Publicité
Publicité
Commentaire : FRST.txt
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2016 01
Ran by maison (administrator) on MAISON-PC (21-11-2016 19:05:42)
Running from C:\Users\maison\Downloads
Loaded Profiles: maison (Available Profiles: maison)
Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Language: Anglais (États-Unis)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Viber Media S.Ã r.l.) C:\Users\maison\AppData\Local\Viber\Viber.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\Run: [Viber] => C:\Users\maison\AppData\Local\Viber\Viber.exe [45485648 2016-11-03] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {a5a5f018-5221-11e3-a17a-001e33489e42} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {bc393240-3122-11e3-b098-001e33489e42} - F:\Startme.exe
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {deeca6d4-b897-11e1-b4c3-001e33489e42} - F:\LaunchU3.exe -a
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {e8ed882d-b583-11e2-a1d8-001e33489e42} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 24.200.241.37 24.202.72.13 24.200.0.1
Tcpip\..\Interfaces\{C51DF3F7-4770-4031-B633-B701E03CF5A0}: [DhcpNameServer] 24.200.241.37 24.202.72.13 24.200.0.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-105692332-902592685-3503110121-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-105692332-902592685-3503110121-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-30] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-105692332-902592685-3503110121-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\maison\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Google Update) - C:\Users\maison\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (FluidHorns) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafjhgcfainlpmapndjlbpdbjppdnikp [2016-11-20]
CHR Extension: (YouTube) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Recherche Google) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-04-06] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-06-10]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ReticularControl) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nobdniecnkahnflmhebhdgkdfhfgjong [2016-11-20]
CHR Extension: (Gmail) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SSIRuntimeService; C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe [46080 2016-05-04] ()
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-21 19:03 - 2016-11-21 19:03 - 00033184 _____ C:\Users\maison\Downloads\Shortcut.txt
2016-11-21 19:02 - 2016-11-21 19:03 - 00019919 _____ C:\Users\maison\Downloads\Addition.txt
2016-11-21 19:01 - 2016-11-21 19:05 - 00011496 _____ C:\Users\maison\Downloads\FRST.txt
2016-11-21 19:01 - 2016-11-21 19:05 - 00000000 ____D C:\FRST
2016-11-21 18:57 - 2016-11-21 18:57 - 01762304 _____ (Farbar) C:\Users\maison\Downloads\FRST.exe
2016-11-21 14:31 - 2016-11-21 14:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\maison\Downloads\HijackThis.exe
2016-11-21 14:09 - 2016-11-21 14:09 - 00000000 ____D C:\Users\maison\AppData\Roaming\MyTurboPC.com
2016-11-21 14:08 - 2016-11-21 14:09 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2016-11-21 13:17 - 2016-11-21 13:18 - 10581568 _____ (MyTurboPC.com) C:\Users\maison\Downloads\Myturbopc_A6F68E84-F82F-4992-9A92-4C4AAD93CCE1_.exe
2016-11-21 11:55 - 2016-11-21 11:55 - 00000000 ____D C:\Users\maison\AppData\Roaming\AVG
2016-11-21 11:54 - 2016-11-21 11:54 - 00000000 ____D C:\Users\maison\AppData\Roaming\TuneUp Software
2016-11-21 11:52 - 2016-11-21 13:04 - 00000000 ____D C:\ProgramData\MFAData
2016-11-21 11:52 - 2016-11-21 11:52 - 00000000 ____D C:\Users\maison\AppData\Local\MFAData
2016-11-21 11:49 - 2016-11-21 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-11-21 11:42 - 2016-11-21 13:08 - 00000000 ____D C:\Users\maison\AppData\Local\AvgSetupLog
2016-11-21 11:42 - 2016-11-21 11:55 - 00000000 ____D C:\Users\maison\AppData\Local\Avg
2016-11-21 11:42 - 2016-11-21 11:53 - 00000000 ____D C:\ProgramData\Avg
