Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Christian at 2015-01-20 21:28:58
Running from C:\Users\Christian\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiveur WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Azurewave Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 1.0 (HKLM\...\MP Navigator 1.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Ciel Account 2.0 (HKLM\...\{853B8932-67F6-4973-A938-F5FAB12758E4}) (Version: 230.00.243 - Ciel)
Ciel Easy Invoice 2.10 (HKLM\...\{46880D4F-A41E-46CB-8CB5-C3F79AF567EE}) (Version: 81.00.0000 - Ciel)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
Courriers Types et Emails (HKLM\...\{C1CCEACB-C0F3-4D5C-AD2C-8EC2FFE7854E}) (Version: 1.10.0000 - Micro Application)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Design Manager (HKLM\...\Design Manager) (Version: - )
eJay Virtual Music Manager (build 5644) (HKLM\...\{E320F1E2-4E3C-43B3-8F5E-5D08AA5C71F0}}_is1) (Version: 2007.0.0.5644 - Intermedia Software)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Logiciel imprimante (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Epson Stylus SX210_SX410_TX210_TX410 Manuel (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Final Media Player 2011 (HKLM\...\FinalMediaPlayer_is1) (Version: - Bitberry Software) <==== ATTENTION
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Guitare - Chansons et partitions (HKLM\...\Guitare - Chansons et partitions) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager V1.5.0 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0 - Wistron Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0080-040C-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (French) (HKLM\...\{95120000-00AF-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microtek FineReader OCR Engine (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version: - )
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISER_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISER_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISER_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISER_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Module de compatibilité pour Microsoft Office System 2007 (HKLM\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
Noel (HKLM\...\{EAF4356D-974E-4F8E-9996-C286F0209A81}) (Version: 6.10.2000 - Micro Application)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{7E0610A2-E336-40B3-B685-C4905E97EC9A}) (Version: 3.3.9567 - OpenOffice.org)
Pen Tablet (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
PhotoFiltre (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\PhotoFiltre) (Version: - )
Piano Passion (HKLM\...\Piano Passion) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
ScrapBook (HKLM\...\{D05EE9EF-42AD-4A5F-AD55-EA8611ABD1A0}) (Version: 6.10.2000 - Micro Application)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Silhouette Studio (HKLM\...\{E60901A3-490A-44E7-846A-925BCA2E38A7}) (Version: 1.9.0 - Aspex Research & Technology)
Sony Vegas 6.0 (HKLM\...\{46FA9E9F-1B0F-4C6C-8F6D-F2365EDEA2B2}) (Version: 6.0.84 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.14.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VASCO Card Reader Plug-In (32-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Download Converter version 1.0.0.0 (HKLM\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
Whale Communications' Client Components v3.7.1 (HKLM\...\Whale Communications' Client Components 3.1.0) (Version: - )
Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live FolderShare (HKLM\...\{2075CB0A-D26F-4DAA-B424-5079296B43BA}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Wisdom-soft Set up ScreenHunter 5.1 Free (HKLM\...\Wisdom-soft Set up ScreenHunter 5.1 Free) (Version: - Wisdom Software Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\InprocServer32 -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dc67367a-8b15-47bc-b7f8-0ba0435a504a}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000_Classes\CLSID\{dcedfcbf-c7d1-4b81-a20f-7524d306135e}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1036\MSNCON32.DLL (Microsoft Corporation)
==================== Restore Points =========================
Could not list restore points.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2015-01-20 20:55 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {056F5D32-4E7B-45B2-9403-879880485F7B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {05ADBD4F-E8A1-4169-AAD5-9F0CAA22B2B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {06523615-C02D-4EC9-87B8-964E38AD05C7} - System32\Tasks\QtraxPlayer => 1826085866.portal.qtrax.com
Task: {1952F341-C48A-4740-A03D-4856246DF720} - System32\Tasks\{C3403CF8-0D14-45B0-AC1E-56B3A4DCADA1} => pcalua.exe -a C:\Users\Christian\Desktop\setupscreenhunterfree.exe -d C:\Users\Christian\Desktop
