Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Syst�me on 26-06-2013 18:44:17
Running from X:\Users\Default\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet004
[b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b]
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry [30720 2005-12-01] ()
HKU\anne et yohann\...\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe" [x]
HKU\anne et yohann\...\Winlogon: [Shell] cmd.exe [ 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\anne et yohann\...\Command Processor: "C:\Users\ANNEET~1\AppData\Local\Temp\mxupoqslwrxocuecf.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (No File)
========================== Services (Whitelisted) =================
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [256904 2013-06-12] (Adobe Systems Incorporated)
S3 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [183560 2011-03-01] (Microsoft Corporation.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822624 2012-01-04] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448 2012-09-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-09-22] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-09-22] (Google Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company)
S3 hpCMSrv; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376 2012-09-06] (Hewlett-Packard Company)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2011-01-12] (Intel Corporation)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S3 lxcr_device; C:\Windows\system32\lxcrcoms.exe [465408 2006-02-03] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-12] (Mozilla Foundation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [249648 2011-02-25] (Microsoft Corporation)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776 2011-10-01] (Microsoft Corporation)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496 2011-10-01] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-25] (IDT, Inc.)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [x]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [1311232 2009-06-10] (Broadcom Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSvia64.sys [513184 2013-02-08] (Symantec Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12262624 2011-05-03] (Intel Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130312.024\ENG64.SYS [126192 2013-02-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130312.024\EX64.SYS [2087664 2013-02-10] (Symantec Corporation)
S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [1041760 2010-11-04] (Ralink Technology, Corp.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [335464 2011-02-15] (Realtek Semiconductor Corp.)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [425064 2011-01-27] (Realtek )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-25] (IDT, Inc.)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 18:44 - 2013-06-26 18:44 - 00000000 ____D C:\FRST
2013-06-26 15:44 - 2013-06-26 15:44 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-06-24 20:11 - 2013-06-24 20:11 - 00363149 ____A C:\Users\anne et yohann\AppData\Local\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363125 ____A C:\Users\anne et yohann\AppData\Roaming\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363090 ____A C:\ProgramData\2433f433
2013-06-24 16:07 - 2013-06-24 16:07 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-16 20:01 - 2013-06-16 20:01 - 00001002 ____A C:\Users\anne et yohann\Desktop\Continue Install RocketPDF installation.lnk
2013-06-14 08:14 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 08:14 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 08:14 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 08:14 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 08:14 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 08:14 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 08:14 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 08:14 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 08:14 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 08:14 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 08:14 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 08:14 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 08:14 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 08:14 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 08:14 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 08:14 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 08:14 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 08:14 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 08:14 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 08:14 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 08:14 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 08:14 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-14 08:14 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-14 08:14 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 08:14 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 08:14 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-14 08:14 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-14 08:14 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 08:14 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 08:14 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-14 08:14 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 08:14 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:27 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:27 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:27 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:27 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:27 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:27 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:27 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:27 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:27 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-05 21:21 - 2013-06-05 21:22 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_3105
