[bendevos]

hello 

 

here is an OTL report for the pc of a friend.

 

I could only perform the OTL by starting in safe mode Otherwise the PC freezes after 5 minutes.

 

 

thanks a lot if you can help

Attached Files

•  OTL.Txt   66.11KB   237 downloads

Edited by bendevos, 20 January 2015 - 12:53 PM.

[Advertisements]

Hi,

 

Yes, glad to help    This is the second run of OTL. The first run also produced a file called Extras.txt   It will be in the Desktop as the OTL.txt was. Would you post it please? That is assuming the first run was reasonably close the time you ran it the second time.

 

Also, please cut and paste the results in a post rather than Attaching the file please.

[Biscuithd]

Hi,

 

Yes, glad to help    This is the second run of OTL. The first run also produced a file called Extras.txt   It will be in the Desktop as the OTL.txt was. Would you post it please? That is assuming the first run was reasonably close the time you ran it the second time.

 

Also, please cut and paste the results in a post rather than Attaching the file please.

[bendevos]

thanks.

 

yes here it is :

 

OTL Extras logfile created on: 18/01/2015 22:21:37 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

 

2,99 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,71% Memory free

6,18 Gb Paging File | 5,53 Gb Available in Paging File | 89,53% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 207,50 Gb Total Space | 13,50 Gb Free Space | 6,51% Space Free | Partition Type: NTFS

Drive D: | 25,37 Gb Total Space | 13,75 Gb Free Space | 54,19% Space Free | Partition Type: FAT32

Drive F: | 991,22 Mb Total Space | 937,34 Mb Free Space | 94,56% Space Free | Partition Type: FAT

 

Computer Name: PC-DE-CHRISTIAN | User Name: Christian | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Users\Christian\AppData\Roaming\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030B0900-DB72-429B-99BF-BE1F845D6005}" = rport=445 | protocol=6 | dir=out | app=system | 

"{038CB2F2-E664-4D6D-A441-04C1FF8A2760}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{14C6A351-4199-4581-9022-76D298BF5203}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{18143006-C2BA-4762-B8CD-7A2CDD8D90F9}" = lport=138 | protocol=17 | dir=in | app=system | 

"{25C61ACA-B6BC-4E07-8614-27F7F17D0019}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{26CA8D68-D9A0-4D16-BB27-15856AD65346}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{3295C0FB-35EE-41FE-91E9-D770212A1F89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{3D5052B5-E242-4F79-8C8E-6A382E71893C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{45020E5D-6ACD-4F43-88F1-DB397F79C226}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{52D30D02-D43C-43FF-8C2E-7FD8647688BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{6EC58813-E423-4285-B1FA-2B53B950C4D2}" = rport=137 | protocol=17 | dir=out | app=system | 

"{6F65F1FB-06A5-4D30-85D5-9CB54762CBE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{724D0578-21E6-4609-8F72-0C69A8AC6E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{79DEB1D1-DFBB-4B81-BE80-FF10D88FDE6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{80E047E6-016E-4865-A237-BC4E2FC93C38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{87E71F28-B7F3-4775-A1E9-D18467823386}" = lport=139 | protocol=6 | dir=in | app=system | 

"{8D3BDEBF-5236-4184-8570-8FEBC55D394C}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A5800D75-86D0-4108-B683-00822FC2EF30}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B0446549-F241-4AEC-BB37-5DEA42BED37F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C9CFB9CB-37B3-48F9-B3D1-B4301676B2CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D43E6999-550A-449A-902A-0728757CE7EA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 

"{DCB0601E-3BAC-45CB-83EB-CCEE16B6209A}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E8CDAA9B-41A4-4B3D-8E9C-CFAA17C75940}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{F91F15ED-128B-47E3-AA4E-2BAE64986BE2}" = lport=137 | protocol=17 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{125B3FB0-5CDA-442F-AC9A-04A46B050B36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1440A313-B7BD-4CF4-B92C-9D4039EE1AAD}" = protocol=1 | dir=in | [email protected],-28543 | 

"{1B2A9C2D-CF3E-4C14-9F65-D2298A8F9832}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1E1A0C90-AAE6-432C-95F7-0876C674EC52}" = protocol=1 | dir=out | [email protected],-28544 | 

"{21869824-910B-421E-BBD7-A042A3A7152C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{29661CA3-F38E-4B89-AF50-872FEDEA23F8}" = protocol=58 | dir=in | [email protected],-28545 | 

"{2994DE79-F2EE-47B3-A61B-7F2F0FBDBA61}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_342 | 

"{2D5045FC-428D-4F49-B52A-0D9A9D872778}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{370B6E19-658F-4213-BB8E-561337C7ADB8}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_604 | 

"{4901B96A-0411-47BA-9261-78DB6E08199E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{4961DC48-91DD-44D3-B790-E21A4F1746AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{5CC36BB7-D010-44EF-AD36-BD7896C74255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{7FB8DA6E-5C70-4DD6-9CDC-491F2DD3710B}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_612.decrpt | 

"{875C6073-B54E-4440-8DC8-7DE7A3B7EB45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{8E926EBD-55F0-45B2-A8A3-1402C3DE3C03}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_600 | 

"{8FF1A468-5A03-426C-BB94-421991DF4DE4}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_358.decrpt | 

"{970F6EEA-6154-41D3-9F6B-B3A1983360B7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{9AFF7F30-7F76-4153-9417-F9813A272082}" = protocol=58 | dir=out | [email protected],-28546 | 

"{9D852638-2859-46AB-9782-8EA33061763E}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{A900466E-6DB5-4D44-8C76-003346271E26}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_613 | 

"{B8B6FFF2-EDE3-46C7-BF77-44EE0F40CEC0}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 

"{BA568813-3FEB-474E-9BCF-56F60B9C7DE1}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_600 | 

"{CAA8C0FE-B303-4BCD-B14F-CF42377145B8}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_342 | 

"{CF370EE3-D7D9-41A5-B179-34636AD76217}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 

"{DCCF67F4-630B-4B3E-AA02-E44D9CF6DB2F}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_634 | 

"{DF7567D4-FE62-4D56-8E71-3C6B9C7E4EAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{DF971D02-571F-4CB3-B4A1-B317E942843B}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpc810551\component_583 | 

"{E90446A0-D014-4F20-BFA5-82DE69B07845}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe | 

"TCP Query User{1E29C790-812A-44DD-A1A7-D6AFD9FA0A40}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 

"TCP Query User{CAC24DF3-FC52-41A8-BCB7-C968EA294C8C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 

"TCP Query User{D81D5978-2694-4DEA-A001-9511C37DC626}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{17F644EA-6AF5-4BAB-9E8F-B6AF5DA92179}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{23AE7E25-C027-4367-91CB-BF73A017189D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 

"UDP Query User{AA164586-2A24-4872-98EA-C8FFE8EAA5CE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{46880D4F-A41E-46CB-8CB5-C3F79AF567EE}" = Ciel Easy Invoice 2.10

"{46FA9E9F-1B0F-4C6C-8F6D-F2365EDEA2B2}" = Sony Vegas 6.0

"{47659F12-27AE-3200-9B8A-2BD803020304}" = VASCO Card Reader Plug-In (32-Bit)

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}" = iTunes

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{853B8932-67F6-4973-A938-F5FAB12758E4}" = Ciel Account 2.0

"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2

"{8975E3CB-A762-4B14-BD62-A3972A098E82}" = File Association Helper

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISER_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISER_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISER_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007

"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISER_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0080-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.13) - Français

"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{C1CCEACB-C0F3-4D5C-AD2C-8EC2FFE7854E}" = Courriers Types et Emails

"{C507986C-A83D-3F09-9099-5E1AF20BE648}" = Microsoft .NET Framework 4.5.1 (FRA)

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}" = WinZip 19.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D05EE9EF-42AD-4A5F-AD55-EA8611ABD1A0}" = ScrapBook

