-16 23:09 - 2015-07-16 23:09 - 00000056 _____ C:\Windows\setupact.log
2015-07-16 23:09 - 2015-07-16 23:09 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 22:42 - 2015-07-16 22:42 - 00006199 _____ C:\Users\Clémentine\Desktop\JRT.txt
2015-07-16 22:37 - 2015-07-16 22:37 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Clémentine\Downloads\JRT.exe
2015-07-16 20:43 - 2015-07-16 22:19 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-16 20:25 - 2015-07-16 20:25 - 00027695 _____ C:\ComboFix.txt
2015-07-16 19:59 - 2015-07-16 20:00 - 05634275 ____R (Swearware) C:\Users\Clémentine\Downloads\ComboFix.exe
2015-07-16 19:39 - 2015-07-16 19:40 - 00001676 _____ C:\Users\Public\Desktop\sapo internet móvel.lnk
2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Windows\system32\SupportAppPT
2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Program Files\sapo internet móvel
2015-07-16 19:39 - 2015-07-16 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sapo internet móvel
2015-07-16 19:37 - 2015-07-16 19:38 - 00000000 ____D C:\Users\Clémentine\Desktop\sapo internet móvel
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2015-07-13 19:39 - 2015-07-13 20:50 - 00000000 ____D C:\Users\Clémentine\Desktop\tel maman
2015-07-12 22:17 - 2015-07-12 22:17 - 00001347 _____ C:\Users\Clémentine\Desktop\Star Trek Online.lnk
2015-07-12 21:52 - 2015-07-12 21:52 - 00015800 _____ C:\Windows\system32\results.xml
2015-07-12 21:49 - 2015-07-12 21:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Local\Intel
2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-07-12 21:06 - 2015-07-12 21:06 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2015-07-12 21:05 - 2015-07-12 21:05 - 00638976 _____ C:\Users\Clémentine\Downloads\Detection(2).msi
2015-07-09 23:27 - 2015-06-28 16:06 - 734003488 _____ C:\Users\Clémentine\Desktop\Pourquoi j'ai pas Mangé mon Père (Film 2h12mn VF).avi
2015-06-18 22:16 - 2015-06-18 22:16 - 00000000 ____D C:\Users\Clémentine\AppData\Local\mva3vwetn0ljbmz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 23:24 - 2014-12-24 00:58 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 23:20 - 2014-03-23 14:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 23:19 - 2014-03-23 14:44 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 23:18 - 2014-03-23 00:07 - 01987085 _____ C:\Windows\WindowsUpdate.log
2015-07-16 23:10 - 2009-07-14 06:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-16 23:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 23:05 - 2015-05-23 21:21 - 00000000 ____D C:\Users\Clémentine\AppData\Local\CrashDumps
2015-07-16 23:04 - 2014-05-31 11:31 - 00000000 ____D C:\AdwCleaner
2015-07-16 23:02 - 2015-06-15 18:46 - 00002165 _____ C:\Users\Clémentine\Desktop\Google Chrome.lnk
2015-07-16 23:01 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media
2015-07-16 22:51 - 2014-05-31 11:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 22:46 - 2015-05-11 22:51 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\4C4C4544-1431377460-4D10-804E-C8C04F324D31
2015-07-16 22:21 - 2015-05-11 22:55 - 00000000 ____D C:\Users\Clémentine\AppData\Local\4C4C4544-1431384901-4D10-804E-C8C04F324D31
2015-07-16 22:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-16 22:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-16 20:45 - 2014-03-23 00:12 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 20:27 - 2015-05-23 21:01 - 00000000 ____D C:\Users\Clémentine\AppData\Local\VirtualStore
2015-07-16 20:25 - 2014-12-07 01:40 - 00000000 ____D C:\Qoobox
2015-07-16 20:23 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-16 20:09 - 2014-12-07 01:39 - 00000000 ____D C:\Windows\erdnt
2015-07-16 20:09 - 2009-07-14 04:03 - 52428800 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 38273024 _____ C:\Windows\system32\config\COMPON~1.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 18087936 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-16 20:09 - 2009-07-14 04:03 - 00065536 _____ C:\Windows\system32\config\SAM.bak
2015-07-16 19:39 - 2014-12-08 02:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-16 19:22 - 2014-03-29 23:12 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 23:56 - 2014-12-23 20:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-12 23:20 - 2014-12-26 00:11 - 00000000 ____D C:\Users\Clémentine\Documents\TrackMania
2015-07-12 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-07-12 22:32 - 2014-12-25 22:32 - 00000000 ____D C:\ProgramData\IRtDZJqW
2015-07-12 22:32 - 2014-12-23 20:55 - 00000000 ____D C:\Windows\Minidump
2015-07-12 22:31 - 2014-12-25 22:30 - 00000000 ____D C:\Program Files\TmSunriseDemoMag
2015-07-12 21:56 - 2014-03-23 00:11 - 00000000 ____D C:\Users\Clémentine
2015-07-12 21:52 - 2014-03-23 02:01 - 00000000 ____D C:\ProgramData\Intel
2015-07-12 21:49 - 2014-03-23 00:32 - 00000000 ____D C:\Program Files\Intel
2015-07-12 21:46 - 2014-03-23 01:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-12 21:02 - 2015-03-22 18:36 - 00000000 ____D C:\Users\Clémentine\Desktop\tablette
2015-07-12 20:51 - 2014-12-23 21:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-12 20:47 - 2015-05-16 16:55 - 00000000 ____D C:\Program Files\version58SpeedCheck
2015-07-12 20:33 - 2014-12-23 21:48 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-12 20:28 - 2015-01-07 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-12 20:08 - 2015-02-03 01:25 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\TeamViewer
2015-07-12 20:08 - 2014-12-23 22:22 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\DAEMON Tools Lite
2015-07-12 20:08 - 2014-03-29 21:49 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\uTorrent
2015-07-10 12:41 - 2014-06-08 11:06 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\vlc
2015-07-10 12:40 - 2014-10-12 22:37 - 00000000 ____D C:\Users\Clémentine\Desktop\film
2015-07-10 12:37 - 2014-04-01 17:55 - 00000000 ____D C:\Users\Clémentine\Desktop\copain
2015-07-10 12:21 - 2014-12-23 18:22 - 00000000 ____D C:\Users\Clémentine\Desktop\david carreira
2015-07-05 12:11 - 2014-03-23 00:45 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:49 - 2014-03-29 23:12 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-18 22:03 - 2015-05-16 16:55 - 00002323 _____ C:\Windows\patsearch.bin
==================== Files in the root of some directories =======
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\C4aaoVlg1UkYxM5DDt
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs.exe
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Clémentine\AppData\Roaming\JVUEG
2014-03-23 15:31 - 2015-01-12 01:23 - 0000139 _____ () C:\Users\Clémentine\AppData\Roaming\WB.CFG
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\xpkqFDxR
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD.exe
Some files in TEMP:
====================
C:\Users\Clémentine\AppData\Local\temp\Quarantine.exe
C:\Users\Clémentine\AppData\Local\temp\sqlite3.dll
C:\Users\Clémentine\AppData\Local\temp\{1F8F0212-F65B-4C40-AFB7-0AC782FD1FE1}-GoogleUpdateSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-12 22:53
==================== End of log ============================