2013-06-02 16:05 - 2013-06-02 16:17 - 657110123 ____A C:\Users\anne et yohann\Desktop\02-06-2013 16h03m14.zip
2013-06-02 15:57 - 2013-06-02 15:59 - 137184487 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h56m20444.zip
2013-06-02 15:53 - 2013-06-02 15:56 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h53m09333.zip
2013-06-02 15:52 - 2013-06-02 15:52 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h49m16222.zip
2013-06-02 15:44 - 2013-06-02 15:47 - 142173905 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h43m32.zip
2013-05-31 20:55 - 2013-05-31 20:59 - 00000000 ____D C:\Users\anne et yohann\Desktop\101_3005
2013-05-31 20:54 - 2013-05-31 20:55 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_2805
==================== One Month Modified Files and Folders ========
2013-06-26 18:44 - 2013-06-26 18:44 - 00000000 ____D C:\FRST
2013-06-26 18:02 - 2012-09-03 15:02 - 00000330 ____A C:\Windows\Tasks\bjpdyl.job
2013-06-26 18:02 - 2011-09-22 20:37 - 00001080 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 18:02 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 18:02 - 2009-07-14 06:51 - 00066711 ____A C:\Windows\setupact.log
2013-06-26 17:42 - 2012-05-30 09:11 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 17:42 - 2011-09-22 20:37 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 17:19 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:19 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:15 - 2009-07-14 07:13 - 01605526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 16:58 - 2011-06-08 01:42 - 01188585 ____A C:\Windows\WindowsUpdate.log
2013-06-26 15:44 - 2013-06-26 15:44 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-06-26 15:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64
2013-06-26 15:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-26 15:20 - 2010-11-21 05:47 - 00276042 ____A C:\Windows\PFRO.log
2013-06-25 07:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-24 20:11 - 2013-06-24 20:11 - 00363149 ____A C:\Users\anne et yohann\AppData\Local\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363125 ____A C:\Users\anne et yohann\AppData\Roaming\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363090 ____A C:\ProgramData\2433f433
2013-06-24 20:11 - 2012-07-29 06:33 - 00000000 ____D C:\Users\anne et yohann\Documents\Youcam
2013-06-24 17:21 - 2012-07-15 07:31 - 00000000 ____D C:\Users\anne et yohann\AppData\Roaming\vlc
2013-06-24 17:17 - 2012-09-06 16:33 - 00000000 ____D C:\Users\anne et yohann\AppData\Roaming\dvdcss
2013-06-24 16:07 - 2013-06-24 16:07 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-24 16:07 - 2013-02-10 13:38 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-24 16:04 - 2012-10-13 16:45 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForanne et yohann.job
2013-06-22 12:09 - 2011-09-24 21:01 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-22 12:08 - 2011-10-29 11:36 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-19 08:15 - 2013-02-10 13:38 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 08:15 - 2013-02-10 13:38 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-16 20:01 - 2013-06-16 20:01 - 00001002 ____A C:\Users\anne et yohann\Desktop\Continue Install RocketPDF installation.lnk
2013-06-15 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\fr-FR
2013-06-15 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\fr-FR
2013-06-14 19:13 - 2012-10-22 07:04 - 00000358 ____A C:\Windows\Tasks\HPCeeScheduleForANNEETYOHANN-HP$.job
2013-06-14 08:12 - 2011-10-19 09:06 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:35 - 2012-05-30 09:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 08:35 - 2012-05-30 09:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 20:44 - 2013-04-27 13:36 - 02774048 ___RA C:\Users\anne et yohann\Documents\Money Sauvegarde.mbf
2013-06-10 20:44 - 2013-04-27 07:53 - 02772992 ____A C:\Users\anne et yohann\Documents\Money.mny
2013-06-05 21:22 - 2013-06-05 21:21 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_3105
2013-06-02 16:17 - 2013-06-02 16:05 - 657110123 ____A C:\Users\anne et yohann\Desktop\02-06-2013 16h03m14.zip
2013-06-02 15:59 - 2013-06-02 15:57 - 137184487 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h56m20444.zip
2013-06-02 15:56 - 2013-06-02 15:53 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h53m09333.zip
2013-06-02 15:52 - 2013-06-02 15:52 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h49m16222.zip
2013-06-02 15:47 - 2013-06-02 15:44 - 142173905 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h43m32.zip
2013-05-31 20:59 - 2013-05-31 20:55 - 00000000 ____D C:\Users\anne et yohann\Desktop\101_3005
2013-05-31 20:55 - 2013-05-31 20:54 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_2805
2013-05-31 14:25 - 2011-09-23 15:19 - 00000000 ____D C:\Users\anne et yohann\AppData\Local\Windows Live
2013-05-29 08:26 - 2011-09-22 19:12 - 00000000 ___RD C:\Users\anne et yohann\Desktop\Photo
Files to move or delete:
====================
C:\ProgramData\ntuser.dat
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-09-23 17:23] - [2011-02-25 08:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\wininit.exe
[2009-07-14 01:52] - [2009-07-14 03:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\System32\svchost.exe
[2009-07-14 01:31] - [2009-07-14 03:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\System32\userinit.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 2765.86 MB
Available physical RAM: 2110.09 MB
Total Pagefile: 2764.14 MB
Available Pagefile: 2122.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:451.02 GB) (Free:383.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.45 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.24 GB) NTFS
Drive y: (Win7PESE) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826E540C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-05-19 18:13
==================== End Of Log ============================
Ran by Syst�me on 26-06-2013 18:44:17