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E320F1E2-4E3C-43B3-8F5E-5D08AA5C71F0}}_is1" = eJay Virtual Music Manager (build 5644)

"{E60901A3-490A-44E7-846A-925BCA2E38A7}" = Silhouette Studio

"{EAF4356D-974E-4F8E-9996-C286F0209A81}" = Noel

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"CCleaner" = CCleaner

"Design Manager" = Design Manager

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EPSON Printer and Utilities" = EPSON Logiciel imprimante

"EPSON Scanner" = EPSON Scan

"Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation" = Epson Stylus SX210_SX410_TX210_TX410 Manuel

"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall

"FinalMediaPlayer_is1" = Final Media Player 2011

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Guitare - Chansons et partitions" = Guitare - Chansons et partitions

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MP Navigator 1.0" = Canon MP Navigator 1.0

"Pen Tablet Driver" = Pen Tablet

"Piano Passion" = Piano Passion

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VDC_is1" = Video Download Converter version 1.0.0.0

"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar

"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1

"WinLiveSuite" = Windows Live

"WinRAR archiver" = Archiveur WinRAR

"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{c77cb28d-ddd3-46f7-b51a-14a599127ba7}" = VASCO Smart Card Reader Plug-In (User)

"PhotoFiltre" = PhotoFiltre

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = ESENT | ID = 515

Description = Windows (3204) Windows: Base de données C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb :

 la page 872 (0x00000368) a échoué à la vérification en raison d’une non-correspondance

 de dépendance d’ordre de vidage. Cette page doit être vidée avant la page 867 (0x00000363),

 mais cette dernière page a été vidée en premier. La récupération/restauration va

 échouer avec l’erreur -255. Si cette erreur persiste, restaurez la base de données

 à partir d’une sauvegarde précédente. Ce problème est probablement dû à la défectuosité

 d’un matériel qui a entraîné la « perte » d’un ou plusieurs vidages sur l’une ou

 sur les deux pages. Contactez votre fournisseur de matériel afin d’obtenir une 

assistance complémentaire pour diagnostiquer le problème.

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = ESENT | ID = 454

Description = Windows (3204) Windows: La récupération/restauration de la base de

 données a échoué avec l'erreur inattendue -255.

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 9000

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 7040

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 9002

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 3028

Description = 

 

Error - 18/01/2015 8:52:52 | Computer Name = PC-de-Christian | Source = Windows Search Service | ID = 3058

Description = 

 

Error - 18/01/2015 16:11:42 | Computer Name = PC-de-Christian | Source = EventSystem | ID = 4609

Description = 

 

[ Media Center Events ]

Error - 19/03/2012 12:27:17 | Computer Name = PC-de-Christian | Source = MCUpdate | ID = 0

Description = Échec de l'attente du mutex MCUpdate avec l'exception : « Attente 

terminée en raison d'un mutex abandonné. ».

 

[ OSession Events ]

Error - 15/04/2010 9:18:09 | Computer Name = PC-de-Christian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3009

 seconds with 2580 seconds of active time.  This session ended with a crash.

 

Error - 19/04/2010 10:36:04 | Computer Name = PC-de-Christian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86403

 seconds with 4380 seconds of active time.  This session ended with a crash.

 

Error - 19/04/2010 12:01:24 | Computer Name = PC-de-Christian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 4/11/2012 7:27:06 | Computer Name = PC-de-Christian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 18/01/2015 8:51:22 | Computer Name = PC-de-Christian | Source = EventLog | ID = 6008

Description = L'arrêt système précédant à 13:41:46 le 18/01/2015 n'était pas prévu.

 

Error - 18/01/2015 8:52:39 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10016

Description = 

 

Error - 18/01/2015 16:11:30 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:11:42 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:11:43 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:11:43 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:11:43 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:12:18 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:16:24 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

Error - 18/01/2015 16:42:43 | Computer Name = PC-de-Christian | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

[Biscuithd]

Hi again,
 
Thanks for the Extras.txt!
 
Well, it's sort of a good news, bad news thing. Yes, I found some malware. No, I didn't find anything that would account for only being able to boot in Safe Mode.
 
So, let's remove what I found. And, that will be the OTL fix. Then I'm going to ask you to run a different scan that might uncover the real crux of the problem.
 
Fix with OTL

Please re-run OTL with this removal script included.
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

• Right-click on icon and select Run as Administrator to start the tool.
• Under the Custom Scans/Fixes bar in the box paste in the following:
  

  :Commands
  [CreateRestorePoint]
  
  :OTL
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edzuxnbw.sys -- (edzuxnbw)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aepbkkuw.sys -- (aepbkkuw)
  IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
  IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
  IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm043^YY^be&si=EL_UTFIG_11&ptb=A53F3DAD-D07C-4B1B-B9FA-63549BCE127B&ind=2013033015&n=77fc7237&psa=&st=sb&searchfor={searchTerms}
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=390&systemid=406&v=a9396-117&apn_uid=3505480550014523&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-BE&FORM=MICJF2
  IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTF&o=15507&src=crm&q={searchTerms}&locale=fr_EU&apn_ptnrs=LJ&apn_dtid=YYYYYYYYBE&apn_uid=4828AD32-E2F0-426D-9D44-8625B92A55BE&apn_sauid=15544075-23E0-44D4-B210-7A9CBC25B7D7
  IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
  IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=R2pkairtbllKOq3C68NhfYxuVfE?q={searchTerms}
  IE - HKCU\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm043^YY^be&si=EL_UTFIG_11&ptb=A53F3DAD-D07C-4B1B-B9FA-63549BCE127B&ind=2013033015&n=77fc7237&psa=&st=sb&searchfor={searchTerms}
  IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=390&systemid=406&v=a9396-117&apn_uid=3505480550014523&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
  IE - HKCU\..\SearchScopes\{A83764BB-01DD-4B91-8FDC-45853BD52C1F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703
  IE - HKCU\..\SearchScopes\Live Search: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-BE&FORM=MICJF2
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
  O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
  O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
  
  :Commands
  [EmptyTemp]
  [ResetHosts]
  [Reboot]
  
  

• Push Run Fix and wait patiently.
• If asked to reboot, please allow it to.
• A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

[bendevos]

first step 

 

All processes killed

========== COMMANDS ==========

System Restore Service not available.

========== OTL ==========

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File system32\DRIVERS\nwlnkfwd.sys not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File system32\DRIVERS\nwlnkflt.sys not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File system32\DRIVERS\ipinip.sys not found.

Service IntcAzAudAddService stopped successfully!

Service IntcAzAudAddService deleted successfully!

File system32\drivers\RTKVHDA.sys not found.

Service edzuxnbw stopped successfully!

Service edzuxnbw deleted successfully!

File C:\Windows\system32\drivers\edzuxnbw.sys not found.

Service DSDrv4 stopped successfully!

Service DSDrv4 deleted successfully!

File C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys not found.

Service aepbkkuw stopped successfully!

Service aepbkkuw deleted successfully!

File C:\Windows\system32\drivers\aepbkkuw.sys not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A83764BB-01DD-4B91-8FDC-45853BD52C1F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A83764BB-01DD-4B91-8FDC-45853BD52C1F}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Christian

->Temp folder emptied: 380162 bytes

->Temporary Internet Files folder emptied: 6116586 bytes

->Java cache emptied: 6412447 bytes

->Google Chrome cache emptied: 10756935 bytes

->Flash cache emptied: 57083 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 14648 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2752854 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 14337285 bytes

 

Total Files Cleaned = 39,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 01202015_205457

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[bendevos]

I am looking for the 32 bits version of frst64

[bendevos]

http://www.bleepingc...can-tool/dl/81/

Edited by bendevos, 20 January 2015 - 02:25 PM.