Task: {1D2663E0-AEA3-4DEC-82C8-9E58F864EEDD} - System32\Tasks\Start Registry Reviver => C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {61BF426E-2364-4C31-8443-31D65D15F03D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {78291E39-0EF2-420D-87A5-CEB4097D30E0} - System32\Tasks\{9CC62E4F-D577-4CDB-BCF1-326BABCD9555} => pcalua.exe -a C:\Users\Christian\Desktop\10_04_frames.exe -d C:\Users\Christian\Desktop
Task: {835F81D8-4827-4855-BE7E-7814B8BB8ADB} - System32\Tasks\Microsoft\Windows\RestartManager\{2C546B00-7217-472d-9325-FE1B9748AC6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {85A80E30-262E-4438-8F54-AB51CB0F12AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9ABA16E8-B2C9-49C3-83A8-B455EEA22C1F} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2124871150-1497044009-3645244258-1000\{08B0B2D5-3FB3-11D3-A4DE-00C04F610189}\Microsoft SQL Server 2000 - Planification de la synchronisation => C:\Windows\system32\mobsync.exe [2008-01-21] (Microsoft Corporation)
Task: {BC2151C7-4350-4C16-80A3-857E02819640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CA37D547-D056-4444-864B-5583CE0E0A7B} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {CC574EC8-75C2-46E8-A01F-E6446784EAB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {D7E4F295-306E-4441-AA00-E26827087C70} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {DEB5FCCE-5839-4D42-96FB-71BFA6A2D025} - System32\Tasks\Microsoft\Windows\RestartManager\{4903B92A-8FE6-4098-8128-5396DB285114} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {EC487DC8-1185-45FE-9DAB-CA943D2DF37C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {F4C0E387-FC5E-44B9-AA19-02F45CC2E209} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Christian => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {FBFDDB59-77FD-4603-A588-A3CB033A60E3} - System32\Tasks\{DF6CD692-8BC3-4654-B612-B4C6DD95148F} => pcalua.exe -a E:\install.exe -d E:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{6C7CAD5D-0F3D-4860-9722-FB54520B436D}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-06-05 14:10 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-12 19:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrateur (S-1-5-21-2124871150-1497044009-3645244258-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2124871150-1497044009-3645244258-1002 - Limited - Enabled)
Christian (S-1-5-21-2124871150-1497044009-3645244258-1000 - Administrator - Enabled) => C:\Users\Christian
Invité (S-1-5-21-2124871150-1497044009-3645244258-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 09:23:33 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/20/2015 07:23:13 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/19/2015 10:45:50 PM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver
Error: (01/19/2015 10:29:33 PM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver
Error: (01/18/2015 09:11:42 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossible d'initialiser l'application.
Contexte : Application Windows
Détails :
Impossible de lire les métadonnées de l'index du contenu. (0xc0041801)
Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossible d'initialiser l'objet rassembleur.
Contexte : Application Windows, Catalogue SystemIndex
Détails :
Impossible de lire les métadonnées de l'index du contenu. (0xc0041801)
Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossible d'initialiser le plug-in dans <Search.TripoliIndexer>.
Contexte : Application Windows, Catalogue SystemIndex
Détails :
Élément introuvable. (0x80070490)
Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossible d'initialiser le plug-in dans <Search.JetPropStore>.
Contexte : Application Windows, Catalogue SystemIndex
Détails :
Impossible de lire les métadonnées de l'index du contenu. (0xc0041801)
Error: (01/18/2015 01:52:52 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Le service Windows Search ne peut pas charger les informations de la banque de propriétés.
Contexte : Application Windows, Catalogue SystemIndex
Détails :
0x%08x (0xc0041800 - Impossible de lire l'index du contenu. )
System errors:
=============
Error: (01/20/2015 09:23:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/20/2015 09:23:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (01/20/2015 09:23:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/20/2015 09:23:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (01/20/2015 09:22:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: L'arrêt système précédant à 21:15:54 le 20/01/2015 n'était pas prévu.
Error: (01/20/2015 08:57:49 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l'applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}AUTORITE NTSYSTEMS-1-5-18LocalHost (utilisation de LRPC)
Error: (01/20/2015 07:49:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (01/20/2015 07:23:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/20/2015 07:23:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (01/20/2015 07:23:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (11/04/2012 00:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2010 05:01:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1920 seconds with 60 seconds of active time. This session ended with a crash.