2016-11-21 11:41 - 2016-11-21 11:41 - 03312904 _____ (AVG Technologies CZ, s.r.o.) C:\Users\maison\Downloads\AVG_Protection_Free_1598.exe
2016-11-21 10:56 - 2016-11-21 11:30 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 10:55 - 2016-11-21 10:55 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 10:55 - 2016-11-21 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 10:55 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-21 10:55 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-21 10:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-21 10:49 - 2016-11-21 10:49 - 22851472 _____ (Malwarebytes ) C:\Users\maison\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2016-11-18 18:07 - 2016-11-18 18:23 - 00643995 _____ C:\Users\maison\Desktop\5445FB-f.pdf
2016-11-17 11:47 - 2016-11-17 11:47 - 01154257 _____ C:\Users\maison\Downloads\20161116.pdf
2016-11-16 14:03 - 2016-11-16 14:03 - 00000000 ____D C:\Users\maison\AppData\Roaming\Tracker Software
2016-11-12 12:05 - 2016-11-20 19:16 - 00000000 ____D C:\Users\maison\Documents\ViberDownloads
2016-11-12 12:04 - 2016-11-21 18:56 - 00000000 ____D C:\Users\maison\AppData\Roaming\ViberPC
2016-11-12 12:03 - 2016-11-12 12:03 - 00000942 _____ C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-11-12 12:03 - 2016-11-12 12:03 - 00000940 _____ C:\Users\maison\Desktop\Viber.lnk
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Local\Viber
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Local\Package Cache
2016-11-12 11:54 - 2016-11-12 11:55 - 70277904 _____ (Viber Media Inc.) C:\Users\maison\Downloads\ViberSetup.exe
2016-11-12 11:46 - 2016-11-12 11:47 - 08270712 _____ (Piriform Ltd) C:\Program Files\ccsetup523.exe
2016-11-12 11:38 - 2016-11-12 11:38 - 00000000 ____D C:\Users\maison\Desktop\fatehbenchabane
2016-11-09 21:25 - 2016-11-09 21:25 - 00114368 _____ C:\Users\maison\Documents\Wudu.pdf
2016-11-08 22:39 - 2016-11-08 22:39 - 00809036 _____ C:\Users\maison\Downloads\Harry Potter And The Order of The Phoeni.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00659873 _____ C:\Users\maison\Downloads\Harry Potter And the Goblet of Fire.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00627546 _____ C:\Users\maison\Downloads\Harry Potter And the Deathly Hallows.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00548450 _____ C:\Users\maison\Downloads\Harry Potter And the Half Blood Prince.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00405428 _____ C:\Users\maison\Downloads\Harry Potter And The Prisoner of Azkaban.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00335467 _____ C:\Users\maison\Downloads\Harry Potter And The Chamber of Secrets.Epub
2016-11-08 22:33 - 2016-11-08 22:33 - 00312762 _____ C:\Users\maison\Downloads\Harry Potter And the Sorcerer's Stone.Epub
2016-11-08 21:48 - 2016-11-08 21:51 - 54092990 _____ C:\Users\maison\Downloads\Book 7 - The Deathly Hallows.epub
2016-11-08 21:48 - 2016-11-08 21:51 - 46637942 _____ C:\Users\maison\Downloads\Book 6 - The Half Blood Prince.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 71136291 _____ C:\Users\maison\Downloads\Book 5 - The Order of the Phoenix.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 51993639 _____ C:\Users\maison\Downloads\Book 4 - The Goblet of Fire.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 29823418 _____ C:\Users\maison\Downloads\Book 3 - The Prisoner of Azkaban.epub
2016-11-08 21:47 - 2016-11-08 21:48 - 23369814 _____ C:\Users\maison\Downloads\Book 2 - The Chamber of Secrets.epub
2016-11-08 21:47 - 2016-11-08 21:48 - 20832210 _____ C:\Users\maison\Downloads\Book 1 - The Philosopher's Stone.epub
2016-11-06 14:49 - 2016-11-06 14:49 - 00000000 ____D C:\Users\maison\Tracing
2016-11-06 13:58 - 2016-11-06 13:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-06 11:34 - 2016-11-06 11:34 - 09655359 _____ C:\Users\maison\Documents\200 Preuves Attestant que la Terre n’est pas une Boule qui Tourne.pdf
2016-11-05 16:44 - 2016-11-05 16:44 - 00105421 _____ C:\Users\maison\Desktop\Order processed - ZARA Canada.pdf