[Biscuithd]

Sorry, I mistakenly gave you the 64 bit version. Here is the 32 Bit

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

[bendevos]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by Christian at 2015-01-20 21:28:58

Running from C:\Users\Christian\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Archiveur WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

Azurewave Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator 1.0 (HKLM\...\MP Navigator 1.0) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Ciel Account 2.0 (HKLM\...\{853B8932-67F6-4973-A938-F5FAB12758E4}) (Version: 230.00.243 - Ciel)

Ciel Easy Invoice 2.10 (HKLM\...\{46880D4F-A41E-46CB-8CB5-C3F79AF567EE}) (Version: 81.00.0000 - Ciel)

Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)

Courriers Types et Emails (HKLM\...\{C1CCEACB-C0F3-4D5C-AD2C-8EC2FFE7854E}) (Version: 1.10.0000 - Micro Application)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Design Manager (HKLM\...\Design Manager) (Version:  - )

eJay Virtual Music Manager (build 5644) (HKLM\...\{E320F1E2-4E3C-43B3-8F5E-5D08AA5C71F0}}_is1) (Version: 2007.0.0.5644 - Intermedia Software)

EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)

EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden

EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )

Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)

EPSON Logiciel imprimante (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )

EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )

Epson Stylus SX210_SX410_TX210_TX410 Manuel (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation) (Version:  - )

EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)

File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION

Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Guitare - Chansons et partitions (HKLM\...\Guitare - Chansons et partitions) (Version:  - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager V1.5.0 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0 - Wistron Corp.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-0080-040C-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (French) (HKLM\...\{95120000-00AF-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microtek FineReader OCR Engine (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version:  - )

Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISER_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)

Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)

Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISER_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)

Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISER_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)

Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)

Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISER_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)

Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)

Module de compatibilité pour Microsoft Office System 2007 (HKLM\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version:  - Microsoft Corporation)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

Noel (HKLM\...\{EAF4356D-974E-4F8E-9996-C286F0209A81}) (Version: 6.10.2000 - Micro Application)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OpenOffice.org 3.3 (HKLM\...\{7E0610A2-E336-40B3-B685-C4905E97EC9A}) (Version: 3.3.9567 - OpenOffice.org)

Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)

PhotoFiltre (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\PhotoFiltre) (Version:  - )

Piano Passion (HKLM\...\Piano Passion) (Version:  - )

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)

ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )

ScrapBook (HKLM\...\{D05EE9EF-42AD-4A5F-AD55-EA8611ABD1A0}) (Version: 6.10.2000 - Micro Application)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Silhouette Studio (HKLM\...\{E60901A3-490A-44E7-846A-925BCA2E38A7}) (Version: 1.9.0 - Aspex Research & Technology)

Sony Vegas 6.0 (HKLM\...\{46FA9E9F-1B0F-4C6C-8F6D-F2365EDEA2B2}) (Version: 6.0.84 - Sony)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.14.0 - Synaptics)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

VASCO Card Reader Plug-In (32-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden

VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION

Whale Communications' Client Components v3.7.1 (HKLM\...\Whale Communications' Client Components 3.1.0) (Version:  - )

Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live FolderShare (HKLM\...\{2075CB0A-D26F-4DAA-B424-5079296B43BA}) (Version: 14.0.8089.726 - Microsoft Corporation)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )

Wisdom-soft Set up ScreenHunter 5.1 Free (HKLM\...\Wisdom-soft Set up ScreenHunter 5.1 Free) (Version:  - Wisdom Software Inc.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\InprocServer32 -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dc67367a-8b15-47bc-b7f8-0ba0435a504a}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dcedfcbf-c7d1-4b81-a20f-7524d306135e}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)

 

==================== Restore Points  =========================

 

Could not list restore points.

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 11:23 - 2015-01-20 20:55 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {056F5D32-4E7B-45B2-9403-879880485F7B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Task: {05ADBD4F-E8A1-4169-AAD5-9F0CAA22B2B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {06523615-C02D-4EC9-87B8-964E38AD05C7} - System32\Tasks\QtraxPlayer => 1826085866.portal.qtrax.com

Task: {1952F341-C48A-4740-A03D-4856246DF720} - System32\Tasks\{C3403CF8-0D14-45B0-AC1E-56B3A4DCADA1} => pcalua.exe -a C:\Users\Christian\Desktop\setupscreenhunterfree.exe -d C:\Users\Christian\Desktop

Task: {1D2663E0-AEA3-4DEC-82C8-9E58F864EEDD} - System32\Tasks\Start Registry Reviver => C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe

Task: {3C3FA579-0D03-4C15-B983-6714E0FC953F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....AJKILIBNKJHIKJ"

Task: {61BF426E-2364-4C31-8443-31D65D15F03D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)

Task: {6A7027B9-D5A5-42B4-BEA9-D9AADBE062DD} - System32\Tasks\{B1F8BE09-658F-4333-ADE3-5D68C95ED4B8} => Iexplore.exe http://ui.skype.com/...#38;page=tsBing

Task: {78291E39-0EF2-420D-87A5-CEB4097D30E0} - System32\Tasks\{9CC62E4F-D577-4CDB-BCF1-326BABCD9555} => pcalua.exe -a C:\Users\Christian\Desktop\10_04_frames.exe -d C:\Users\Christian\Desktop

Task: {835F81D8-4827-4855-BE7E-7814B8BB8ADB} - System32\Tasks\Microsoft\Windows\RestartManager\{2C546B00-7217-472d-9325-FE1B9748AC6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {85A80E30-262E-4438-8F54-AB51CB0F12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9ABA16E8-B2C9-49C3-83A8-B455EEA22C1F} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2124871150-1497044009-3645244258-1000\{08B0B2D5-3FB3-11D3-A4DE-00C04F610189}\Microsoft SQL Server 2000 - Planification de la synchronisation => C:\Windows\system32\mobsync.exe [2008-01-21] (Microsoft Corporation)

Task: {BC2151C7-4350-4C16-80A3-857E02819640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {CA37D547-D056-4444-864B-5583CE0E0A7B} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {CC574EC8-75C2-46E8-A01F-E6446784EAB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {D1923E7E-1655-452B-90B3-76E74CF97B36} - System32\Tasks\{BAA31C96-1B58-4D3A-ACC0-7A3F4A5676BB} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar

Task: {D7E4F295-306E-4441-AA00-E26827087C70} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-11] (Bitberry Software)

Task: {DEB5FCCE-5839-4D42-96FB-71BFA6A2D025} - System32\Tasks\Microsoft\Windows\RestartManager\{4903B92A-8FE6-4098-8128-5396DB285114} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {EC487DC8-1185-45FE-9DAB-CA943D2DF37C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {F4C0E387-FC5E-44B9-AA19-02F45CC2E209} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Christian => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: {FBFDDB59-77FD-4603-A588-A3CB033A60E3} - System32\Tasks\{DF6CD692-8BC3-4654-B612-B4C6DD95148F} => pcalua.exe -a E:\install.exe -d E:\

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{6C7CAD5D-0F3D-4860-9722-FB54520B436D}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-06-05 14:10 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

2014-12-12 19:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 19:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrateur (S-1-5-21-2124871150-1497044009-3645244258-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2124871150-1497044009-3645244258-1002 - Limited - Enabled)

Christian (S-1-5-21-2124871150-1497044009-3645244258-1000 - Administrator - Enabled) => C:\Users\Christian

Invité (S-1-5-21-2124871150-1497044009-3645244258-501 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/20/2015 09:23:33 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/20/2015 07:23:13 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/19/2015 10:45:50 PM) (Source: TabletServicePen) (EventID: 0) (User: )

Description: Could not init tablet driver

 

Error: (01/19/2015 10:29:33 PM) (Source: TabletServicePen) (EventID: 0) (User: )

Description: Could not init tablet driver

 

Error: (01/18/2015 09:11:42 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Impossible d'initialiser l'application.

 

Contexte : Application Windows

 

Détails :

Impossible de lire les métadonnées de l'index du contenu.   (0xc0041801)

 

Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Impossible d'initialiser l'objet rassembleur.