Error: (04/19/2010 03:36:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86403 seconds with 4380 seconds of active time. This session ended with a crash.
Error: (04/15/2010 02:18:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3009 seconds with 2580 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-20 21:28:43.121
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:42.408
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:41.687
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:40.918
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:39.918
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:39.136
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:38.434
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 21:28:37.643
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 19:30:18.953
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2015-01-20 19:30:18.127
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 23%
Total physical RAM: 3061.69 MB
Available physical RAM: 2330.25 MB
Total Pagefile: 6325.63 MB
Available Pagefile: 5786.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.69 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:124.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:13.75 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 33BAFD88)
Partition 1: (Active) - (Size=207.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Christian (administrator) on PC-DE-CHRISTIAN on 20-01-2015 21:27:49
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian (Available profiles: Christian)
Platform: Windows Vista Home Premium Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2007-02-22] (McAfee, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-12-19] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\MountPoints2: {e8a0a446-0ce4-11de-baf3-000ae4cee6c4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\MountPoints2: {f234795d-91e8-11e0-89cd-0015afbb31dd} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~2\EF42F0E2.cpp (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.com/
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2124871150-1497044009-3645244258-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-08]
FF Extension: SpecialSavings - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\
[email protected] [2013-03-25]
FF HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Firefox\Extensions: [
[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\
[email protected]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (My Scrap Nook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [423576 2009-02-24] (Whale Communications, a Microsoft subsidiary)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
S2 gupdate1ca0724da638462; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-12-19] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2007-02-22] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2007-02-22] (McAfee, Inc.)
S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [316224 2010-01-22] ()
S1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)
S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2007-02-22] (McAfee, Inc.)
S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)
R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 21:27 - 2015-01-20 21:28 - 00019701 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-01-20 21:26 - 2015-01-20 21:27 - 00000000 ____D () C:\FRST
2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (1).exe
2015-01-20 20:59 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2015-01-20 20:58 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-01-20 20:58 - 2015-01-20 20:58 - 00018112 _____ () C:\Users\Christian\Downloads\téléchargement.htm