Running from X:\Users\Default\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet004
[b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b]
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry [30720 2005-12-01] ()
HKU\anne et yohann\...\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe" [x]
HKU\anne et yohann\...\Winlogon: [Shell] cmd.exe [ 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\anne et yohann\...\Command Processor: "C:\Users\ANNEET~1\AppData\Local\Temp\mxupoqslwrxocuecf.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (No File)
========================== Services (Whitelisted) =================
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [256904 2013-06-12] (Adobe Systems Incorporated)
S3 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [183560 2011-03-01] (Microsoft Corporation.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822624 2012-01-04] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448 2012-09-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-09-22] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-09-22] (Google Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company)
S3 hpCMSrv; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376 2012-09-06] (Hewlett-Packard Company)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2011-01-12] (Intel Corporation)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S3 lxcr_device; C:\Windows\system32\lxcrcoms.exe [465408 2006-02-03] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-04-12] (Mozilla Foundation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [249648 2011-02-25] (Microsoft Corporation)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776 2011-10-01] (Microsoft Corporation)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496 2011-10-01] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-25] (IDT, Inc.)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [x]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [1311232 2009-06-10] (Broadcom Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSvia64.sys [513184 2013-02-08] (Symantec Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12262624 2011-05-03] (Intel Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130312.024\ENG64.SYS [126192 2013-02-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130312.024\EX64.SYS [2087664 2013-02-10] (Symantec Corporation)
S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [1041760 2010-11-04] (Ralink Technology, Corp.)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [335464 2011-02-15] (Realtek Semiconductor Corp.)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [425064 2011-01-27] (Realtek )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-25] (IDT, Inc.)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 18:44 - 2013-06-26 18:44 - 00000000 ____D C:\FRST
2013-06-26 15:44 - 2013-06-26 15:44 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-06-24 20:11 - 2013-06-24 20:11 - 00363149 ____A C:\Users\anne et yohann\AppData\Local\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363125 ____A C:\Users\anne et yohann\AppData\Roaming\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363090 ____A C:\ProgramData\2433f433
2013-06-24 16:07 - 2013-06-24 16:07 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-16 20:01 - 2013-06-16 20:01 - 00001002 ____A C:\Users\anne et yohann\Desktop\Continue Install RocketPDF installation.lnk
2013-06-14 08:14 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 08:14 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 08:14 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 08:14 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 08:14 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 08:14 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-14 08:14 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 08:14 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 08:14 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-14 08:14 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-14 08:14 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 08:14 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 08:14 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 08:14 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 08:14 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 08:14 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 08:14 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 08:14 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 08:14 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 08:14 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 08:14 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 08:14 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-14 08:14 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-14 08:14 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 08:14 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 08:14 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-14 08:14 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-14 08:14 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 08:14 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 08:14 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-14 08:14 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 08:14 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:27 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:27 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:27 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:27 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:27 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:27 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:27 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:27 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:27 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:27 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:27 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-05 21:21 - 2013-06-05 21:22 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_3105