 

Contexte : Application Windows, Catalogue SystemIndex

 

Détails :

Impossible de lire les métadonnées de l'index du contenu.   (0xc0041801)

 

Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Impossible d'initialiser le plug-in dans <Search.TripoliIndexer>.

 

Contexte : Application Windows, Catalogue SystemIndex

 

Détails :

Élément introuvable.   (0x80070490)

 

Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Impossible d'initialiser le plug-in dans <Search.JetPropStore>.

 

Contexte : Application Windows, Catalogue SystemIndex

 

Détails :

Impossible de lire les métadonnées de l'index du contenu.   (0xc0041801)

 

Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Le service Windows Search ne peut pas charger les informations de la banque de propriétés.

 

Contexte : Application Windows, Catalogue SystemIndex

 

Détails :

0x%08x (0xc0041800 - Impossible de lire l'index du contenu.  )

 

 

System errors:

=============

Error: (01/20/2015 09:23:35 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/20/2015 09:23:34 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (01/20/2015 09:23:33 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/20/2015 09:23:22 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (01/20/2015 09:22:57 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: L'arrêt système précédant à 21:15:54 le 20/01/2015 n'était pas prévu.

 

Error: (01/20/2015 08:57:49 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)

Description: spécifiques à l'applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}AUTORITE NTSYSTEMS-1-5-18LocalHost (utilisation de LRPC)

 

Error: (01/20/2015 07:49:01 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

 

Error: (01/20/2015 07:23:17 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/20/2015 07:23:14 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (01/20/2015 07:23:13 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

Microsoft Office Sessions:

=========================

Error: (11/04/2012 00:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (04/19/2010 05:01:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (04/19/2010 03:36:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86403 seconds with 4380 seconds of active time.  This session ended with a crash.

 

Error: (04/15/2010 02:18:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3009 seconds with 2580 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-20 21:28:43.121

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:42.408

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:41.687

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:40.918

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:39.918

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:39.136

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:38.434

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 21:28:37.643

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 19:30:18.953

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-20 19:30:18.127

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

Percentage of memory in use: 23%

Total physical RAM: 3061.69 MB

Available physical RAM: 2330.25 MB

Total Pagefile: 6325.63 MB

Available Pagefile: 5786.51 MB

Total Virtual: 2047.88 MB

Available Virtual: 1915.69 MB

 

==================== Drives ================================

 

Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:124.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:13.75 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 33BAFD88)

Partition 1: (Active) - (Size=207.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=25.4 GB) - (Type=OF Extended)

 

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015

Ran by Christian (administrator) on PC-DE-CHRISTIAN on 20-01-2015 21:27:49

Running from C:\Users\Christian\Downloads

Loaded Profiles: Christian (Available profiles: Christian)

Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: Français (France)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)

HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()

HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)

HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"

HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)

HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)

HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2007-02-22] (McAfee, Inc.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-12-19] (McAfee, Inc.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-02] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\MountPoints2: {e8a0a446-0ce4-11de-baf3-000ae4cee6c4} - F:\LaunchU3.exe -a

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\MountPoints2: {f234795d-91e8-11e0-89cd-0015afbb31dd} - H:\LaunchU3.exe -a

HKU\S-1-5-18\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk

ShortcutTarget: Scanner Finder.lnk -> C:\Program Files\ScanWizard 5\ScannerFinder.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk

ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\PROGRA~2\EF42F0E2.cpp (No File)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/de...fr-be&ocid=iehp

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Live Search URL = http://search.live.c...-BE&FORM=MICJF2

SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = http://www.bing.com/...-FR&form=MOAWA1

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldfr-be.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://belgacom.extr...geUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://brains.sieme.../WhlCompMgr.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldfr-be.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2124871150-1497044009-3645244258-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-08]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]

FF Extension: SpecialSavings - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-03-25]

FF HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4

CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]

CHR Extension: (My Scrap Nook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-01-20]

CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [423576 2009-02-24] (Whale Communications, a Microsoft subsidiary)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)

S2 gupdate1ca0724da638462; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-12-19] (McAfee, Inc.)

S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2007-02-22] (McAfee, Inc.)

S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2007-02-22] (McAfee, Inc.)

S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]

S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]

S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]

S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [316224 2010-01-22] ()

S1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)

S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2007-02-22] (McAfee, Inc.)

S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)

R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)

S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)

R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)

R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-20 21:27 - 2015-01-20 21:28 - 00019701 _____ () C:\Users\Christian\Downloads\FRST.txt

2015-01-20 21:26 - 2015-01-20 21:27 - 00000000 ____D () C:\FRST

2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe

2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (1).exe

2015-01-20 20:59 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe

2015-01-20 20:58 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe

2015-01-20 20:58 - 2015-01-20 20:58 - 00018112 _____ () C:\Users\Christian\Downloads\téléchargement.htm

2015-01-20 20:54 - 2015-01-20 20:54 - 00000000 ____D () C:\_OTL

2015-01-20 19:23 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BCB7B62.sys

2015-01-18 22:53 - 2015-01-20 21:00 - 00052405 _____ () C:\Windows\WindowsUpdate.log

2015-01-18 22:50 - 2015-01-20 21:22 - 00045914 _____ () C:\Windows\PFRO.log

2015-01-18 22:46 - 2015-01-18 22:46 - 00063578 _____ () C:\Users\Christian\Desktop\Extras.Txt

2015-01-18 22:45 - 2015-01-20 19:41 - 00067698 _____ () C:\Users\Christian\Desktop\OTL.Txt

2015-01-18 22:15 - 2015-01-18 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe

2015-01-18 21:57 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-18 21:54 - 2015-01-18 21:54 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-18 21:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-18 21:54 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-18 21:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-18 21:48 - 2015-01-18 21:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon

2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\Program Files\Canon

2015-01-18 13:22 - 2015-01-18 13:22 - 00000000 __SHD () C:\found.001

2015-01-18 13:05 - 2015-01-18 13:08 - 00000459 _____ () C:\ProgramData\RUNDLL32.EXE-4168-F.txt

2015-01-18 12:13 - 2015-01-18 12:16 - 00000463 _____ () C:\ProgramData\RUNDLL32.EXE-5568-F.txt

2015-01-18 11:54 - 2015-01-18 11:58 - 00000569 _____ () C:\ProgramData\RUNDLL32.EXE-6108-F.txt

2015-01-14 16:39 - 2015-01-14 16:40 - 00000342 _____ () C:\ProgramData\RUNDLL32.EXE-5680-F.txt

2015-01-14 16:29 - 2015-01-14 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2015-01-14 16:27 - 2015-01-14 16:31 - 00000574 _____ () C:\ProgramData\RUNDLL32.EXE-4116-F.txt

2015-01-12 17:21 - 2015-01-12 17:24 - 00000504 _____ () C:\ProgramData\RUNDLL32.EXE-3260-F.txt

2015-01-12 17:09 - 2015-01-12 17:11 - 00000447 _____ () C:\ProgramData\RUNDLL32.EXE-4964-F.txt

2015-01-05 18:40 - 2015-01-05 18:41 - 00000229 _____ () C:\ProgramData\RUNDLL32.EXE-5076-F.txt

2015-01-05 17:26 - 2015-01-05 17:28 - 00000273 _____ () C:\ProgramData\RUNDLL32.EXE-5832-F.txt

2015-01-05 17:14 - 2015-01-05 17:16 - 00000383 _____ () C:\ProgramData\RUNDLL32.EXE-4852-F.txt

2015-01-05 16:58 - 2015-01-05 17:00 - 00000383 _____ () C:\ProgramData\RUNDLL32.EXE-5992-F.txt

2015-01-01 10:44 - 2015-01-01 10:45 - 00000280 _____ () C:\ProgramData\RUNDLL32.EXE-5652-F.txt

2014-12-31 18:55 - 2014-12-31 18:57 - 00000335 _____ () C:\ProgramData\RUNDLL32.EXE-4528-F.txt