2015-01-20 20:54 - 2015-01-20 20:54 - 00000000 ____D () C:\_OTL
2015-01-20 19:23 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BCB7B62.sys
2015-01-18 22:53 - 2015-01-20 21:00 - 00052405 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 22:50 - 2015-01-20 21:22 - 00045914 _____ () C:\Windows\PFRO.log
2015-01-18 22:46 - 2015-01-18 22:46 - 00063578 _____ () C:\Users\Christian\Desktop\Extras.Txt
2015-01-18 22:45 - 2015-01-20 19:41 - 00067698 _____ () C:\Users\Christian\Desktop\OTL.Txt
2015-01-18 22:15 - 2015-01-18 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe
2015-01-18 21:57 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 21:54 - 2015-01-18 21:54 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 21:48 - 2015-01-18 21:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\Program Files\Canon
2015-01-18 13:22 - 2015-01-18 13:22 - 00000000 __SHD () C:\found.001
2015-01-18 13:05 - 2015-01-18 13:08 - 00000459 _____ () C:\ProgramData\RUNDLL32.EXE-4168-F.txt
2015-01-18 12:13 - 2015-01-18 12:16 - 00000463 _____ () C:\ProgramData\RUNDLL32.EXE-5568-F.txt
2015-01-18 11:54 - 2015-01-18 11:58 - 00000569 _____ () C:\ProgramData\RUNDLL32.EXE-6108-F.txt
2015-01-14 16:39 - 2015-01-14 16:40 - 00000342 _____ () C:\ProgramData\RUNDLL32.EXE-5680-F.txt
2015-01-14 16:29 - 2015-01-14 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-14 16:27 - 2015-01-14 16:31 - 00000574 _____ () C:\ProgramData\RUNDLL32.EXE-4116-F.txt
2015-01-12 17:21 - 2015-01-12 17:24 - 00000504 _____ () C:\ProgramData\RUNDLL32.EXE-3260-F.txt
2015-01-12 17:09 - 2015-01-12 17:11 - 00000447 _____ () C:\ProgramData\RUNDLL32.EXE-4964-F.txt
2015-01-05 18:40 - 2015-01-05 18:41 - 00000229 _____ () C:\ProgramData\RUNDLL32.EXE-5076-F.txt
2015-01-05 17:26 - 2015-01-05 17:28 - 00000273 _____ () C:\ProgramData\RUNDLL32.EXE-5832-F.txt
2015-01-05 17:14 - 2015-01-05 17:16 - 00000383 _____ () C:\ProgramData\RUNDLL32.EXE-4852-F.txt
2015-01-05 16:58 - 2015-01-05 17:00 - 00000383 _____ () C:\ProgramData\RUNDLL32.EXE-5992-F.txt
2015-01-01 10:44 - 2015-01-01 10:45 - 00000280 _____ () C:\ProgramData\RUNDLL32.EXE-5652-F.txt
2014-12-31 18:55 - 2014-12-31 18:57 - 00000335 _____ () C:\ProgramData\RUNDLL32.EXE-4528-F.txt
2014-12-30 22:51 - 2014-12-30 22:52 - 00000281 _____ () C:\ProgramData\RUNDLL32.EXE-5340-F.txt
2014-12-30 22:25 - 2014-12-30 22:27 - 00000337 _____ () C:\ProgramData\RUNDLL32.EXE-4904-F.txt
2014-12-30 16:38 - 2014-12-30 16:41 - 00000513 _____ () C:\ProgramData\RUNDLL32.EXE-5156-F.txt
2014-12-28 09:41 - 2014-12-28 09:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VASCO
2014-12-28 09:39 - 2014-12-28 09:39 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin (1).exe
2014-12-28 09:38 - 2014-12-28 09:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Package Cache
2014-12-28 09:37 - 2014-12-28 09:38 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin.exe
2014-12-28 09:15 - 2014-12-28 09:16 - 04339712 _____ () C:\Users\Christian\Downloads\coccole-di-mamma1.pps
2014-12-27 13:13 - 2014-12-28 19:54 - 00035146 _____ () C:\ProgramData\RUNDLL32.EXE-5948-F.txt
2014-12-26 16:04 - 2014-12-26 16:04 - 00020142 _____ () C:\Users\Christian\Documents\josette+jm.tif
2014-12-26 16:01 - 2014-12-26 16:01 - 00013773 _____ () C:\Users\Christian\Documents\irène+jm.tif
2014-12-26 15:59 - 2014-12-26 15:59 - 00007554 _____ () C:\Users\Christian\Documents\odile 1.tif
2014-12-26 15:55 - 2014-12-26 15:55 - 00015931 _____ () C:\Users\Christian\Documents\yvette et jozette.tif
2014-12-26 07:59 - 2014-12-27 01:58 - 00056901 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-12-23 12:36 - 2014-12-23 12:36 - 00033280 _____ () C:\Users\Christian\Downloads\Rondou décompte individuel 2014.xls