2016-10-31 12:34 - 2016-11-21 10:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-31 12:34 - 2016-10-31 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-31 12:21 - 2016-10-31 12:21 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ___RD C:\Program Files\Skype
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-21 18:59 - 2009-07-13 23:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-21 18:59 - 2009-07-13 23:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 18:50 - 2016-06-09 18:29 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-21 18:50 - 2012-08-31 17:56 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-21 18:50 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-21 14:33 - 2012-04-14 11:51 - 00000000 ____D C:\Users\maison\AppData\Local\VirtualStore
2016-11-21 14:09 - 2016-06-09 18:29 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 13:02 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-11-21 12:07 - 2012-04-14 14:42 - 00702600 _____ C:\Windows\system32\perfh00C.dat
2016-11-21 12:07 - 2012-04-14 14:42 - 00130274 _____ C:\Windows\system32\perfc00C.dat
2016-11-21 12:07 - 2012-04-14 11:55 - 01549700 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-21 11:25 - 2012-04-14 15:42 - 00000000 ____D C:\Windows\Panther
2016-11-21 10:54 - 2016-07-05 11:38 - 00000000 ____D C:\Users\maison\Documents\Emploi 2016
2016-11-21 10:43 - 2012-05-03 18:46 - 00000000 ____D C:\Users\maison\AppData\Roaming\vlc
2016-11-20 21:18 - 2016-09-03 21:33 - 00000000 ____D C:\Users\maison\Downloads\PopcornTime
2016-11-19 21:16 - 2016-05-19 19:54 - 00001064 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-18 21:16 - 2012-12-09 19:23 - 00000000 ____D C:\Users\maison\AppData\Roaming\Skype
2016-11-14 19:45 - 2016-06-09 18:30 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 19:45 - 2016-06-09 18:30 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 11:48 - 2012-04-14 19:52 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-12 11:48 - 2012-04-14 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-10 19:04 - 2016-05-14 20:55 - 00000000 ____D C:\Program Files\Opera
2016-11-07 20:49 - 2009-07-13 21:37 - 00000000 ____D C:\PerfLogs
2016-11-07 17:12 - 2016-07-05 13:31 - 00000000 ____D C:\Users\maison\Documents\Banque
2016-11-06 14:49 - 2012-04-14 11:49 - 00000000 ____D C:\Users\maison
2016-11-06 13:57 - 2014-09-08 14:43 - 00000000 ____D C:\Users\maison\Desktop\Securexam
2016-11-01 18:39 - 2012-04-14 18:36 - 00000000 ____D C:\Users\maison\AppData\Local\Google
2016-10-31 13:15 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Vss
2016-10-31 13:14 - 2013-08-26 20:02 - 00000000 ____D C:\ProgramData\APN
2016-10-31 12:21 - 2012-12-09 19:22 - 00000000 ____D C:\ProgramData\Skype
2016-10-31 12:10 - 2014-10-06 17:34 - 00000000 ____D C:\Users\maison\AppData\Local\Adobe
2016-10-31 12:10 - 2012-04-23 20:47 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-31 12:10 - 2012-04-23 20:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-31 12:10 - 2012-04-23 20:47 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-30 03:25 - 2016-10-15 16:05 - 02770025 _____ C:\Users\maison\Downloads\soufi-mon-amour-elif-shafak.pdf
2016-10-28 22:38 - 2016-09-03 21:31 - 00000000 ____D C:\Program Files\Popcorn Time
2016-10-27 11:42 - 2013-07-18 15:19 - 08293376 ___SH C:\Users\maison\Downloads\Thumbs.db
2016-10-26 16:29 - 2012-04-17 12:10 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2016-11-12 11:46 - 2016-11-12 11:47 - 8270712 _____ (Piriform Ltd) C:\Program Files\ccsetup523.exe
2016-11-21 14:09 - 2016-11-21 14:24 - 0000115 _____ () C:\Users\maison\AppData\Roaming\LogFile.txt
2016-02-11 20:42 - 2016-09-12 18:22 - 0005801 _____ () C:\Users\maison\AppData\Local\lastGoodBackup.ssi-exam
2015-05-31 13:00 - 2016-03-18 12:01 - 0000158 _____ () C:\Users\maison\AppData\Local\ssi_err.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-15 19:15
==================== End of FRST.txt ============================