2014-12-30 22:51 - 2014-12-30 22:52 - 00000281 _____ () C:\ProgramData\RUNDLL32.EXE-5340-F.txt

2014-12-30 22:25 - 2014-12-30 22:27 - 00000337 _____ () C:\ProgramData\RUNDLL32.EXE-4904-F.txt

2014-12-30 16:38 - 2014-12-30 16:41 - 00000513 _____ () C:\ProgramData\RUNDLL32.EXE-5156-F.txt

2014-12-28 09:41 - 2014-12-28 09:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VASCO

2014-12-28 09:39 - 2014-12-28 09:39 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin (1).exe

2014-12-28 09:38 - 2014-12-28 09:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Package Cache

2014-12-28 09:37 - 2014-12-28 09:38 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin.exe

2014-12-28 09:15 - 2014-12-28 09:16 - 04339712 _____ () C:\Users\Christian\Downloads\coccole-di-mamma1.pps

2014-12-27 13:13 - 2014-12-28 19:54 - 00035146 _____ () C:\ProgramData\RUNDLL32.EXE-5948-F.txt

2014-12-26 16:04 - 2014-12-26 16:04 - 00020142 _____ () C:\Users\Christian\Documents\josette+jm.tif

2014-12-26 16:01 - 2014-12-26 16:01 - 00013773 _____ () C:\Users\Christian\Documents\irène+jm.tif

2014-12-26 15:59 - 2014-12-26 15:59 - 00007554 _____ () C:\Users\Christian\Documents\odile 1.tif

2014-12-26 15:55 - 2014-12-26 15:55 - 00015931 _____ () C:\Users\Christian\Documents\yvette et jozette.tif

2014-12-26 07:59 - 2014-12-27 01:58 - 00056901 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt

2014-12-23 12:36 - 2014-12-23 12:36 - 00033280 _____ () C:\Users\Christian\Downloads\Rondou décompte individuel 2014.xls

2014-12-21 10:37 - 2014-12-21 10:37 - 00001216 _____ () C:\Users\Christian\Downloads\Creativeworld.ics

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-20 21:04 - 2009-07-17 22:29 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-20 20:57 - 2012-04-28 19:57 - 00000394 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job

2015-01-20 20:56 - 2009-07-17 22:29 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-20 20:56 - 2009-01-14 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\WTablet

2015-01-20 20:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-20 20:56 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-20 20:56 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-20 20:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization

2015-01-20 20:25 - 2009-05-15 20:34 - 00000000 ____D () C:\QUARANTINE

2015-01-20 19:42 - 2013-05-30 14:21 - 00000000 ____D () C:\Program Files\Search Results Toolbar

2015-01-18 22:53 - 2013-02-28 14:02 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-18 22:48 - 2013-07-28 17:32 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\SpeedAnalysis2

2015-01-18 22:36 - 2014-06-10 10:08 - 00000000 ____D () C:\ProgramData\BD4BB20635D3174C8E8D07497967FA8D

2015-01-18 21:16 - 2008-12-25 12:00 - 00000000 ____D () C:\Windows\Minidump

2015-01-18 20:23 - 2006-11-02 14:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-05 17:14 - 2014-07-02 22:53 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-12-27 13:19 - 2009-05-06 17:48 - 00002687 _____ () C:\Users\Christian\Desktop\Microsoft Office Word 2007.lnk

2014-12-26 15:52 - 2013-01-31 11:56 - 00002581 _____ () C:\Users\Christian\Desktop\ABBYY FineReader 6.0 Sprint.lnk

2014-12-24 18:20 - 2014-12-20 19:05 - 00194022 _____ () C:\ProgramData\RUNDLL32.EXE-5172-F.txt

 

==================== Files in the root of some directories =======

2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 _____ () C:\Users\Christian\AppData\Roaming\Mallets

2009-01-08 23:18 - 2009-05-06 17:18 - 0001380 _____ () C:\Users\Christian\AppData\Roaming\wklnhst.dat

2008-10-25 17:18 - 2008-10-25 17:18 - 0000552 _____ () C:\Users\Christian\AppData\Local\d3d8caps.dat

2012-03-15 10:42 - 2014-07-11 21:09 - 0000680 _____ () C:\Users\Christian\AppData\Local\d3d9caps.dat

2008-11-06 17:54 - 2014-12-06 11:42 - 0120832 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-06-05 14:00 - 2009-06-05 14:00 - 0000097 _____ () C:\Users\Christian\AppData\Local\fusioncache.dat

2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\Users\Christian\AppData\Local\olralxi5ci8w

2014-03-26 18:08 - 2014-03-26 18:08 - 95027928 ____T () C:\ProgramData\7t87rjao.bbr

2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\Mail

2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\MAS

2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\ProgramData\olralxi5ci8w

2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT

2014-10-31 01:44 - 2014-10-31 02:37 - 0008254 _____ () C:\ProgramData\RUNDLL32.EXE-11120-F.txt

2014-12-18 14:36 - 2014-12-19 17:50 - 0263675 _____ () C:\ProgramData\RUNDLL32.EXE-11944-F.txt

2014-12-02 10:51 - 2014-12-02 21:30 - 0035129 _____ () C:\ProgramData\RUNDLL32.EXE-1344-F.txt

2014-12-04 17:22 - 2014-12-04 18:40 - 0011339 _____ () C:\ProgramData\RUNDLL32.EXE-1388-F.txt

2014-11-09 08:09 - 2014-11-10 01:53 - 0051426 _____ () C:\ProgramData\RUNDLL32.EXE-2100-F.txt

2014-11-01 17:32 - 2014-11-11 20:43 - 0051542 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt

2014-10-30 10:08 - 2014-10-31 01:42 - 0029639 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt

2014-10-30 01:11 - 2014-10-30 01:45 - 0005344 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt

2014-12-26 07:59 - 2014-12-27 01:58 - 0056901 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt

2014-11-27 12:47 - 2014-11-30 10:30 - 0025965 _____ () C:\ProgramData\RUNDLL32.EXE-3184-F.txt

2015-01-12 17:21 - 2015-01-12 17:24 - 0000504 _____ () C:\ProgramData\RUNDLL32.EXE-3260-F.txt

2014-12-12 13:09 - 2014-12-14 03:03 - 0051472 _____ () C:\ProgramData\RUNDLL32.EXE-3704-F.txt

2014-10-31 17:30 - 2014-10-31 23:03 - 0052444 _____ () C:\ProgramData\RUNDLL32.EXE-3724-F.txt

2014-11-25 11:35 - 2014-11-27 02:15 - 0052060 _____ () C:\ProgramData\RUNDLL32.EXE-3800-F.txt

2014-12-19 17:50 - 2014-12-19 22:49 - 0027078 _____ () C:\ProgramData\RUNDLL32.EXE-3884-F.txt

2015-01-14 16:27 - 2015-01-14 16:31 - 0000574 _____ () C:\ProgramData\RUNDLL32.EXE-4116-F.txt

2014-12-15 10:08 - 2014-12-18 14:34 - 0116446 _____ () C:\ProgramData\RUNDLL32.EXE-4132-F.txt

2015-01-18 13:05 - 2015-01-18 13:08 - 0000459 _____ () C:\ProgramData\RUNDLL32.EXE-4168-F.txt

2014-07-04 13:51 - 2014-07-04 13:51 - 0000215 _____ () C:\ProgramData\RUNDLL32.EXE-4344-F.txt

2014-06-18 08:19 - 2014-06-18 08:19 - 0000103 _____ () C:\ProgramData\RUNDLL32.EXE-4456-F.txt

2014-12-31 18:55 - 2014-12-31 18:57 - 0000335 _____ () C:\ProgramData\RUNDLL32.EXE-4528-F.txt

2014-11-24 17:20 - 2014-11-25 03:35 - 0052557 _____ () C:\ProgramData\RUNDLL32.EXE-4544-F.txt