2014-12-21 10:37 - 2014-12-21 10:37 - 00001216 _____ () C:\Users\Christian\Downloads\Creativeworld.ics
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-20 21:04 - 2009-07-17 22:29 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 20:57 - 2012-04-28 19:57 - 00000394 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job
2015-01-20 20:56 - 2009-07-17 22:29 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 20:56 - 2009-01-14 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\WTablet
2015-01-20 20:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 20:56 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 20:56 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 20:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization
2015-01-20 20:25 - 2009-05-15 20:34 - 00000000 ____D () C:\QUARANTINE
2015-01-20 19:42 - 2013-05-30 14:21 - 00000000 ____D () C:\Program Files\Search Results Toolbar
2015-01-18 22:53 - 2013-02-28 14:02 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 22:48 - 2013-07-28 17:32 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\SpeedAnalysis2
2015-01-18 22:36 - 2014-06-10 10:08 - 00000000 ____D () C:\ProgramData\BD4BB20635D3174C8E8D07497967FA8D
2015-01-18 21:16 - 2008-12-25 12:00 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 20:23 - 2006-11-02 14:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 17:14 - 2014-07-02 22:53 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-12-27 13:19 - 2009-05-06 17:48 - 00002687 _____ () C:\Users\Christian\Desktop\Microsoft Office Word 2007.lnk
2014-12-26 15:52 - 2013-01-31 11:56 - 00002581 _____ () C:\Users\Christian\Desktop\ABBYY FineReader 6.0 Sprint.lnk
2014-12-24 18:20 - 2014-12-20 19:05 - 00194022 _____ () C:\ProgramData\RUNDLL32.EXE-5172-F.txt
==================== Files in the root of some directories =======
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 _____ () C:\Users\Christian\AppData\Roaming\Mallets
2009-01-08 23:18 - 2009-05-06 17:18 - 0001380 _____ () C:\Users\Christian\AppData\Roaming\wklnhst.dat
2008-10-25 17:18 - 2008-10-25 17:18 - 0000552 _____ () C:\Users\Christian\AppData\Local\d3d8caps.dat
2012-03-15 10:42 - 2014-07-11 21:09 - 0000680 _____ () C:\Users\Christian\AppData\Local\d3d9caps.dat
2008-11-06 17:54 - 2014-12-06 11:42 - 0120832 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-05 14:00 - 2009-06-05 14:00 - 0000097 _____ () C:\Users\Christian\AppData\Local\fusioncache.dat
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\Users\Christian\AppData\Local\olralxi5ci8w
2014-03-26 18:08 - 2014-03-26 18:08 - 95027928 ____T () C:\ProgramData\7t87rjao.bbr
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\Mail
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\MAS
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\ProgramData\olralxi5ci8w
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-10-31 01:44 - 2014-10-31 02:37 - 0008254 _____ () C:\ProgramData\RUNDLL32.EXE-11120-F.txt
2014-12-18 14:36 - 2014-12-19 17:50 - 0263675 _____ () C:\ProgramData\RUNDLL32.EXE-11944-F.txt
2014-12-02 10:51 - 2014-12-02 21:30 - 0035129 _____ () C:\ProgramData\RUNDLL32.EXE-1344-F.txt
2014-12-04 17:22 - 2014-12-04 18:40 - 0011339 _____ () C:\ProgramData\RUNDLL32.EXE-1388-F.txt
2014-11-09 08:09 - 2014-11-10 01:53 - 0051426 _____ () C:\ProgramData\RUNDLL32.EXE-2100-F.txt
2014-11-01 17:32 - 2014-11-11 20:43 - 0051542 _____ () C:\ProgramData\RUNDLL32.EXE-2184-F.txt
2014-10-30 10:08 - 2014-10-31 01:42 - 0029639 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-10-30 01:11 - 2014-10-30 01:45 - 0005344 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-12-26 07:59 - 2014-12-27 01:58 - 0056901 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-11-27 12:47 - 2014-11-30 10:30 - 0025965 _____ () C:\ProgramData\RUNDLL32.EXE-3184-F.txt