Ran by maison (administrator) on MAISON-PC (21-11-2016 19:05:42)
Running from C:\Users\maison\Downloads
Loaded Profiles: maison (Available Profiles: maison)
Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Language: Anglais (États-Unis)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Viber Media S.Ã r.l.) C:\Users\maison\AppData\Local\Viber\Viber.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\Run: [Viber] => C:\Users\maison\AppData\Local\Viber\Viber.exe [45485648 2016-11-03] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {a5a5f018-5221-11e3-a17a-001e33489e42} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {bc393240-3122-11e3-b098-001e33489e42} - F:\Startme.exe
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {deeca6d4-b897-11e1-b4c3-001e33489e42} - F:\LaunchU3.exe -a
HKU\S-1-5-21-105692332-902592685-3503110121-1000\...\MountPoints2: {e8ed882d-b583-11e2-a1d8-001e33489e42} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 24.200.241.37 24.202.72.13 24.200.0.1
Tcpip\..\Interfaces\{C51DF3F7-4770-4031-B633-B701E03CF5A0}: [DhcpNameServer] 24.200.241.37 24.202.72.13 24.200.0.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-105692332-902592685-3503110121-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-105692332-902592685-3503110121-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-30] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-105692332-902592685-3503110121-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\maison\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Google Update) - C:\Users\maison\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (FluidHorns) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafjhgcfainlpmapndjlbpdbjppdnikp [2016-11-20]
CHR Extension: (YouTube) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Recherche Google) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-04-06] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-06-10]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ReticularControl) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nobdniecnkahnflmhebhdgkdfhfgjong [2016-11-20]
CHR Extension: (Gmail) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SSIRuntimeService; C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe [46080 2016-05-04] ()
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-21 19:03 - 2016-11-21 19:03 - 00033184 _____ C:\Users\maison\Downloads\Shortcut.txt
2016-11-21 19:02 - 2016-11-21 19:03 - 00019919 _____ C:\Users\maison\Downloads\Addition.txt
2016-11-21 19:01 - 2016-11-21 19:05 - 00011496 _____ C:\Users\maison\Downloads\FRST.txt
2016-11-21 19:01 - 2016-11-21 19:05 - 00000000 ____D C:\FRST
2016-11-21 18:57 - 2016-11-21 18:57 - 01762304 _____ (Farbar) C:\Users\maison\Downloads\FRST.exe
2016-11-21 14:31 - 2016-11-21 14:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\maison\Downloads\HijackThis.exe
2016-11-21 14:09 - 2016-11-21 14:09 - 00000000 ____D C:\Users\maison\AppData\Roaming\MyTurboPC.com
2016-11-21 14:08 - 2016-11-21 14:09 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2016-11-21 13:17 - 2016-11-21 13:18 - 10581568 _____ (MyTurboPC.com) C:\Users\maison\Downloads\Myturbopc_A6F68E84-F82F-4992-9A92-4C4AAD93CCE1_.exe
2016-11-21 11:55 - 2016-11-21 11:55 - 00000000 ____D C:\Users\maison\AppData\Roaming\AVG
2016-11-21 11:54 - 2016-11-21 11:54 - 00000000 ____D C:\Users\maison\AppData\Roaming\TuneUp Software
2016-11-21 11:52 - 2016-11-21 13:04 - 00000000 ____D C:\ProgramData\MFAData
2016-11-21 11:52 - 2016-11-21 11:52 - 00000000 ____D C:\Users\maison\AppData\Local\MFAData
2016-11-21 11:49 - 2016-11-21 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-11-21 11:42 - 2016-11-21 13:08 - 00000000 ____D C:\Users\maison\AppData\Local\AvgSetupLog
2016-11-21 11:42 - 2016-11-21 11:55 - 00000000 ____D C:\Users\maison\AppData\Local\Avg
2016-11-21 11:42 - 2016-11-21 11:53 - 00000000 ____D C:\ProgramData\Avg
2016-11-21 11:41 - 2016-11-21 11:41 - 03312904 _____ (AVG Technologies CZ, s.r.o.) C:\Users\maison\Downloads\AVG_Protection_Free_1598.exe