2014-11-20 23:22 - 2014-11-24 17:09 - 0057289 _____ () C:\ProgramData\RUNDLL32.EXE-4760-F.txt

2015-01-05 17:14 - 2015-01-05 17:16 - 0000383 _____ () C:\ProgramData\RUNDLL32.EXE-4852-F.txt

2014-12-14 17:49 - 2014-12-15 01:26 - 0063254 _____ () C:\ProgramData\RUNDLL32.EXE-4896-F.txt

2014-12-30 22:25 - 2014-12-30 22:27 - 0000337 _____ () C:\ProgramData\RUNDLL32.EXE-4904-F.txt

2015-01-12 17:09 - 2015-01-12 17:11 - 0000447 _____ () C:\ProgramData\RUNDLL32.EXE-4964-F.txt

2015-01-05 18:40 - 2015-01-05 18:41 - 0000229 _____ () C:\ProgramData\RUNDLL32.EXE-5076-F.txt

2014-12-30 16:38 - 2014-12-30 16:41 - 0000513 _____ () C:\ProgramData\RUNDLL32.EXE-5156-F.txt

2014-12-20 19:05 - 2014-12-24 18:20 - 0194022 _____ () C:\ProgramData\RUNDLL32.EXE-5172-F.txt

2014-11-12 11:18 - 2014-11-13 03:31 - 0007906 _____ () C:\ProgramData\RUNDLL32.EXE-5200-F.txt

2014-12-30 22:51 - 2014-12-30 22:52 - 0000281 _____ () C:\ProgramData\RUNDLL32.EXE-5340-F.txt

2015-01-18 12:13 - 2015-01-18 12:16 - 0000463 _____ () C:\ProgramData\RUNDLL32.EXE-5568-F.txt

2015-01-01 10:44 - 2015-01-01 10:45 - 0000280 _____ () C:\ProgramData\RUNDLL32.EXE-5652-F.txt

2015-01-14 16:39 - 2015-01-14 16:40 - 0000342 _____ () C:\ProgramData\RUNDLL32.EXE-5680-F.txt

2015-01-05 17:26 - 2015-01-05 17:28 - 0000273 _____ () C:\ProgramData\RUNDLL32.EXE-5832-F.txt

2014-11-17 10:06 - 2014-11-20 03:16 - 0109684 _____ () C:\ProgramData\RUNDLL32.EXE-5856-F.txt

2014-12-27 13:13 - 2014-12-28 19:54 - 0035146 _____ () C:\ProgramData\RUNDLL32.EXE-5948-F.txt

2015-01-05 16:58 - 2015-01-05 17:00 - 0000383 _____ () C:\ProgramData\RUNDLL32.EXE-5992-F.txt

2014-12-05 12:01 - 2014-12-08 10:25 - 0022258 _____ () C:\ProgramData\RUNDLL32.EXE-6000-F.txt

2014-12-09 15:49 - 2014-12-11 12:35 - 0061256 _____ () C:\ProgramData\RUNDLL32.EXE-6068-F.txt

2014-11-13 09:55 - 2014-11-14 22:27 - 0027304 _____ () C:\ProgramData\RUNDLL32.EXE-6088-F.txt

2015-01-18 11:54 - 2015-01-18 11:58 - 0000569 _____ () C:\ProgramData\RUNDLL32.EXE-6108-F.txt

2014-06-10 10:08 - 2014-06-10 10:08 - 0000114 _____ () C:\ProgramData\RUNDLL32.EXE-7432-F.txt

2014-11-30 10:35 - 2014-12-01 20:06 - 0084162 _____ () C:\ProgramData\RUNDLL32.EXE-820-F.txt

2014-11-03 10:54 - 2014-11-06 19:29 - 0057467 _____ () C:\ProgramData\RUNDLL32.EXE-876-F.txt

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-20 19:21

 

==================== End Of Log ============================

[Biscuithd]

Yes, that helped a lot

Let's see how this goes.

Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  

  start
  Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION
  Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
  Task: {CA37D547-D056-4444-864B-5583CE0E0A7B} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
  HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
  HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
  HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
  HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
  SearchScopes: HKLM -> DefaultScope value is missing.
  SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
  C:\ProgramData\RUNDLL32*
  Hosts:
  CreateRestorePoint:
  end

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

When all of these complete, and assuming there are no issues running the tools, use the computer a little bit an let me know if the initial problem has been solved.

[bendevos]

Will try that. Thanks a lot already

[bendevos]

after several hours it keeps running

 

Here is the output 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015

Ran by Christian at 2015-01-21 17:31:05 Run:3

Running from C:\Users\Christian\Desktop

Loaded Profiles: Christian (Available profiles: Christian)

Boot Mode: Safe Mode (with Networking)

 

==============================================

 

Content of fixlist:

*****************

start

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION

Task: {CA37D547-D056-4444-864B-5583CE0E0A7B} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

C:\ProgramData\RUNDLL32*

Hosts:

CreateRestorePoint:

end

*****************

 

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA37D547-D056-4444-864B-5583CE0E0A7B} => Key not found. 

C:\Windows\System32\Tasks\LaunchSignup not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile => Key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 

"C:\ProgramData\RUNDLL32*" => File/Directory not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

Error: Restore point can only be created in normal mode.

[bendevos]

in normal mode... it had the time to perform it before the freeze

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015

Ran by Christian at 2015-01-21 17:49:09 Run:4

Running from C:\Users\Christian\Desktop

Loaded Profiles: Christian (Available profiles: Christian)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION

Task: {CA37D547-D056-4444-864B-5583CE0E0A7B} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

C:\ProgramData\RUNDLL32*

Hosts:

CreateRestorePoint:

end

*****************

 

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA37D547-D056-4444-864B-5583CE0E0A7B} => Key not found. 

C:\Windows\System32\Tasks\LaunchSignup not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe => Key not found. 

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile => Key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 

"C:\ProgramData\RUNDLL32*" => File/Directory not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

Restore point was successfully created.

 

==== End of Fixlog 17:51:01 ====

[Biscuithd]

Are you saying that in Normal Boot Mode it still locks up?

Also, please run another FRST scan for me.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.•Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
•When the tool opens click Yes to disclaimer.
•Make sure that Addition option is checked.
•Press Scan button and wait.
•The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.

[bendevos]

here is the output of a new scan run in safe mode (yes normal mode still freezes)

 

thanks you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015

Ran by Christian (administrator) on PC-DE-CHRISTIAN on 21-01-2015 18:20:13

Running from C:\Users\Christian\Desktop

Loaded Profiles: Christian (Available profiles: Christian)

Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: Français (France)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)

HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()

HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)

HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"

HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)

HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)

HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2007-02-22] (McAfee, Inc.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-12-19] (McAfee, Inc.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)

HKU\S-1-5-18\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk

ShortcutTarget: Scanner Finder.lnk -> C:\Program Files\ScanWizard 5\ScannerFinder.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk

ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\PROGRA~2\EF42F0E2.cpp (No File)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Live Search URL = http://search.live.c...-BE&FORM=MICJF2

SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = http://www.bing.com/...-FR&form=MOAWA1

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldfr-be.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://belgacom.extr...geUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://brains.sieme.../WhlCompMgr.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldfr-be.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2124871150-1497044009-3645244258-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-08]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]

FF Extension: SpecialSavings - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-03-25]

FF HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4

CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]

CHR Extension: (My Scrap Nook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-01-20]

CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [423576 2009-02-24] (Whale Communications, a Microsoft subsidiary)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)

S2 gupdate1ca0724da638462; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-12-19] (McAfee, Inc.)

S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2007-02-22] (McAfee, Inc.)

S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2007-02-22] (McAfee, Inc.)

S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]

S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]

S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]

R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]

S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [316224 2010-01-22] ()

S1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)

S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2007-02-22] (McAfee, Inc.)