2013-06-02 16:05 - 2013-06-02 16:17 - 657110123 ____A C:\Users\anne et yohann\Desktop\02-06-2013 16h03m14.zip
2013-06-02 15:57 - 2013-06-02 15:59 - 137184487 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h56m20444.zip
2013-06-02 15:53 - 2013-06-02 15:56 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h53m09333.zip
2013-06-02 15:52 - 2013-06-02 15:52 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h49m16222.zip
2013-06-02 15:44 - 2013-06-02 15:47 - 142173905 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h43m32.zip
2013-05-31 20:55 - 2013-05-31 20:59 - 00000000 ____D C:\Users\anne et yohann\Desktop\101_3005
2013-05-31 20:54 - 2013-05-31 20:55 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_2805
==================== One Month Modified Files and Folders ========
2013-06-26 18:44 - 2013-06-26 18:44 - 00000000 ____D C:\FRST
2013-06-26 18:02 - 2012-09-03 15:02 - 00000330 ____A C:\Windows\Tasks\bjpdyl.job
2013-06-26 18:02 - 2011-09-22 20:37 - 00001080 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 18:02 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 18:02 - 2009-07-14 06:51 - 00066711 ____A C:\Windows\setupact.log
2013-06-26 17:42 - 2012-05-30 09:11 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 17:42 - 2011-09-22 20:37 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 17:19 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:19 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 17:15 - 2009-07-14 07:13 - 01605526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 16:58 - 2011-06-08 01:42 - 01188585 ____A C:\Windows\WindowsUpdate.log
2013-06-26 15:44 - 2013-06-26 15:44 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-06-26 15:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64
2013-06-26 15:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-26 15:20 - 2010-11-21 05:47 - 00276042 ____A C:\Windows\PFRO.log
2013-06-25 07:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-24 20:11 - 2013-06-24 20:11 - 00363149 ____A C:\Users\anne et yohann\AppData\Local\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363125 ____A C:\Users\anne et yohann\AppData\Roaming\2433f433
2013-06-24 20:11 - 2013-06-24 20:11 - 00363090 ____A C:\ProgramData\2433f433
2013-06-24 20:11 - 2012-07-29 06:33 - 00000000 ____D C:\Users\anne et yohann\Documents\Youcam
2013-06-24 17:21 - 2012-07-15 07:31 - 00000000 ____D C:\Users\anne et yohann\AppData\Roaming\vlc
2013-06-24 17:17 - 2012-09-06 16:33 - 00000000 ____D C:\Users\anne et yohann\AppData\Roaming\dvdcss
2013-06-24 16:07 - 2013-06-24 16:07 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-24 16:07 - 2013-02-10 13:38 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-24 16:04 - 2012-10-13 16:45 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForanne et yohann.job
2013-06-22 12:09 - 2011-09-24 21:01 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-22 12:08 - 2011-10-29 11:36 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-19 08:15 - 2013-02-10 13:38 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-19 08:15 - 2013-02-10 13:38 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-16 20:01 - 2013-06-16 20:01 - 00001002 ____A C:\Users\anne et yohann\Desktop\Continue Install RocketPDF installation.lnk
2013-06-15 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\fr-FR
2013-06-15 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\fr-FR
2013-06-14 19:13 - 2012-10-22 07:04 - 00000358 ____A C:\Windows\Tasks\HPCeeScheduleForANNEETYOHANN-HP$.job
2013-06-14 08:12 - 2011-10-19 09:06 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:35 - 2012-05-30 09:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 08:35 - 2012-05-30 09:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 20:44 - 2013-04-27 13:36 - 02774048 ___RA C:\Users\anne et yohann\Documents\Money Sauvegarde.mbf
2013-06-10 20:44 - 2013-04-27 07:53 - 02772992 ____A C:\Users\anne et yohann\Documents\Money.mny
2013-06-05 21:22 - 2013-06-05 21:21 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_3105
2013-06-02 16:17 - 2013-06-02 16:05 - 657110123 ____A C:\Users\anne et yohann\Desktop\02-06-2013 16h03m14.zip
2013-06-02 15:59 - 2013-06-02 15:57 - 137184487 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h56m20444.zip
2013-06-02 15:56 - 2013-06-02 15:53 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h53m09333.zip
2013-06-02 15:52 - 2013-06-02 15:52 - 134667805 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h49m16222.zip
2013-06-02 15:47 - 2013-06-02 15:44 - 142173905 ____A C:\Users\anne et yohann\Desktop\02-06-2013 15h43m32.zip
2013-05-31 20:59 - 2013-05-31 20:55 - 00000000 ____D C:\Users\anne et yohann\Desktop\101_3005
2013-05-31 20:55 - 2013-05-31 20:54 - 00000000 ____D C:\Users\anne et yohann\Desktop\100_2805
2013-05-31 14:25 - 2011-09-23 15:19 - 00000000 ____D C:\Users\anne et yohann\AppData\Local\Windows Live
2013-05-29 08:26 - 2011-09-22 19:12 - 00000000 ___RD C:\Users\anne et yohann\Desktop\Photo
Files to move or delete:
====================
C:\ProgramData\ntuser.dat
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-09-23 17:23] - [2011-02-25 08:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\wininit.exe
[2009-07-14 01:52] - [2009-07-14 03:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\System32\svchost.exe
[2009-07-14 01:31] - [2009-07-14 03:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\System32\userinit.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 2765.86 MB
Available physical RAM: 2110.09 MB
Total Pagefile: 2764.14 MB
Available Pagefile: 2122.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:451.02 GB) (Free:383.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.45 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.24 GB) NTFS
Drive y: (Win7PESE) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826E540C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-05-19 18:13
==================== End Of Log ============================