2016-11-21 10:56 - 2016-11-21 11:30 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 10:55 - 2016-11-21 10:55 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 10:55 - 2016-11-21 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 10:55 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-21 10:55 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-21 10:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-21 10:49 - 2016-11-21 10:49 - 22851472 _____ (Malwarebytes ) C:\Users\maison\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2016-11-18 18:07 - 2016-11-18 18:23 - 00643995 _____ C:\Users\maison\Desktop\5445FB-f.pdf
2016-11-17 11:47 - 2016-11-17 11:47 - 01154257 _____ C:\Users\maison\Downloads\20161116.pdf
2016-11-16 14:03 - 2016-11-16 14:03 - 00000000 ____D C:\Users\maison\AppData\Roaming\Tracker Software
2016-11-12 12:05 - 2016-11-20 19:16 - 00000000 ____D C:\Users\maison\Documents\ViberDownloads
2016-11-12 12:04 - 2016-11-21 18:56 - 00000000 ____D C:\Users\maison\AppData\Roaming\ViberPC
2016-11-12 12:03 - 2016-11-12 12:03 - 00000942 _____ C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-11-12 12:03 - 2016-11-12 12:03 - 00000940 _____ C:\Users\maison\Desktop\Viber.lnk
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Local\Viber
2016-11-12 12:03 - 2016-11-12 12:03 - 00000000 ____D C:\Users\maison\AppData\Local\Package Cache
2016-11-12 11:54 - 2016-11-12 11:55 - 70277904 _____ (Viber Media Inc.) C:\Users\maison\Downloads\ViberSetup.exe
2016-11-12 11:46 - 2016-11-12 11:47 - 08270712 _____ (Piriform Ltd) C:\Program Files\ccsetup523.exe
2016-11-12 11:38 - 2016-11-12 11:38 - 00000000 ____D C:\Users\maison\Desktop\fatehbenchabane
2016-11-09 21:25 - 2016-11-09 21:25 - 00114368 _____ C:\Users\maison\Documents\Wudu.pdf
2016-11-08 22:39 - 2016-11-08 22:39 - 00809036 _____ C:\Users\maison\Downloads\Harry Potter And The Order of The Phoeni.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00659873 _____ C:\Users\maison\Downloads\Harry Potter And the Goblet of Fire.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00627546 _____ C:\Users\maison\Downloads\Harry Potter And the Deathly Hallows.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00548450 _____ C:\Users\maison\Downloads\Harry Potter And the Half Blood Prince.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00405428 _____ C:\Users\maison\Downloads\Harry Potter And The Prisoner of Azkaban.Epub
2016-11-08 22:39 - 2016-11-08 22:39 - 00335467 _____ C:\Users\maison\Downloads\Harry Potter And The Chamber of Secrets.Epub
2016-11-08 22:33 - 2016-11-08 22:33 - 00312762 _____ C:\Users\maison\Downloads\Harry Potter And the Sorcerer's Stone.Epub
2016-11-08 21:48 - 2016-11-08 21:51 - 54092990 _____ C:\Users\maison\Downloads\Book 7 - The Deathly Hallows.epub
2016-11-08 21:48 - 2016-11-08 21:51 - 46637942 _____ C:\Users\maison\Downloads\Book 6 - The Half Blood Prince.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 71136291 _____ C:\Users\maison\Downloads\Book 5 - The Order of the Phoenix.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 51993639 _____ C:\Users\maison\Downloads\Book 4 - The Goblet of Fire.epub
2016-11-08 21:48 - 2016-11-08 21:50 - 29823418 _____ C:\Users\maison\Downloads\Book 3 - The Prisoner of Azkaban.epub
2016-11-08 21:47 - 2016-11-08 21:48 - 23369814 _____ C:\Users\maison\Downloads\Book 2 - The Chamber of Secrets.epub
2016-11-08 21:47 - 2016-11-08 21:48 - 20832210 _____ C:\Users\maison\Downloads\Book 1 - The Philosopher's Stone.epub
2016-11-06 14:49 - 2016-11-06 14:49 - 00000000 ____D C:\Users\maison\Tracing
2016-11-06 13:58 - 2016-11-06 13:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-06 11:34 - 2016-11-06 11:34 - 09655359 _____ C:\Users\maison\Documents\200 Preuves Attestant que la Terre n’est pas une Boule qui Tourne.pdf
2016-11-05 16:44 - 2016-11-05 16:44 - 00105421 _____ C:\Users\maison\Desktop\Order processed - ZARA Canada.pdf