2015-01-12 17:21 - 2015-01-12 17:24 - 0000504 _____ () C:\ProgramData\RUNDLL32.EXE-3260-F.txt
2014-12-12 13:09 - 2014-12-14 03:03 - 0051472 _____ () C:\ProgramData\RUNDLL32.EXE-3704-F.txt
2014-10-31 17:30 - 2014-10-31 23:03 - 0052444 _____ () C:\ProgramData\RUNDLL32.EXE-3724-F.txt
2014-11-25 11:35 - 2014-11-27 02:15 - 0052060 _____ () C:\ProgramData\RUNDLL32.EXE-3800-F.txt
2014-12-19 17:50 - 2014-12-19 22:49 - 0027078 _____ () C:\ProgramData\RUNDLL32.EXE-3884-F.txt
2015-01-14 16:27 - 2015-01-14 16:31 - 0000574 _____ () C:\ProgramData\RUNDLL32.EXE-4116-F.txt
2014-12-15 10:08 - 2014-12-18 14:34 - 0116446 _____ () C:\ProgramData\RUNDLL32.EXE-4132-F.txt
2015-01-18 13:05 - 2015-01-18 13:08 - 0000459 _____ () C:\ProgramData\RUNDLL32.EXE-4168-F.txt
2014-07-04 13:51 - 2014-07-04 13:51 - 0000215 _____ () C:\ProgramData\RUNDLL32.EXE-4344-F.txt
2014-06-18 08:19 - 2014-06-18 08:19 - 0000103 _____ () C:\ProgramData\RUNDLL32.EXE-4456-F.txt
2014-12-31 18:55 - 2014-12-31 18:57 - 0000335 _____ () C:\ProgramData\RUNDLL32.EXE-4528-F.txt
2014-11-24 17:20 - 2014-11-25 03:35 - 0052557 _____ () C:\ProgramData\RUNDLL32.EXE-4544-F.txt
2014-11-20 23:22 - 2014-11-24 17:09 - 0057289 _____ () C:\ProgramData\RUNDLL32.EXE-4760-F.txt
2015-01-05 17:14 - 2015-01-05 17:16 - 0000383 _____ () C:\ProgramData\RUNDLL32.EXE-4852-F.txt
2014-12-14 17:49 - 2014-12-15 01:26 - 0063254 _____ () C:\ProgramData\RUNDLL32.EXE-4896-F.txt
2014-12-30 22:25 - 2014-12-30 22:27 - 0000337 _____ () C:\ProgramData\RUNDLL32.EXE-4904-F.txt
2015-01-12 17:09 - 2015-01-12 17:11 - 0000447 _____ () C:\ProgramData\RUNDLL32.EXE-4964-F.txt
2015-01-05 18:40 - 2015-01-05 18:41 - 0000229 _____ () C:\ProgramData\RUNDLL32.EXE-5076-F.txt
2014-12-30 16:38 - 2014-12-30 16:41 - 0000513 _____ () C:\ProgramData\RUNDLL32.EXE-5156-F.txt
2014-12-20 19:05 - 2014-12-24 18:20 - 0194022 _____ () C:\ProgramData\RUNDLL32.EXE-5172-F.txt
2014-11-12 11:18 - 2014-11-13 03:31 - 0007906 _____ () C:\ProgramData\RUNDLL32.EXE-5200-F.txt
2014-12-30 22:51 - 2014-12-30 22:52 - 0000281 _____ () C:\ProgramData\RUNDLL32.EXE-5340-F.txt
2015-01-18 12:13 - 2015-01-18 12:16 - 0000463 _____ () C:\ProgramData\RUNDLL32.EXE-5568-F.txt
2015-01-01 10:44 - 2015-01-01 10:45 - 0000280 _____ () C:\ProgramData\RUNDLL32.EXE-5652-F.txt
2015-01-14 16:39 - 2015-01-14 16:40 - 0000342 _____ () C:\ProgramData\RUNDLL32.EXE-5680-F.txt
2015-01-05 17:26 - 2015-01-05 17:28 - 0000273 _____ () C:\ProgramData\RUNDLL32.EXE-5832-F.txt
2014-11-17 10:06 - 2014-11-20 03:16 - 0109684 _____ () C:\ProgramData\RUNDLL32.EXE-5856-F.txt
2014-12-27 13:13 - 2014-12-28 19:54 - 0035146 _____ () C:\ProgramData\RUNDLL32.EXE-5948-F.txt
2015-01-05 16:58 - 2015-01-05 17:00 - 0000383 _____ () C:\ProgramData\RUNDLL32.EXE-5992-F.txt
2014-12-05 12:01 - 2014-12-08 10:25 - 0022258 _____ () C:\ProgramData\RUNDLL32.EXE-6000-F.txt
2014-12-09 15:49 - 2014-12-11 12:35 - 0061256 _____ () C:\ProgramData\RUNDLL32.EXE-6068-F.txt
2014-11-13 09:55 - 2014-11-14 22:27 - 0027304 _____ () C:\ProgramData\RUNDLL32.EXE-6088-F.txt
2015-01-18 11:54 - 2015-01-18 11:58 - 0000569 _____ () C:\ProgramData\RUNDLL32.EXE-6108-F.txt
2014-06-10 10:08 - 2014-06-10 10:08 - 0000114 _____ () C:\ProgramData\RUNDLL32.EXE-7432-F.txt
2014-11-30 10:35 - 2014-12-01 20:06 - 0084162 _____ () C:\ProgramData\RUNDLL32.EXE-820-F.txt
2014-11-03 10:54 - 2014-11-06 19:29 - 0057467 _____ () C:\ProgramData\RUNDLL32.EXE-876-F.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-20 19:21
==================== End Of Log ============================