S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)

R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)

S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)

R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)

R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

U3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [X]

U3 mbr; \??\C:\ComboFix\mbr.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-21 18:20 - 2015-01-21 18:20 - 00019050 _____ () C:\Users\Christian\Desktop\FRST.txt

2015-01-21 18:07 - 2015-01-21 18:15 - 00000000 ____D () C:\ComboFix

2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Windows\erdnt

2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Qoobox

2015-01-21 18:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-21 18:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-21 18:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-21 18:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-21 18:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-21 18:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-21 18:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-21 18:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-21 17:32 - 2015-01-21 17:32 - 05608785 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe

2015-01-21 17:29 - 2015-01-21 17:29 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe

2015-01-20 23:09 - 2015-01-20 23:09 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (2).exe

2015-01-20 21:28 - 2015-01-20 21:29 - 00030556 _____ () C:\Users\Christian\Downloads\Addition.txt

2015-01-20 21:27 - 2015-01-20 21:29 - 00034049 _____ () C:\Users\Christian\Downloads\FRST.txt

2015-01-20 21:26 - 2015-01-21 18:20 - 00000000 ____D () C:\FRST

2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (1).exe

2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe

2015-01-20 20:58 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe

2015-01-20 20:58 - 2015-01-20 20:58 - 00018112 _____ () C:\Users\Christian\Downloads\téléchargement.htm

2015-01-20 20:54 - 2015-01-20 20:54 - 00000000 ____D () C:\_OTL

2015-01-20 19:23 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BCB7B62.sys

2015-01-18 22:53 - 2015-01-21 17:51 - 00060385 _____ () C:\Windows\WindowsUpdate.log

2015-01-18 22:50 - 2015-01-20 21:22 - 00045914 _____ () C:\Windows\PFRO.log

2015-01-18 22:46 - 2015-01-18 22:46 - 00063578 _____ () C:\Users\Christian\Desktop\Extras.Txt

2015-01-18 22:45 - 2015-01-20 19:41 - 00067698 _____ () C:\Users\Christian\Desktop\OTL.Txt

2015-01-18 22:15 - 2015-01-18 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe

2015-01-18 21:57 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-18 21:54 - 2015-01-18 21:54 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-18 21:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-18 21:54 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-18 21:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-18 21:48 - 2015-01-18 21:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon

2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\Program Files\Canon

2015-01-18 13:22 - 2015-01-18 13:22 - 00000000 ____D () C:\found.001

2015-01-14 16:29 - 2015-01-14 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-12-28 09:41 - 2014-12-28 09:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VASCO

2014-12-28 09:39 - 2014-12-28 09:39 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin (1).exe

2014-12-28 09:38 - 2014-12-28 09:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Package Cache

2014-12-28 09:37 - 2014-12-28 09:38 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin.exe

2014-12-28 09:15 - 2014-12-28 09:16 - 04339712 _____ () C:\Users\Christian\Downloads\coccole-di-mamma1.pps

2014-12-26 16:04 - 2014-12-26 16:04 - 00020142 _____ () C:\Users\Christian\Documents\josette+jm.tif

2014-12-26 16:01 - 2014-12-26 16:01 - 00013773 _____ () C:\Users\Christian\Documents\irène+jm.tif

2014-12-26 15:59 - 2014-12-26 15:59 - 00007554 _____ () C:\Users\Christian\Documents\odile 1.tif

2014-12-26 15:55 - 2014-12-26 15:55 - 00015931 _____ () C:\Users\Christian\Documents\yvette et jozette.tif

2014-12-23 12:36 - 2014-12-23 12:36 - 00033280 _____ () C:\Users\Christian\Downloads\Rondou décompte individuel 2014.xls

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-21 18:15 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2015-01-21 17:51 - 2012-04-28 19:57 - 00000394 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job

2015-01-21 17:47 - 2009-07-17 22:29 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-21 17:47 - 2009-01-14 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\WTablet

2015-01-21 17:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-21 17:47 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 17:47 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 17:15 - 2006-11-02 14:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-20 21:04 - 2009-07-17 22:29 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-20 20:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization

2015-01-20 20:25 - 2009-05-15 20:34 - 00000000 ____D () C:\QUARANTINE

2015-01-20 19:42 - 2013-05-30 14:21 - 00000000 ____D () C:\Program Files\Search Results Toolbar

2015-01-18 22:53 - 2013-02-28 14:02 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-18 22:48 - 2013-07-28 17:32 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\SpeedAnalysis2

2015-01-18 22:36 - 2014-06-10 10:08 - 00000000 ____D () C:\ProgramData\BD4BB20635D3174C8E8D07497967FA8D

2015-01-18 21:16 - 2008-12-25 12:00 - 00000000 ____D () C:\Windows\Minidump

2015-01-05 17:14 - 2014-07-02 22:53 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-12-27 13:19 - 2009-05-06 17:48 - 00002687 _____ () C:\Users\Christian\Desktop\Microsoft Office Word 2007.lnk

2014-12-26 15:52 - 2013-01-31 11:56 - 00002581 _____ () C:\Users\Christian\Desktop\ABBYY FineReader 6.0 Sprint.lnk

 

==================== Files in the root of some directories =======

2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 _____ () C:\Users\Christian\AppData\Roaming\Mallets

2009-01-08 23:18 - 2009-05-06 17:18 - 0001380 _____ () C:\Users\Christian\AppData\Roaming\wklnhst.dat

2008-10-25 17:18 - 2008-10-25 17:18 - 0000552 _____ () C:\Users\Christian\AppData\Local\d3d8caps.dat

2012-03-15 10:42 - 2014-07-11 21:09 - 0000680 _____ () C:\Users\Christian\AppData\Local\d3d9caps.dat

2008-11-06 17:54 - 2014-12-06 11:42 - 0120832 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-06-05 14:00 - 2009-06-05 14:00 - 0000097 _____ () C:\Users\Christian\AppData\Local\fusioncache.dat

2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\Users\Christian\AppData\Local\olralxi5ci8w

2014-03-26 18:08 - 2014-03-26 18:08 - 95027928 ____T () C:\ProgramData\7t87rjao.bbr

2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\Mail

2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\MAS

2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\ProgramData\olralxi5ci8w

2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-21 18:13

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by Christian at 2015-01-21 18:20:52

Running from C:\Users\Christian\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Archiveur WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

Azurewave Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator 1.0 (HKLM\...\MP Navigator 1.0) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Ciel Account 2.0 (HKLM\...\{853B8932-67F6-4973-A938-F5FAB12758E4}) (Version: 230.00.243 - Ciel)

Ciel Easy Invoice 2.10 (HKLM\...\{46880D4F-A41E-46CB-8CB5-C3F79AF567EE}) (Version: 81.00.0000 - Ciel)

Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)

Courriers Types et Emails (HKLM\...\{C1CCEACB-C0F3-4D5C-AD2C-8EC2FFE7854E}) (Version: 1.10.0000 - Micro Application)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Design Manager (HKLM\...\Design Manager) (Version:  - )

eJay Virtual Music Manager (build 5644) (HKLM\...\{E320F1E2-4E3C-43B3-8F5E-5D08AA5C71F0}}_is1) (Version: 2007.0.0.5644 - Intermedia Software)

EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)

EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden

EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )

Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)

EPSON Logiciel imprimante (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )

EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )

Epson Stylus SX210_SX410_TX210_TX410 Manuel (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation) (Version:  - )

EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)

File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version:  - Bitberry Software) <==== ATTENTION

Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Guitare - Chansons et partitions (HKLM\...\Guitare - Chansons et partitions) (Version:  - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager V1.5.0 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0 - Wistron Corp.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-0080-040C-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (French) (HKLM\...\{95120000-00AF-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microtek FineReader OCR Engine (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version:  - )

Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISER_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)

Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)

Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISER_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)

Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISER_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)

Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)

Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISER_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)

Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)

Module de compatibilité pour Microsoft Office System 2007 (HKLM\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version:  - Microsoft Corporation)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

