Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KEKEDJ (administrator) on BUREAU-KEKEDJ on 06-04-2014 20:16:55
Running from C:\Users\KEKEDJ\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-317579529-3843981089-2556235408-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [815496 2013-09-25] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\KEKEDJ\AppData\Roaming\Mozilla\Firefox\Profiles\d4o66bdo.default
FF Homepage: hxxp://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: FrameFox - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF} [2013-10-19]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-06 20:16 - 2014-04-06 20:17 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt
2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST
2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt
2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe
2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe
2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt
2014-04-01 19:02 - 2014-04-01 19:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 19:01 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 19:01 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 19:01 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt
2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt
2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-03-30 10:20 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP
2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe
2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-29 22:46 - 2014-03-29 22:53 - 00000000 ____D () C:\AdwCleaner
2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe
==================== One Month Modified Files and Folders =======
2014-04-06 20:17 - 2014-04-06 20:16 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt
2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST
2014-04-06 20:00 - 2014-02-26 14:55 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt
2014-04-06 16:24 - 2011-04-12 11:16 - 00694766 _____ () C:\Windows\system32\perfh00C.dat
2014-04-06 16:24 - 2011-04-12 11:16 - 00127478 _____ () C:\Windows\system32\perfc00C.dat
2014-04-06 16:24 - 2009-07-14 07:13 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe
2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe
2014-04-06 16:21 - 2013-01-13 02:00 - 00015095 _____ () C:\Windows\setupact.log
2014-04-06 14:00 - 2014-02-26 14:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 13:52 - 2012-12-22 15:37 - 00155816 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 10:24 - 2013-04-02 12:22 - 00057182 _____ () C:\Windows\PFRO.log
2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt
2014-04-01 19:18 - 2013-09-02 12:40 - 00000000 ____D () C:\Windows\SysWOW64\dfrg
2014-04-01 19:18 - 2012-12-22 15:46 - 00000000 ____D () C:\Users\KEKEDJ\Desktop\installation
2014-04-01 19:04 - 2014-04-01 19:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt
2014-04-01 13:44 - 2014-03-30 10:20 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP
2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt
2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe
2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-29 23:46 - 2013-10-06 12:17 - 00007605 _____ () C:\Users\KEKEDJ\AppData\Local\resmon.resmoncfg
2014-03-29 22:53 - 2014-03-29 22:46 - 00000000 ____D () C:\AdwCleaner
2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 01:37
==================== End Of Log ============================
Ran by KEKEDJ (administrator) on BUREAU-KEKEDJ on 06-04-2014 20:16:55
Running from C:\Users\KEKEDJ\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-317579529-3843981089-2556235408-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [815496 2013-09-25] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\KEKEDJ\AppData\Roaming\Mozilla\Firefox\Profiles\d4o66bdo.default
FF Homepage: hxxp://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: FrameFox - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF} [2013-10-19]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-06 20:16 - 2014-04-06 20:17 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt
2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST
2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt
2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe
2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe
2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt
2014-04-01 19:02 - 2014-04-01 19:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 19:01 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 19:01 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 19:01 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt
2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt
2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-03-30 10:20 - 2014-04-01 13:44 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP
2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe
2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-29 22:46 - 2014-03-29 22:53 - 00000000 ____D () C:\AdwCleaner
2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe
==================== One Month Modified Files and Folders =======
2014-04-06 20:17 - 2014-04-06 20:16 - 00004606 _____ () C:\Users\KEKEDJ\Downloads\FRST.txt
2014-04-06 20:16 - 2014-04-06 20:16 - 00000000 ____D () C:\FRST
2014-04-06 20:00 - 2014-02-26 14:55 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 16:24 - 2014-04-06 16:24 - 00099247 _____ () C:\Users\KEKEDJ\Desktop\SFTGC.txt
2014-04-06 16:24 - 2011-04-12 11:16 - 00694766 _____ () C:\Windows\system32\perfh00C.dat
2014-04-06 16:24 - 2011-04-12 11:16 - 00127478 _____ () C:\Windows\system32\perfc00C.dat
2014-04-06 16:24 - 2009-07-14 07:13 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 16:22 - 2014-04-06 16:22 - 02157056 _____ (Farbar) C:\Users\KEKEDJ\Downloads\FRST64.exe
2014-04-06 16:22 - 2014-04-06 16:22 - 01057156 _____ () C:\Users\KEKEDJ\Downloads\SFTGC.exe
2014-04-06 16:21 - 2013-01-13 02:00 - 00015095 _____ () C:\Windows\setupact.log
2014-04-06 14:00 - 2014-02-26 14:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 13:52 - 2012-12-22 15:37 - 00155816 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-02 10:24 - 2013-04-02 12:22 - 00057182 _____ () C:\Windows\PFRO.log
2014-04-01 19:20 - 2014-04-01 19:20 - 00002935 _____ () C:\Users\KEKEDJ\Desktop\mwb.txt
2014-04-01 19:18 - 2013-09-02 12:40 - 00000000 ____D () C:\Windows\SysWOW64\dfrg
2014-04-01 19:18 - 2012-12-22 15:46 - 00000000 ____D () C:\Users\KEKEDJ\Desktop\installation
2014-04-01 19:04 - 2014-04-01 19:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 19:01 - 2014-04-01 19:01 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KEKEDJ\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 19:01 - 2014-04-01 19:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 19:01 - 2014-04-01 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 13:45 - 2014-04-01 13:45 - 00001870 _____ () C:\Users\KEKEDJ\Desktop\WinChk.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00315000 _____ () C:\Users\KEKEDJ\Downloads\winchk0.exe
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFixReport.txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00003123 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix[R1].txt
2014-04-01 13:44 - 2014-04-01 13:44 - 00001870 _____ () C:\WinChk.txt
2014-04-01 13:44 - 2014-03-30 10:20 - 00000000 ____D () C:\Users\KEKEDJ\AppData\Roaming\ZHP
2014-03-30 10:24 - 2014-03-30 10:24 - 00169313 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.txt
2014-03-30 10:23 - 2014-03-30 10:23 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-03-30 10:20 - 2014-03-30 10:20 - 06858467 _____ (Nicolas Coolman ) C:\Users\KEKEDJ\Downloads\ZHPDiag2.exe
2014-03-30 10:20 - 2014-03-30 10:20 - 00001987 _____ () C:\Users\KEKEDJ\Desktop\ZHPFix.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00001860 _____ () C:\Users\KEKEDJ\Desktop\ZHPDiag.lnk
2014-03-30 10:20 - 2014-03-30 10:20 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-29 23:46 - 2013-10-06 12:17 - 00007605 _____ () C:\Users\KEKEDJ\AppData\Local\resmon.resmoncfg
2014-03-29 22:53 - 2014-03-29 22:46 - 00000000 ____D () C:\AdwCleaner
2014-03-29 22:46 - 2014-03-29 22:46 - 01950720 _____ () C:\Users\KEKEDJ\Downloads\adwcleaner.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 01:37
==================== End Of Log ============================