2016-10-31 12:34 - 2016-11-21 10:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-31 12:34 - 2016-10-31 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-31 12:21 - 2016-10-31 12:21 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ___RD C:\Program Files\Skype
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-31 12:21 - 2016-10-31 12:21 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-21 18:59 - 2009-07-13 23:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-21 18:59 - 2009-07-13 23:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 18:50 - 2016-06-09 18:29 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-21 18:50 - 2012-08-31 17:56 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-21 18:50 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-21 14:33 - 2012-04-14 11:51 - 00000000 ____D C:\Users\maison\AppData\Local\VirtualStore
2016-11-21 14:09 - 2016-06-09 18:29 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 13:02 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-11-21 12:07 - 2012-04-14 14:42 - 00702600 _____ C:\Windows\system32\perfh00C.dat
2016-11-21 12:07 - 2012-04-14 14:42 - 00130274 _____ C:\Windows\system32\perfc00C.dat
2016-11-21 12:07 - 2012-04-14 11:55 - 01549700 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-21 11:25 - 2012-04-14 15:42 - 00000000 ____D C:\Windows\Panther
2016-11-21 10:54 - 2016-07-05 11:38 - 00000000 ____D C:\Users\maison\Documents\Emploi 2016
2016-11-21 10:43 - 2012-05-03 18:46 - 00000000 ____D C:\Users\maison\AppData\Roaming\vlc
2016-11-20 21:18 - 2016-09-03 21:33 - 00000000 ____D C:\Users\maison\Downloads\PopcornTime
2016-11-19 21:16 - 2016-05-19 19:54 - 00001064 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-18 21:16 - 2012-12-09 19:23 - 00000000 ____D C:\Users\maison\AppData\Roaming\Skype
2016-11-14 19:45 - 2016-06-09 18:30 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 19:45 - 2016-06-09 18:30 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 11:48 - 2012-04-14 19:52 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-12 11:48 - 2012-04-14 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-10 19:04 - 2016-05-14 20:55 - 00000000 ____D C:\Program Files\Opera
2016-11-07 20:49 - 2009-07-13 21:37 - 00000000 ____D C:\PerfLogs
2016-11-07 17:12 - 2016-07-05 13:31 - 00000000 ____D C:\Users\maison\Documents\Banque
2016-11-06 14:49 - 2012-04-14 11:49 - 00000000 ____D C:\Users\maison
2016-11-06 13:57 - 2014-09-08 14:43 - 00000000 ____D C:\Users\maison\Desktop\Securexam
2016-11-01 18:39 - 2012-04-14 18:36 - 00000000 ____D C:\Users\maison\AppData\Local\Google
2016-10-31 13:15 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Vss
2016-10-31 13:14 - 2013-08-26 20:02 - 00000000 ____D C:\ProgramData\APN
2016-10-31 12:21 - 2012-12-09 19:22 - 00000000 ____D C:\ProgramData\Skype
2016-10-31 12:10 - 2014-10-06 17:34 - 00000000 ____D C:\Users\maison\AppData\Local\Adobe
2016-10-31 12:10 - 2012-04-23 20:47 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-31 12:10 - 2012-04-23 20:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-31 12:10 - 2012-04-23 20:47 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-30 03:25 - 2016-10-15 16:05 - 02770025 _____ C:\Users\maison\Downloads\soufi-mon-amour-elif-shafak.pdf
2016-10-28 22:38 - 2016-09-03 21:31 - 00000000 ____D C:\Program Files\Popcorn Time
2016-10-27 11:42 - 2013-07-18 15:19 - 08293376 ___SH C:\Users\maison\Downloads\Thumbs.db
2016-10-26 16:29 - 2012-04-17 12:10 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2016-11-12 11:46 - 2016-11-12 11:47 - 8270712 _____ (Piriform Ltd) C:\Program Files\ccsetup523.exe
2016-11-21 14:09 - 2016-11-21 14:24 - 0000115 _____ () C:\Users\maison\AppData\Roaming\LogFile.txt
2016-02-11 20:42 - 2016-09-12 18:22 - 0005801 _____ () C:\Users\maison\AppData\Local\lastGoodBackup.ssi-exam
2015-05-31 13:00 - 2016-03-18 12:01 - 0000158 _____ () C:\Users\maison\AppData\Local\ssi_err.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-15 19:15
==================== End of FRST.txt ============================