Noel (HKLM\...\{EAF4356D-974E-4F8E-9996-C286F0209A81}) (Version: 6.10.2000 - Micro Application)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OpenOffice.org 3.3 (HKLM\...\{7E0610A2-E336-40B3-B685-C4905E97EC9A}) (Version: 3.3.9567 - OpenOffice.org)

Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)

PhotoFiltre (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\PhotoFiltre) (Version:  - )

Piano Passion (HKLM\...\Piano Passion) (Version:  - )

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)

ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )

ScrapBook (HKLM\...\{D05EE9EF-42AD-4A5F-AD55-EA8611ABD1A0}) (Version: 6.10.2000 - Micro Application)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Silhouette Studio (HKLM\...\{E60901A3-490A-44E7-846A-925BCA2E38A7}) (Version: 1.9.0 - Aspex Research & Technology)

Sony Vegas 6.0 (HKLM\...\{46FA9E9F-1B0F-4C6C-8F6D-F2365EDEA2B2}) (Version: 6.0.84 - Sony)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.14.0 - Synaptics)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

VASCO Card Reader Plug-In (32-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden

VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION

Whale Communications' Client Components v3.7.1 (HKLM\...\Whale Communications' Client Components 3.1.0) (Version:  - )

Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live FolderShare (HKLM\...\{2075CB0A-D26F-4DAA-B424-5079296B43BA}) (Version: 14.0.8089.726 - Microsoft Corporation)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )

Wisdom-soft Set up ScreenHunter 5.1 Free (HKLM\...\Wisdom-soft Set up ScreenHunter 5.1 Free) (Version:  - Wisdom Software Inc.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dc67367a-8b15-47bc-b7f8-0ba0435a504a}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dcedfcbf-c7d1-4b81-a20f-7524d306135e}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)

 

==================== Restore Points  =========================

 

Could not list restore points.

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 11:23 - 2015-01-21 18:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {056F5D32-4E7B-45B2-9403-879880485F7B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Task: {05ADBD4F-E8A1-4169-AAD5-9F0CAA22B2B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {06523615-C02D-4EC9-87B8-964E38AD05C7} - System32\Tasks\QtraxPlayer => 1826085866.portal.qtrax.com

Task: {1952F341-C48A-4740-A03D-4856246DF720} - System32\Tasks\{C3403CF8-0D14-45B0-AC1E-56B3A4DCADA1} => pcalua.exe -a C:\Users\Christian\Desktop\setupscreenhunterfree.exe -d C:\Users\Christian\Desktop

Task: {1D2663E0-AEA3-4DEC-82C8-9E58F864EEDD} - System32\Tasks\Start Registry Reviver => C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe

Task: {3C3FA579-0D03-4C15-B983-6714E0FC953F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....AJKILIBNKJHIKJ"

Task: {4984E690-1AB5-4102-9D40-05316A6D8248} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Christian => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: {61BF426E-2364-4C31-8443-31D65D15F03D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)

Task: {6A7027B9-D5A5-42B4-BEA9-D9AADBE062DD} - System32\Tasks\{B1F8BE09-658F-4333-ADE3-5D68C95ED4B8} => Iexplore.exe http://ui.skype.com/...#38;page=tsBing

Task: {78291E39-0EF2-420D-87A5-CEB4097D30E0} - System32\Tasks\{9CC62E4F-D577-4CDB-BCF1-326BABCD9555} => pcalua.exe -a C:\Users\Christian\Desktop\10_04_frames.exe -d C:\Users\Christian\Desktop

Task: {835F81D8-4827-4855-BE7E-7814B8BB8ADB} - System32\Tasks\Microsoft\Windows\RestartManager\{2C546B00-7217-472d-9325-FE1B9748AC6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {85A80E30-262E-4438-8F54-AB51CB0F12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9ABA16E8-B2C9-49C3-83A8-B455EEA22C1F} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2124871150-1497044009-3645244258-1000\{08B0B2D5-3FB3-11D3-A4DE-00C04F610189}\Microsoft SQL Server 2000 - Planification de la synchronisation => C:\Windows\system32\mobsync.exe [2008-01-21] (Microsoft Corporation)

Task: {BC2151C7-4350-4C16-80A3-857E02819640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {CC574EC8-75C2-46E8-A01F-E6446784EAB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {D1923E7E-1655-452B-90B3-76E74CF97B36} - System32\Tasks\{BAA31C96-1B58-4D3A-ACC0-7A3F4A5676BB} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar

Task: {D7E4F295-306E-4441-AA00-E26827087C70} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-11] (Bitberry Software)

Task: {DEB5FCCE-5839-4D42-96FB-71BFA6A2D025} - System32\Tasks\Microsoft\Windows\RestartManager\{4903B92A-8FE6-4098-8128-5396DB285114} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {EC487DC8-1185-45FE-9DAB-CA943D2DF37C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {FBFDDB59-77FD-4603-A588-A3CB033A60E3} - System32\Tasks\{DF6CD692-8BC3-4654-B612-B4C6DD95148F} => pcalua.exe -a E:\install.exe -d E:\

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{6C7CAD5D-0F3D-4860-9722-FB54520B436D}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-06-05 14:10 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

2014-12-12 19:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 19:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrateur (S-1-5-21-2124871150-1497044009-3645244258-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2124871150-1497044009-3645244258-1002 - Limited - Enabled)

Christian (S-1-5-21-2124871150-1497044009-3645244258-1000 - Administrator - Enabled) => C:\Users\Christian

Invité (S-1-5-21-2124871150-1497044009-3645244258-501 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/21/2015 06:15:21 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/21/2015 05:58:55 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/21/2015 05:50:10 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005.

Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

 

 

Opération :

   Données du rédacteur en cours de collecte

 

Contexte :

   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}

   Nom du rédacteur: System Writer

   ID d’instance du rédacteur: {a4547436-f787-42d7-b8be-35ab5b7cffe1}

 

Error: (01/21/2015 05:47:43 PM) (Source: TabletServicePen) (EventID: 0) (User: )

Description: Could not init tablet driver

 

Error: (01/21/2015 05:27:03 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/21/2015 05:14:13 PM) (Source: TabletServicePen) (EventID: 0) (User: )

Description: Could not init tablet driver

 

Error: (01/20/2015 11:05:48 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/20/2015 09:23:33 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/20/2015 07:23:13 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

 

Error: (01/19/2015 10:45:50 PM) (Source: TabletServicePen) (EventID: 0) (User: )

Description: Could not init tablet driver

 

 

System errors:

=============

Error: (01/21/2015 05:59:00 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/21/2015 05:58:57 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (01/21/2015 05:58:55 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/21/2015 05:58:47 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (01/21/2015 05:58:19 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: L'arrêt système précédant à 17:51:22 le 21/01/2015 n'était pas prévu.

 

Error: (01/21/2015 05:48:48 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)

Description: spécifiques à l'applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}AUTORITE NTSYSTEMS-1-5-18LocalHost (utilisation de LRPC)

 

Error: (01/21/2015 05:27:08 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/21/2015 05:27:04 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (01/21/2015 05:27:03 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/21/2015 05:26:54 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Microsoft Office Sessions:

=========================

Error: (11/04/2012 00:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (04/19/2010 05:01:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (04/19/2010 03:36:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86403 seconds with 4380 seconds of active time.  This session ended with a crash.

 

Error: (04/15/2010 02:18:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3009 seconds with 2580 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-21 18:20:44.481

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:43.779

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:43.092

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:42.406

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:41.501

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:40.815

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:40.113

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:20:39.426

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:10:56.255

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

  Date: 2015-01-21 18:10:55.366

  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz

Percentage of memory in use: 27%

Total physical RAM: 3061.69 MB

Available physical RAM: 2225.82 MB

Total Pagefile: 6325.63 MB

Available Pagefile: 5776.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1925.45 MB

 

==================== Drives ================================

 

Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:124.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:13.75 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 33BAFD88)

Partition 1: (Active) - (Size=207.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=25.4 GB) - (Type=OF Extended)

 

==================== End Of Log ============================