Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014 01
Ran by sylvain (administrator) on SYLVAIN-PC on 12-01-2014 18:13:37
Running from D:\programme\telechargement a partir de firefox
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe
(Gemalto N.V.) C:\Users\sylvain\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\e-Carte Bleue Société Générale\ecbl-sg.exe
(Philips) C:\Windows\VPro620.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Farbar) D:\programme\telechargement a partir de firefox\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [4934880 2013-06-29] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - "L:\sauvegarde\disque programme\programmes\DAEMON Tools Lite\DTLite.exe" -autorun
HKCU\...\Run: [Gestionnaire Antidote.exe] - C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe [542136 2008-12-03] (Druide informatique inc.)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\sylvain\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKCU\...\Runonce: [Uninstall C:\Users\sylvain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sylvain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
MountPoints2: {15210bff-e6d2-11e2-9382-bc5ff435ee51} - M:\Eautorun.exe
MountPoints2: {2d48e0f8-e095-11e2-8c4a-806e6f6e6963} - G:\Setup.exe
MountPoints2: {82485c4c-e097-11e2-a821-806e6f6e6963} - G:\Msetup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC8D8EEACD75CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {E380D489-F435-4ebc-A1B2-4FD9C1B5E0A4} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=fr&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\9xerfcbk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - F:\programme\vlc\vlc2013\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Barre de Confiance - C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\9xerfcbk.default\Extensions\{75493B06-1504-4976-9A55-B6FE240FF0BF}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\9xerfcbk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-07] (DT Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-11-23] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-06-29] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 SPC620; C:\Windows\System32\drivers\SPC620.sys [581120 2007-09-28] (Philips )
S3 SPC620m; C:\Windows\System32\drivers\SPC620m.sys [8192 2007-09-28] (Philips )
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-12] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 18:13 - 2014-01-12 18:13 - 00000000 ____D C:\FRST
2014-01-04 18:43 - 2014-01-04 18:43 - 00000000 ____D C:\Users\sylvain\Tracing
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\Windows\fr
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-04 18:41 - 2014-01-04 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-04 18:41 - 2014-01-04 18:41 - 00000000 ____D C:\Program Files\Windows Live
2014-01-04 18:41 - 2013-02-05 22:06 - 00057840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-01-04 18:40 - 2014-01-12 18:00 - 00000000 ____D C:\Users\sylvain\AppData\Local\Windows Live
2014-01-04 18:40 - 2014-01-04 18:40 - 00002164 _____ C:\Users\sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00002140 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00002140 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ___RD C:\Users\sylvain\SkyDrive
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-12-20 12:18 - 2013-12-20 12:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 18:38 - 2013-12-16 18:38 - 00001513 _____ C:\Users\sylvain\Desktop\Tropico4 - Raccourci.lnk

==================== One Month Modified Files and Folders =======

2014-01-12 18:13 - 2014-01-12 18:13 - 00000000 ____D C:\FRST
2014-01-12 18:04 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 18:04 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 18:03 - 2011-04-12 10:16 - 00704242 _____ C:\Windows\system32\perfh00C.dat
2014-01-12 18:03 - 2011-04-12 10:16 - 00130548 _____ C:\Windows\system32\perfc00C.dat
2014-01-12 18:03 - 2009-07-14 06:13 - 01549700 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 18:01 - 2013-06-29 09:35 - 01831958 _____ C:\Windows\WindowsUpdate.log
2014-01-12 18:00 - 2014-01-04 18:40 - 00000000 ____D C:\Users\sylvain\AppData\Local\Windows Live
2014-01-12 17:57 - 2013-11-23 06:34 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-12 17:57 - 2013-06-29 21:57 - 00617818 _____ C:\Windows\PFRO.log
2014-01-12 17:57 - 2013-06-29 21:57 - 00033094 _____ C:\Windows\setupact.log
2014-01-12 17:57 - 2013-06-29 09:44 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-12 17:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 17:53 - 2013-06-29 10:04 - 00000000 ____D C:\Users\sylvain\AppData\Roaming\vlc
2014-01-12 17:18 - 2013-06-30 21:11 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 19:28 - 2013-07-10 18:15 - 00000000 ____D C:\Users\sylvain\AppData\Local\CrashDumps
2014-01-05 15:30 - 2013-07-26 10:52 - 00000000 ____D C:\Users\sylvain\AppData\Roaming\Vso
2014-01-04 18:43 - 2014-01-04 18:43 - 00000000 ____D C:\Users\sylvain\Tracing
2014-01-04 18:43 - 2013-06-29 09:35 - 00000000 ____D C:\Users\sylvain
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\Windows\fr
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-04 18:42 - 2014-01-04 18:41 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-04 18:41 - 2014-01-04 18:41 - 00000000 ____D C:\Program Files\Windows Live
2014-01-04 18:41 - 2013-11-23 18:28 - 00010447 _____ C:\Windows\DirectX.log
2014-01-04 18:41 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-04 18:40 - 2014-01-04 18:40 - 00002164 _____ C:\Users\sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00002140 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00002140 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ___RD C:\Users\sylvain\SkyDrive
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-04 18:40 - 2014-01-04 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-12-30 06:32 - 2013-06-29 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 12:19 - 2013-12-20 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 20:49 - 2013-11-29 17:05 - 00000000 ____D C:\Users\sylvain\AppData\Roaming\Tropico 4
2013-12-16 18:38 - 2013-12-16 18:38 - 00001513 _____ C:\Users\sylvain\Desktop\Tropico4 - Raccourci.lnk
2013-12-15 12:32 - 2013-10-20 09:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 13:35 - 2013-08-23 22:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 13:35 - 2013-06-29 17:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\sylvain\AppData\Local\Temp\swt-win32-3448.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 18:56

==================== End Of Log ============================